Once again, we bring you a roundup of unusual and highly instructive information security incidents. In our July edition: a law enforcer goes rogue with crypto theft, an IT staffer turns traitor, and a vengeful sysadmin brings down his employer's network.
What happened: Hackers stole $140 million from Brazilian banks by bribing a fintech provider’s employee.
How it happened: C&M Software connects small financial institutions – many lacking robust IT infrastructure – to Brazil’s core payment systems. In March 2025, attackers approached an IT staffer at C&M with an offer: sell corporate credentials for $4,500. The employee accepted.
On June 30, the attackers gained full access to C&M’s infrastructure and associated payment systems. Within days, they siphoned $140 million from accounts across six organizations relying on C&M’s services. Authorities detected the breach by July 2–3 and arrested the compromised employee. By then, $40 million had already been laundered. Another $49 million was frozen by Brazilian authorities, with efforts underway to track the rest.
C&M confirmed the breach stemmed not from a technical vulnerability, but from human error and social engineering. A sobering reminder: even the most secure systems are only as strong as their weakest user.
What happened: A suspended sysadmin wreaked havoc on his employer’s IT systems.
How it happened: In 2022, Mohammed Umar Taj, a sysadmin at a UK company, was suspended for unspecified misconduct but bizarrely retained full privileged access. Within hours, he began retaliating: changing login credentials, disabling MFA, and sabotaging systems.
The fallout: operations halted for both the company and its international clients, resulting in over $200,000 in damages. His identity was easily confirmed – he had logged every action and even discussed the attack over the phone.
In 2025, Taj pleaded guilty in court and received a seven-month prison sentence. Lesson learned: always revoke access immediately after employee suspension.
What happened: An agent from the UK’s National Crime Agency (NCA) stole confiscated Bitcoin.
How it happened: In 2013, NCA officer Paul Cholez joined a joint NCA–FBI operation targeting dark web drug dealer Thomas White. The mission succeeded – White was arrested and sentenced in 2019. Authorities seized 97 Bitcoins, but 50 mysteriously vanished before sentencing.
Suspicion fell on NCA insiders. A 2025 investigation revealed Cholez had stolen the Bitcoins in 2017, using them for routine shopping over five years. Police later found extensive crypto transaction records, usernames, and passwords in his office.
He pled guilty and was sentenced to 5.5 years – three months longer than the original convict. At the time of the theft, the Bitcoins were worth £60,000. By the trial, they had appreciated to £4.4 million. Insider threat? Confirmed.
What happened: A manager stole trade secrets to launch a competing business – and got away with it.
How it happened: The employee joined an industrial equipment trading company, all while operating his own logistics business on the side. As a manager, he gained access to supplier contacts, tender details, schematics, and other proprietary data – much of it exchanged via WeChat.
He then pivoted his own company into direct competition, luring clients and suppliers from his employer using insider knowledge. The company filed complaints with the Federal Antimonopoly Service, citing unfair competition and trade secret theft.
But the court sided with the employee. Why? The company failed to clearly define or protect its trade secrets. Without documented controls or access policies, the case was dismissed.
What happened: A former employee of a ransomware negotiation firm is accused of taking kickbacks from cybercriminals.
How it happened: Bloomberg reports that the U.S. Department of Justice is investigating an ex-employee of DigitalMint, a cybersecurity firm specializing in ransomware negotiation and attack forensics.
The individual allegedly brokered deals with attackers to skim a portion of ransom payments from victim companies. DigitalMint confirmed the employee’s involvement and promptly terminated him.
The scandal has damaged the firm’s reputation, with some clients pausing engagements. It’s a stark reminder: not even the negotiators are immune to insider threats.
What happened: A vulnerability in McDonald's hiring chatbot exposed millions of applicant records.
How it happened: Cybersecurity researchers Ian Carroll and Sam Curry uncovered a glaring security flaw in Olivia, a chatbot by Paradox.ai used by McDonald's to handle job applications in the U.S.
Applicants submit resumes and personal info to Olivia. The researchers found they could access all applicant chat logs due to weak protections – including the use of “123456” as an admin password. In just 30 minutes, they accessed 64 million records containing names, emails, and phone numbers.
McDonald's expressed disappointment and demanded improvements from Paradox.ai. The vendor acknowledged the issue, removed weak credentials, and secured the API. They insisted only five exposed records contained personal data – and claimed the “123456” password wasn’t accessible to outsiders (other than, of course, Carroll and Curry).
What happened: An Indian IT specialist got hired by 80 companies – just to collect paychecks without working.
How it happened: Over four years, Soham Parekh repeatedly landed jobs at startups and tech firms – then did nothing. After being fired for underperformance, he simply moved on to the next.
His scheme unraveled when Playground AI’s founder publicly warned others not to hire him. They discovered he was simultaneously employed by several firms, using a résumé padded with names like Dynamo AI, Union AI, Synthesia, and Alan AI.
The post sparked widespread revelations from other companies that had unknowingly hired Parekh. Some admitted he made a great first impression – but was let go within a week. Others claimed he'd been doing this for years.
Interestingly, some former colleagues defended his technical prowess. Parekh has made no public comment, though he did reach out privately to Playground AI’s founder to express regret and ask for advice. We’d love to hear what that advice was…
Behind every vulnerability lies a human decision – or mistake. Don’t wait for your employees to leak sensitive data to hackers or competitors. Be proactive. Get real-time visibility into risky behavior with a modern DLP (Data Loss Prevention) system.
First 30 days of protection are completely free.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!