Here's our roundup of the most notable cybersecurity incidents from the past month. April’s lineup includes stolen private photos from a major social network, a breach exposing travelers’ booking data, and an AI agent that uncovered the inner workings of a global consulting giant. Full details below.

Just Taking a Quick Look

What happened: A former Meta employee in London downloaded more than 30,000 images from users’ private Facebook accounts.

How it happened: More than a year ago, Meta discovered that one of its engineers had abused internal access to retrieve private Facebook user photos. The employee reportedly developed a tool that bypassed the company’s security controls and enabled unauthorized access to users’ images.

Affected Facebook users were notified about the incident, the suspect was immediately terminated, and Meta upgraded its security systems. The company also voluntarily shared all incident details with London’s cybercrime unit. A criminal investigation is now underway.

Room Service

What happened: Hackers breached Booking.com – one of the world’s largest accommodation booking platforms – and gained access to reservation data stored in user accounts.

How it happened: The company confirmed that unknown attackers infiltrated its internal systems and accessed sensitive traveler information.

The investigation revealed that the attackers may have been able to view reservation details, usernames and real names, email and physical addresses, phone numbers linked to accommodation bookings, and other related information.

Booking.com responded by resetting PIN codes associated with affected bookings and notifying impacted users.

The company declined to disclose how many people were affected, but stated that the attackers did not gain access to users’ financial information.

Definitely Not Doctor-Approved

What happened: A Hong Kong hospital suffered a data breach affecting more than 65,000 patients.

How it happened: In early April, monitoring systems operated by Hong Kong’s Hospital Authority detected unauthorized access and the exfiltration of medical records belonging to residents of Kowloon East, one of the city’s largest districts.

An investigation conducted by Hong Kong police’s Cyber Security and Technology Crime Bureau found that the incident was orchestrated by a maintenance specialist working for one of the Authority’s contractors. The contractor maintained systems responsible for operating room equipment, and its infrastructure stored data related to surgical procedures – including patient names, ID numbers, hospital card numbers, and details of performed surgeries. Those records were ultimately compromised.

Police seized more than 60 digital devices from the contractor, including servers and mobile phones. Investigators determined that the leak originated from storage systems managed by two remote branch offices. The contractor employee used legitimate access privileges to enter the system, download sensitive patient data, and leak it to third-party resources.

The suspect was arrested, and the contractor’s access to Hong Kong Hospital Authority systems was suspended pending the outcome of the investigation. Hong Kong’s Office of the Privacy Commissioner for Personal Data notified affected patients and launched a dedicated hotline to handle inquiries related to the breach.

The Agent Within

What happened: An AI agent uncovered virtually all of McKinsey’s secrets in just a few hours.

How it happened: A team of white-hat researchers from CodeWallAI compromised Lilli, the internal AI platform used by consulting giant McKinsey & Company. Using an offensive AI agent, they carried out deep penetration testing and bypassed the platform’s built-in security filters.

The AI agent first discovered publicly accessible documentation describing more than 200 API endpoints connected to the platform. Twenty-two of those endpoints required no authorization whatsoever – there was no user identity verification and, in some cases, not even password protection.

The agent then accessed the database behind one of these unsecured endpoints and found that it stored user prompts submitted to the Lilli platform. Although the values inside the database fields were protected, field names were inserted into SQL queries directly through JSON objects “as-is,” creating a classic SQL injection vulnerability that automated scanners had failed to detect. Because of the flaw, field names were exposed through error messages. In just fifteen attempts, the research AI agent reconstructed the query structure and gained access to live production data. In other words, the model identified a weakness that conventional validation tools would likely have missed entirely.

The agent pushed even deeper into the infrastructure. Using prompt injection techniques and manipulations targeting the platform’s RAG mechanisms, the AI assistant bypassed embedded system restrictions. Researchers discovered that the model had access to data with excessive privileges. On top of that, vulnerabilities in platform plugins allowed them to conduct SSRF attacks, granting direct access to cloud infrastructure metadata and access keys.

Within two hours of deployment, the white-hat team achieved full read/write access to McKinsey’s entire production database – without passwords and without human involvement. During the exercise, they collected 46.5 million chat messages, 728,000 files (including 192,000 PDFs, 93,000 Excel spreadsheets, 93,000 PowerPoint presentations, and 58,000 Word documents), 57,000 user accounts, 384,000 AI assistants, and 94,000 workspaces.

Because the attack was conducted in a controlled environment, McKinsey suffered no actual financial damage and the data never leaked to the dark web. Still, the researchers demonstrated the potential for catastrophic “controlled damage,” including the ability to extract strategic documents, insider analytics, and highly confidential client information from McKinsey offices around the world.

The attack did not disrupt any production services. The findings were shared with McKinsey’s security team, and the identified issues were subsequently remediated.

Disclaimer: This research exercise (a controlled attack simulation) was conducted in accordance with responsible disclosure principles and standard industry security research methodologies. All testing activities were strictly limited to verification purposes.

Just Standing Nearby

What happened: A bank employee in Delhi assisted cybercriminals by opening fraudulent accounts used to steal money from victims.

How it happened: The incident dates back to October 2023, when the cybercrime unit in Dwarka received a complaint regarding the unauthorized withdrawal of 88,000 rupees from an SBI bank account. Investigators traced the transfer to private lender RBL Bank, where the suspect worked as a relationship manager.

In exchange for payment, the employee allegedly opened accounts using forged documents. Those accounts were later used by cybercriminals to funnel stolen funds. Authorities have since located and arrested the bank employee.

Four other suspects had already been detained in connection with the case. The fraudsters reportedly lured victims through fake job offers on social media, initially paying them small amounts before manipulating them into sending increasingly large sums back. The criminals then withdrew the money through mule accounts, which is why they recruited insiders within banks. Some victims reportedly lost millions of rupees through the scheme.

The investigation is ongoing. India’s Central Bureau is currently assessing the scale of the operation and identifying the individuals behind it. Authorities suspect this may not be an isolated case – investigators are still determining how many banking employees were involved and the total volume of fraudulent transactions. In a previous edition of the (In)Secure Digest, we covered a similar case in India involving two suspects who bribed bank workers to create fake accounts and process sham transactions. The two cases may ultimately prove to be connected.

The Great Heist

What happened: British oil and gas company Zephyr Energy plc lost approximately £700,000 (around $938,000) as the result of a cyberattack.

How it happened: The incident occurred at one of the company’s U.S. subsidiaries. During a payment transfer to a contractor, cybercriminals managed to intercept the transaction chain, alter the payment route, and redirect the funds to an account under their control. Zephyr Energy declined to disclose the exact attack vector, describing the operation only as “highly sophisticated.” Most likely, this was a BEC attack: media reports suggest the attackers breached the recipient’s email account and changed the payment details at the last possible moment so the victims themselves would unknowingly transfer the funds to a fraudulent account.

Zephyr Energy’s security team did not detect the issue immediately. After discovering the fraud, the company contacted law enforcement authorities. Since then, the threat has been contained, and the company reported implementing additional security measures while working with banks and external consultants to recover the stolen funds. Zephyr Energy also emphasized that the incident did not affect core systems or disrupt operational activities.