Yazılar

India’s Max Financial Reports Cybersecurity Incident at Axis Max Life Insurance Unit

/in /tarafından

Max Financial Services announced on Wednesday that its subsidiary, Axis Max Life Insurance, received an anonymous communication warning of unauthorized access to some customer data. The company has launched a security assessment and is analyzing data logs to investigate the breach.

Max Financial stated that a detailed investigation is underway with the help of cybersecurity experts to identify the root cause and implement necessary remedial actions.

Axis Max Life Insurance is a joint venture between Max Financial and private lender Axis Bank. The announcement comes amid a rising wave of cyberattacks in India’s financial sector, with firms like Angel One, Niva Bupa, Star Health, and HDFC Life Insurance reporting significant breaches in the past year.

These incidents have triggered regulatory mandates for comprehensive IT audits across the insurance industry. Cyber fraud cases in India surged more than fourfold in fiscal 2024, resulting in losses exceeding $20 million. Government data shows that since 2021, individuals have lost nearly $1.26 billion to cyber fraud at financial institutions.

Qantas Suffers Major Cyber Hack Affecting 6 Million Customer Accounts

/in /tarafından

Australian airline Qantas revealed on Wednesday that a cyber hacker accessed a third-party customer service platform used by one of its call centres, compromising the personal data of approximately six million customers. The breach exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers, marking Australia’s most significant cyberattack in recent years.

Qantas has not disclosed the call centre’s location or the precise number of affected customers but confirmed the breach was discovered after detecting unusual activity. The airline is still investigating the full scope of the stolen data but expects it to be substantial. Importantly, Qantas stated that frequent flyer accounts, passwords, PINs, or login credentials were not accessed, and operations and safety were not impacted.

The incident occurs amid heightened cyber threats targeting airlines worldwide. The FBI recently reported that the hacker group Scattered Spider has targeted airlines such as Hawaiian Airlines and WestJet. While Qantas did not identify the attacker, cybersecurity experts warn that social engineering attacks on airline staff may be involved.

This breach brings unwelcome scrutiny to Qantas, which is recovering from a reputational crisis caused by controversies during the COVID-19 pandemic, including illegal staff layoffs and ticketing issues. Qantas CEO Vanessa Hudson acknowledged the seriousness of the breach and assured customers of the airline’s commitment to protecting personal information. Authorities including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police have been notified.

Qantas shares fell 2.4% in afternoon trading, while the overall market rose.

M&S CEO: Cyberattack Fallout Will Largely Be Over by August

/in /tarafından

Marks & Spencer CEO Stuart Machin told shareholders on Tuesday that the British retailer expects to be past the worst effects of a major cyberattack by August, as the company works to restore operations and rebuild consumer trust.

The April cyberattack dealt a serious blow to the company, causing a £300 million ($413 million) hit to profit. It forced M&S to shut down its online store for nearly seven weeks, disrupted stock automation systems, and led to empty shelves in stores during May.

Speaking at M&S’s annual shareholder meeting, Machin said: “I’m really hoping by August, the majority of this is behind us.” This marked the first opportunity for investors to question leadership directly about the incident and its aftermath.

Questions over preventability and accountability were front and center. When asked if the cyberattack could have been prevented, Chairman Archie Norman acknowledged that “there’s always something that could be done” and that M&S continues to examine the details of the breach. Machin added that the attack exploited a third-party contractor via a social engineering tactic.

The CEO defended M&S’s prior cyber readiness, noting that the company had quadrupled its investment in cybersecurity and tripled the size of its cybersecurity team in the year leading up to the breach. “I’m glad we invested then. I’m glad we continue to invest,” Machin said.

One shareholder raised concerns about executive accountability, questioning whether Machin’s £7.1 million pay package, which rose 39% last year, should be reduced in light of the incident. Norman responded that incentive pay was tied to shareholder outcomes and that it was too early to determine adjustments.

Currently, the M&S online store is still only partially operational, with full restoration expected within four weeks. Automation systems at the Donington logistics hub are also expected to be fully functional by August, according to Machin.

In the meantime, the company is focused on reinforcing internal training to defend against further attacks and to bolster awareness of social engineering vulnerabilities.