Which is why I reveal as little private information about myself as possible for such fora accounts. Especially when the account is not related to my dayjob, like it is the case with ST.
I had to abandon an e-Mail account a few years ago for the very same purpose.
Are IP-addresses leaked too? Because I noticed in profile settings there is a list of IP-addresses. I just deleted the list, but it's probably too late...
"Kudo posts if you have the same problem and kudo replies if the solution works.Click ""Accept as Solution"" if a reply solved your problem. If no solution was posted please answer with your own."
Thank you very much for letting us know about this issue. I've shared it with our cybersecurity team for review and will keep you updated as soon as possible.
If anyone else in the community has experienced something similar in their web reports, please feel free to share your comments here.
I’m sorry for the inconvenience and appreciate your patience while we work on this.
Sincerely, Lina
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
I got the email. But it is not how this not how it should be solved. It is a very serious matter if we look at GDPR consequences actually.
This cases at least deserves an email not to be written by AI, as checkers flag this email as AI generated slop thus mark as spam, please consider that, and don't do it.
What amuses me most, how any kind of credential information these days can be held unsalted. There must be some real feedback from cybersecurity team with a real security improvement plan and explanation why we failed, thus we can understand how professional ST actually is when handling security related crisis.
I've just received an email from ST about the incident.
Your Data Incident Report
privacy@st.com
17/11/2025 16:37
Good evening,
We are contacting you to describe the circumstances of the incident, including the types of information involved and steps we have taken and further actions you can take.
What happened? On September 18, 2025, we detected a cybersecurity incident. We promptly engaged leading third-party cybersecurity experts and took steps to investigate the incident. The investigation determined that on September 16, 2025, an unauthorized party gained access to an external platform used for non-critical IT support operations related to www.st.com. The incident has been contained.
What information was involved? The data impacted presents low severity risk, varied by individual, but may have included: professional or personal email address, postal address, phone number.
What are we doing? We have conducted an investigation with the support of leading cybersecurity experts. We have taken steps designed to enhance the security of the external platform to prevent similar incidents in the future.
What can you do? We encourage you to remain alert to any suspicious or unsolicited communications, including emails, phone calls or text messages, and avoid clicking on suspicious links.
Yeah, would be great to receive this information via an official announcement, not via a third party report on the community forum.
Is it in the meantime possible to change the ST account mail address, I tried that once but the request was denied.
So the mail address is expected to get lots of spam and I still have to keep it around, as it is impossible to change it here on ST, nor can I change it to one I can throw away after this potentially happens again in the future.
Thank you for your feedback and expressing your concerns. I have shared that with a respective team.
Regarding the email account, I am sorry to inform, but it is not possible to exchange your email address. To achieve what you need you can request removing this account and then create a new one. Let me know if you wish to delete this one.
In addition, you can exercise your privacy rights and remove all your data from the st.com ecosystem. Please contactprivacy@st.com and they will execute your request.
Let me know if this helps or if you have any other questions.
Best regards, Lina
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
We’re sorry for this incident and truly appreciate your understanding and vigilance. Your trust means everything to us, and we’re dedicated to being transparent.
As it was shared by @rwx, ST has sent a communication to the affected accounts with the following details:
What happened? On September 18, 2025, we detected a cybersecurity incident. We promptly engaged leading third-party cybersecurity experts and took steps to investigate the incident. The investigation determined that on September 16, 2025, an unauthorized party gained access to an external platform used for non-critical IT support operations related to www.st.com. The incident has been contained.
What information was involved? The data impacted presents low severity risk, varied by individual, but may have included: professional or personal email address, postal address, phone number.
What are we doing? We have conducted an investigation with the support of leading cybersecurity experts. We have taken steps designed to enhance the security of the external platform to prevent similar incidents in the future.
What can you do? We encourage you to remain alert to any suspicious or unsolicited communications, including emails, phone calls or text messages, and avoid clicking on suspicious links.
Best regards, Lina
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
