Yazılar

Qantas Contacts Cyber Criminal After Data Breach Affecting Six Million Customers

/in /tarafından

Australia’s Qantas has confirmed that a cyber criminal reached out to the airline one week after a major data breach exposed personal information of six million customers. The breach involved a hacker targeting a call centre and accessing a third-party customer service platform containing sensitive details including names, emails, phone numbers, birth dates, and frequent flyer numbers, a Qantas spokesperson told Reuters on Tuesday.

The airline has engaged the Australian Federal Police in the investigation and declined to provide further details on the contact due to the ongoing criminal matter. While there is currently no evidence that the stolen data has been leaked publicly, Qantas is actively monitoring the situation with cyber security experts.

This breach marks one of the most significant cyber attacks in Australia since the 2022 incidents involving telecommunications provider Optus and health insurer Medibank, which led to the introduction of mandatory cyber resilience laws.

The incident poses a challenge for Qantas as it works to restore public confidence after its reputation suffered during the COVID-19 pandemic due to operational disruptions and criticism.

Qantas Suffers Major Cyber Hack Affecting 6 Million Customer Accounts

/in /tarafından

Australian airline Qantas revealed on Wednesday that a cyber hacker accessed a third-party customer service platform used by one of its call centres, compromising the personal data of approximately six million customers. The breach exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers, marking Australia’s most significant cyberattack in recent years.

Qantas has not disclosed the call centre’s location or the precise number of affected customers but confirmed the breach was discovered after detecting unusual activity. The airline is still investigating the full scope of the stolen data but expects it to be substantial. Importantly, Qantas stated that frequent flyer accounts, passwords, PINs, or login credentials were not accessed, and operations and safety were not impacted.

The incident occurs amid heightened cyber threats targeting airlines worldwide. The FBI recently reported that the hacker group Scattered Spider has targeted airlines such as Hawaiian Airlines and WestJet. While Qantas did not identify the attacker, cybersecurity experts warn that social engineering attacks on airline staff may be involved.

This breach brings unwelcome scrutiny to Qantas, which is recovering from a reputational crisis caused by controversies during the COVID-19 pandemic, including illegal staff layoffs and ticketing issues. Qantas CEO Vanessa Hudson acknowledged the seriousness of the breach and assured customers of the airline’s commitment to protecting personal information. Authorities including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police have been notified.

Qantas shares fell 2.4% in afternoon trading, while the overall market rose.

US Judge Approves $177 Million Settlement in AT&T 2024 Data Breach Lawsuits

/in /tarafından

A U.S. judge granted preliminary approval on Friday to a $177 million settlement resolving class-action lawsuits against telecom giant AT&T (T.N) over data breaches in 2024 that exposed personal information of tens of millions of customers. U.S. District Judge Ada Brown in Dallas ruled that the settlement was fair and reasonable.

The settlement addresses claims stemming from breaches announced by AT&T in May and July of last year. Depending on the breach, customers who suffered losses “fairly traceable” to the incidents can receive payments of up to $2,500 or $5,000. After direct loss claims are paid, remaining funds will be distributed to customers whose personal data was accessed.

AT&T denied responsibility for the criminal acts but agreed to the settlement to avoid prolonged and costly litigation. The company expects final approval by the end of 2025 and plans to begin issuing payments early next year.

One breach involved the illegal download of about 109 million customer accounts from AT&T’s Snowflake cloud platform, exposing six months of call and text logs from 2022 for nearly all its customers. In March 2024, AT&T revealed a related data set released on the dark web, affecting approximately 7.6 million current and 65.4 million former account holders, with data dating back to 2019 or earlier.

The Federal Communications Commission (FCC) is also investigating the incidents. Last September, AT&T agreed to pay $13 million to settle an FCC probe into a 2023 data breach involving a cloud vendor that affected 8.9 million wireless customers. The FCC said the exposed data covered customers from 2015 to 2017 and should have been deleted by 2017 or 2018.