Yazılar

Cyberattack on Brazil Tech Provider Disrupts Reserve Accounts of Several Financial Institutions

/in /tarafından

Brazil’s central bank revealed on Wednesday that C&M Software, a technology services provider catering to financial institutions without their own connectivity infrastructure, suffered a cyberattack targeting its systems. In response, the central bank ordered C&M to suspend access to the infrastructure it manages for these institutions.

Kamal Zogheib, C&M Software’s commercial director, confirmed the company was a direct victim of the attack, which involved fraudulent use of client credentials to try to access its services. Despite the breach, C&M said its critical systems remain intact and fully operational, with all security protocols activated. The company is working closely with the central bank and Sao Paulo state police as investigations continue.

Brazilian financial institution BMP and five other banks reported unauthorized access to their reserve accounts during the Monday attack. These reserve accounts, held directly at the central bank, are used solely for interbank settlements and are separate from client accounts, which were unaffected. BMP stated it has taken appropriate operational and legal measures and holds sufficient collateral to cover any impacted amounts, ensuring no disruption to its operations or partners.

An anonymous official indicated C&M services about two dozen smaller financial institutions, and the financial impact of the attack does not reach billions of reais. Another source confirmed no losses were sustained by clients.

The central bank refers to these affected entities as “financial institutions lacking their own connectivity infrastructure,” including many digital payment providers that have grown rapidly in Brazil. The Pix instant payment system, operated by the central bank since late 2020, has become the country’s most popular payment method, driving competition and innovation in the sector.

India’s Max Financial Reports Cybersecurity Incident at Axis Max Life Insurance Unit

/in /tarafından

Max Financial Services announced on Wednesday that its subsidiary, Axis Max Life Insurance, received an anonymous communication warning of unauthorized access to some customer data. The company has launched a security assessment and is analyzing data logs to investigate the breach.

Max Financial stated that a detailed investigation is underway with the help of cybersecurity experts to identify the root cause and implement necessary remedial actions.

Axis Max Life Insurance is a joint venture between Max Financial and private lender Axis Bank. The announcement comes amid a rising wave of cyberattacks in India’s financial sector, with firms like Angel One, Niva Bupa, Star Health, and HDFC Life Insurance reporting significant breaches in the past year.

These incidents have triggered regulatory mandates for comprehensive IT audits across the insurance industry. Cyber fraud cases in India surged more than fourfold in fiscal 2024, resulting in losses exceeding $20 million. Government data shows that since 2021, individuals have lost nearly $1.26 billion to cyber fraud at financial institutions.

Qantas Suffers Major Cyber Hack Affecting 6 Million Customer Accounts

/in /tarafından

Australian airline Qantas revealed on Wednesday that a cyber hacker accessed a third-party customer service platform used by one of its call centres, compromising the personal data of approximately six million customers. The breach exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers, marking Australia’s most significant cyberattack in recent years.

Qantas has not disclosed the call centre’s location or the precise number of affected customers but confirmed the breach was discovered after detecting unusual activity. The airline is still investigating the full scope of the stolen data but expects it to be substantial. Importantly, Qantas stated that frequent flyer accounts, passwords, PINs, or login credentials were not accessed, and operations and safety were not impacted.

The incident occurs amid heightened cyber threats targeting airlines worldwide. The FBI recently reported that the hacker group Scattered Spider has targeted airlines such as Hawaiian Airlines and WestJet. While Qantas did not identify the attacker, cybersecurity experts warn that social engineering attacks on airline staff may be involved.

This breach brings unwelcome scrutiny to Qantas, which is recovering from a reputational crisis caused by controversies during the COVID-19 pandemic, including illegal staff layoffs and ticketing issues. Qantas CEO Vanessa Hudson acknowledged the seriousness of the breach and assured customers of the airline’s commitment to protecting personal information. Authorities including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police have been notified.

Qantas shares fell 2.4% in afternoon trading, while the overall market rose.