This Halloween, truth outshines fiction in cybersecurity. An employee leaks source code, a company loses millions over a typo, and Brazilian scammers profit from AI-generated prayers — real insider stories scarier than any ghost tale.

From the Clouds to Smoke

What happened: A fire in a South Korean government data center paralyzed hundreds of national services.

How it happened: On September 26, 2025, flames erupted inside a state-run data center in South Korea, destroying or damaging servers behind 96 critical information systems.

As a result, almost 650 government services — from the country’s public portal to the postal service — were forced offline. The worst blow fell on G-Drive, a special cloud storage system used by about 125,000 civil servants, who collectively stored 858 terabytes of data. Unlike other affected systems, G-Drive backups were kept in the same building that burned down.

In short — both the main data and the backups went up in smoke.

The blaze began when lithium-ion batteries from an uninterruptible power supply caught fire during relocation to the basement. Police have detained four individuals suspected of negligence.

As of October 10, 2025, the country is still recovering: IT teams have managed to restore only 30% of the damaged systems, while officials are desperately hunting for lost documents on flash drives and in old email chains.

Unbreakable Security (Almost)

What happened: A Romanian inmate hacked his prison’s internal information system — while serving time.

How it happened: In July 2025, an unnamed hacker imprisoned in Romania was taken to the prison hospital, where he happened to spot the login and password of an administrator.

Back in the cell block, he used public access kiosks connected to the internal network and logged into the system that managed inmate records. Then he shared the credentials with other prisoners. Together, they began editing sentences, moving money into their accounts, softening their detention conditions, and even adding more visiting hours.

The scheme collapsed on September 18, when a finance officer noticed that certain inmates’ account balances weren’t decreasing after purchases — an impossible glitch in the prison economy.

An internal investigation revealed the scope: the group had accessed security footage, internal files, and confidential records, and were even planning to clone the entire system to sell it on the dark web.

Bet on Zero

What happened: A 17-year-old hacked multiple Las Vegas casinos — and then turned himself in.

How it happened: Between August and October 2023, several casinos in Las Vegas fell victim to a sophisticated social-engineering attack.

The young hacker posed as a casino employee he found on LinkedIn, convincing IT staff to reset the worker’s password. With access to internal systems, he disabled hotel key cards and slot machines, blocked reservation systems, and locked staff out of their emails. The chaos cost one major player — allegedly MGM Resorts — more than $100 million in damages.

The Scattered Spider group claimed responsibility, and an FBI cyber unit traced the culprit: a 17-year-old mastermind who later surrendered voluntarily on September 17. Prosecutors, however, are pushing to try him as an adult.

A Deadly Mistake

What happened: A simple accounting error cost an oil company $1 161 937 instead of $11.

How it happened: Back in 2020, the oil producer Vankorneft was supposed to pay an environmental fine of just over $11.

But a distracted accountant entered the wrong number — and over several quarters, the company transferred more than $1 mln to the state budget. The error wasn’t discovered until 2022. When the company asked for a refund, regulators refused, citing the statute of limitations and missing reconciliation paperwork.

After years of legal battles, the Arbitration Court finally ruled in October 2025: the refund was impossible. The company should have noticed the overpayment two years earlier, when submitting its annual declaration.

This story echoes what often happens in cybersecurity: missed deadlines, lost evidence, and untraceable accountability. If you don’t detect an incident on time, you can’t prove who’s responsible — or recover what’s lost.

Don’t let the same in-house mistakes happen again — learn how our next-gen DLP keeps your data safe.

Nothing Sacred

What happened: A Brazilian fraud ring used AI to write and sell “miracle prayers.”

How it happened: In October 2025, Brazilian police arrested a group that had been running an AI-powered spiritual scam.

The group’s self-styled “pastor” posted uplifting messages online, promising followers a personal “divine revelation.”Those who responded were contacted by call-center operators who gently extracted personal data — names, family stories, illnesses, fears. Then, using that data, AI generated a custom “miracle prayer,” which the scammers sold for $10 each.

Some believers were so moved that they kept ordering more prayers. Others, convinced they were experiencing divine help, sent much larger sums. Authorities estimate that thousands of people fell for the scheme.