Human In[Security] — Cyber safety in plain English for busy people and their parents.
Today’s Menu (30-second skim)
- PayPal Working Capital app bug exposed sensitive info for months
- Canada Goose customer records posted online (claimed by ShinyHunters)
- France: bank account registry (FICOBA) incident impacted ~1.2M accounts
PayPal: loan app software error exposed sensitive info for nearly 6 months
What happened (plain English): PayPal said a software error in its PayPal Working Capital loan application exposed customer personal information for a period of time. Reporting says the exposed info included highly sensitive data (like Social Security numbers) for affected customers.
Why it matters to you: Even a small exposure can trigger a big wave of phishing (“PayPal support”), identity theft attempts, and account takeovers. The scary part is it can look like a normal support message.
How to protect yourself (do this):
- Be skeptical of PayPal emails/texts asking you to “verify” anything. Open PayPal directly in the app/site.
- Turn on account alerts and review recent activity.
- Lock down your email account (unique password + 2FA) — it’s the key to password resets everywhere else.
- Consider a credit freeze if you’re worried about identity fraud.
Source: BleepingComputer
Canada Goose: hackers claim 600K customer records leaked online
What happened (plain English): A data extortion group claims it posted a large dataset of Canada Goose customer transaction records. Canada Goose said it has no indication of a breach of its own systems and is reviewing the dataset.
Why it matters to you: Even without full card numbers, leaked order history + addresses + phone/email can fuel extremely convincing scam messages (“delivery issue,” “refund,” “account locked”).
How to protect yourself (do this):
- Watch for fake “order problem” messages. Don’t click — go to the retailer site/app yourself.
- Turn on transaction alerts for your cards.
- Be careful with “support” phone numbers in emails/texts — scammers spoof those too.
Source: BleepingComputer
France: bank account registry incident impacted data tied to ~1.2M accounts
What happened (plain English): France’s Ministry of Finance disclosed an incident involving the national bank account registry (FICOBA), where a threat actor used stolen credentials to access and potentially exfiltrate sensitive account-related information for about 1.2 million accounts.
Why it matters to you: When official registries are involved, scammers love to pretend they’re the government or your bank. Expect “we need to verify you” messages.
How to protect yourself (do this):
- If you get a message claiming to be from a tax agency or bank: do not click links or share login details.
- Call back using the official number from your bank card or official website.
- Never share banking info, card numbers, or one-time codes over SMS/email.
Source: BleepingComputer
Grandma’s Firewall 🛡️
This week’s simple rule: Never give a one-time code to anyone—ever.
Two scripts you can steal:
- “I don’t share codes. I’ll call the official number back.”
- “No problem — I’ll log in directly and handle it myself.”
Share this: This one rule prevents a shocking number of takeovers. Send it to whoever you’re trying to protect.
— Philip | Human In[Security]
![Human In[Security] Die-cut stickers](https://humaninsecurity.com/wp-content/uploads/2026/01/die-cut-stickers-satin-6x6-front-697d1d26150e0-300x300.jpg)
![Human Network In[]Security Cotton Heritage MC1082 I Men's Premium Short Sleeve Tee](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-mc1082-i-mens-premium-short-sleeve-tee-vintage-white-front-697d1df2a58b4-300x300.jpg)
![Official Human In[Security] Unisex Hoodie](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-m2580-i-unisex-premium-pullover-hoodie-carolina-blue-front-697d24c26e85b-300x300.jpg)