This month’s roundup of recent data-related incidents covers missing data belonging to millions of customers, Apple and Tesla secrets exposed on the darknet, and a former IT specialist who spent 21 months sabotaging his ex-employer.


What happened: Employees of Kyushu Electric Power, Japan’s largest power company, lost a hard drive containing confidential data on more than 10 million customers.
How it happened: Kyushu Electric Power’s IT specialists regularly back up data as part of server storage management. In April, however, limited storage capacity led employees to use an external storage device for one such backup. The device was then placed in a server cabinet. On May 26, the company found the cabinet open – and the device gone.
Kyushu Electric Power stated that the incident affected up to 10.9 million accounts. The missing drive contained customer names, addresses, electricity consumption data, phone numbers, names of retail electricity providers, and other confidential information. The company clarified that the drive did not contain bank account details or credit card information and promised to notify affected customers in the near future.
After the device went missing, the company interviewed all employees who had access to the server room and conducted an internal investigation, but the device was never found.
On June 4, Kyushu Electric Power contacted the police. By July 8, the energy company is required to submit details of the incident to Japan’s Ministry of Economy, Trade and Industry.

What happened: A dismissed IT specialist from a school district attacked his former employer’s IT systems for a year and a half.
How it happened: In April 2023, Ezekiel Potter was dismissed from his position as a senior IT specialist at a school district in Iowa. Before leaving, the disgruntled employee retained access rights and credentials for more than 300 users. He then spent the next 21 months attacking the school district’s IT systems.
In June 2023, Potter deleted the school district’s page on a well-known social network. Employees had to create a new account because the former IT specialist made sure the old page could not be restored.
Potter did not stop there and continued sabotaging the school district’s systems. He compromised Apple School Manager, deleting user passwords, phone numbers, payment data, and basic information required to manage the mobile device server. As a result, school employees lost access to Apple School Manager and could not use corporate MacBooks and iPads for work. IT specialists spent a week working with Apple to restore access to the school system.
Potter attacked his former employer’s systems again between July and August 2023. He interfered with the district’s GoDaddy account and attempted to reset usernames and passwords. The subsequent investigation showed that he logged into the service account around 26 times. On several occasions, he even used a corporate laptop issued by his new employer, Casey’s, a chain of convenience stores and pizzerias.
In October 2024, the vengeful IT specialist managed to gain access to the school district’s Google and Gmail accounts. However, Potter only used this access in January 2025. Using the Google account, the former employee accessed the Schoology learning management system and deleted the account of a current IT department employee. As a result, teachers lost access to the platform and were unable to conduct classes for several hours.
A week later, the former employee gained access to another account and deleted nine accounts belonging to district employees, including the IT director.
During the investigation, cyber experts traced the offender’s IP address to his new employer, The Printer Inc., where Potter had started working after leaving Casey’s. Potter had even asked one of his colleagues at The Printer Inc. to delete the data from a flash drive lying on his desk if he was fired. However, the colleague reported the flash drive to management, which revealed the full extent of Potter’s attacks against the school district.
According to the school district, the former IT specialist’s attacks resulted in lost staff working time, disruptions to learning, constant interaction with third-party contractors, and the need to involve cyber experts to investigate the incidents and restore access to IT systems. The total damage caused by Potter’s attacks amounted to around $101,000.
In court, Potter admitted that he regretted disrupting the educational process. The former IT specialist must now pay around $59,000 to the school district and the insurance company and serve 21 months in prison.

What happened: Hackers gained access to Apple and Tesla secrets after breaching manufacturing partner Tata Electronics.
How it happened: Indian company Tata Electronics fell victim to a cyberattack by the World Leaks hacker group. Tata Electronics specialists immediately launched internal cyber incident response procedures and reported that its facilities were operating as usual. However, after the incident, the hackers published more than 200,000 files on the darknet, totaling over 630 GB. The files allegedly contained design descriptions and technical specifications for Apple and Tesla components.
Cyber expert Rajshekhar Rajaharia examined the dump and reported that the data included emails, event logs, and copies of employee passports. Cyber experts also found Apple manufacturing documents among the stolen data, including materials marked as confidential by Apple and a multi-page document containing quality control standards for printed circuit board components used in Apple products. According to Reuters, Apple is already looking into the cyberattack on one of its key manufacturing partners in India.
In fragments of the published data, cyber experts also found documents related to components of the updated Tesla Model Y electric crossover, as well as other company documents marked “trade secret.”

What happened: A Google IT specialist is accused of using insider information to place bets on the prediction platform Polymarket.
How it happened: Michele Spagnuolo, a software engineer at Google, used confidential information to profit from bets on which people would top the list of the most popular Google search queries. For example, Spagnuolo successfully predicted that one musician would top the list of the most popular search engine queries just hours after gaining access to confidential Google data. The total amount wagered was approximately $2.75 million.
Google stated that the IT specialist accessed the company’s marketing materials using a tool available to all employees, but using such information to place bets is a violation. The company suspended Spagnuolo from work and involved law enforcement agencies in the investigation. As a result, the employee was charged with wire fraud and money laundering. He has already appeared in court but was released on bail of $2.2 million.

What happened: An employee of a pediatric dental clinic deleted computer files, destroyed office documents, and left for lunch.
How it happened: Iliana Sacerio arrived at work at 8:20 a.m. and left for lunch around noon, but never returned to her workplace. It turned out that between 10 and 11 a.m., Sacerio deleted files from corporate computers without permission and destroyed paper documents. Her actions were captured by surveillance cameras. The employee also took paper documents from reception desk drawers, shredded them, and threw them into a trash bin outside the building.
The owner of the dental clinic told investigators that the deleted files included patient consent forms, reception documents, tax returns, insurance files, marketing materials, the website’s brand identity, software for communicating with patients, dental software files, patient X-rays, voicemail system files, employee records, inventory lists, and evaluation forms. IT specialists were able to restore only a small portion of the deleted files.
The former employee’s actions disrupted the clinic’s operations and interfered with the provision of patient services. The clinic had to bring in external experts to restore the software. The owner of the dental clinic estimated the damage at $9,000. Iliana Sacerio has been charged with destruction of computer intellectual property and causing damage of more than $1,000.
What happened: Cruise company Carnival faced a cyberattack involving social engineering.
How it happened: Carnival’s IT department specialists reported that unknown attackers targeted the company using social engineering methods. As a result, the attackers gained access to some of the company’s internal systems that stored customer data. Cyber experts believe the attackers may have obtained data belonging to 6 million customers of the cruise company.
The attackers gained access to customer names, email addresses, phone numbers, dates of birth, identification information, passport numbers, and more.
Carnival specialists quickly blocked the hackers’ access to the IT systems and brought in third-party cybersecurity experts to support the investigation. The company also notified customers that their data had been leaked and offered affected individuals free credit monitoring for two years.
Security Tip of the Month: This month’s cases show how quickly weak access control can turn into lost data, sabotage, or leaked trade secrets. SearchInform Risk Monitor helps detect suspicious user activity, unauthorized data transfers, and abnormal employee behavior before damage escalates. FileAuditor (DCAP) reduces exposure by showing where sensitive files are stored, who can access them, and which excessive privileges should be removed before they become a risk.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!