Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
Salesforce
Airways Data Breach Data Leaked Identity Theft LAPSUS$ Qantas Salesforce

Qantas Faces Scrutiny After Massive Data Leak Exposes Millions of Customer Records

 



Qantas Airways is under investigation after personal data belonging to millions of its customers appeared online following a major cyberattack. The breach, which originated from an offshore call centre using Salesforce software, is believed to have exposed information from around 5.7 million individuals.

According to cybersecurity reports, the data was released after a criminal group known as Scattered LAPSUS$ Hunters followed through on a ransom threat. The leaked files reportedly include customers’ full names, email addresses, Frequent Flyer membership numbers, phone numbers, home and business addresses, dates of birth, and gender details. In some cases, even meal preferences were among the stolen data.

Although Qantas had outsourced customer support operations to an external provider, Australian officials emphasized that responsibility for data protection remains with the airline. “Outsourcing does not remove a company’s cybersecurity obligations,” warned Cyber Security Minister Tony Burke, who added that serious penalties may apply if organisations fail to meet legal requirements for safeguarding personal data.

Experts have cautioned customers not to search for the leaked information online, particularly on dark web platforms, to avoid scams or exposure to malicious content.

Cybersecurity researcher Troy Hunt explained that while the stolen data may not include financial details, it still poses serious risks of identity theft. “The information provides multiple points of verification that can be exploited for impersonation attacks,” he noted. Hunt added that Qantas would likely face substantial legal and financial repercussions from the incident, including class-action lawsuits.

RMIT University’s Professor Matthew Warren described the event as the beginning of a “second wave of scams,” predicting that fraudsters could impersonate Qantas representatives to trick customers into disclosing more information. “Attackers may contact victims, claiming to offer compensation or refunds, and request bank or card details,” he said. With most Qantas passengers being Australian, he warned, “a quarter of the population could be at risk.”

In response, Qantas has established a dedicated helpline and identity protection support for affected customers. The airline also secured a court injunction from the New South Wales Supreme Court to block access to the stolen data. However, this order only applies within Australia, leaving the information still accessible on some foreign websites where the databases were leaked alongside data from other companies, including Vietnam Airlines, GAP, and Fujifilm.

Legal experts have already lodged a complaint with the Office of the Australian Information Commissioner, alleging that Qantas failed to take sufficient steps to protect personal information. Similar to previous high-profile breaches involving Optus and Medibank in 2022, the case may lead to compensation claims and regulatory fines.

Professor Warren emphasised that low conviction rates for cybercrimes continue to embolden hackers. “When attackers see few consequences, it reinforces the idea that cyber laws are not a real deterrent,” he said.


Read more »
Scattered Lapsus$ Hunters
Data Breach Qantas dark web leak Qantas data breach Qantas ransomware attack Salesforce data breach Scattered Lapsus$ Hunters

5 Million Qantas Travellers’ Data Leaked on Dark Web After Global Ransomware Attack

 

Personal data of around five million Qantas passengers has surfaced on the dark web after the airline fell victim to a massive ransomware attack. The cybercriminal group, Scattered Lapsus$ Hunters, released the data publicly when their ransom demands went unmet.

The hackers uploaded the stolen files on Saturday, tagging them as “leaked” and warning, “Don’t be the next headline, should have paid the ransom.”

The compromised information reportedly includes email addresses, phone numbers, dates of birth, and frequent flyer membership details from Qantas’ customer records. However, the airline confirmed that no financial data, credit card details, or passport numbers were exposed in this breach.

The cyberattack is part of a larger global campaign that has impacted 44 organisations worldwide, with up to a billion customer records potentially compromised. The infiltration occurred through a Salesforce database breach in June, extending from April 2024 to September 2025.

Cyber intelligence expert Jeremy Kirk from Intel 471 said the attackers are a long-established criminal network with members operating across the US, UK, and Australia.
He noted: “This particular group is not a new threat; they've been around for some time.”
Kirk added: “They're very skilled in knowing how companies have connected different systems together.”

Major global brands such as Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas were also affected by the same campaign.

While Qantas customers’ financial data was not exposed, experts have warned that the leaked personal details could be exploited for identity theft and phishing scams.
Kirk cautioned: “These days, a lot of threat groups are now generating personalised phishing emails.”
He continued: “They're getting better and better at this, and these types of breaches help fuel that underground fraudster economy.”

Qantas has since launched a 24/7 customer support line and provided specialist identity protection assistance to those affected.
A company representative stated, “We continue to offer a 24/7 support line and specialist identity protection advice to affected customers.”

In July, Qantas secured a permanent court order from the NSW Supreme Court to block any unauthorised access, sharing, or publication of the stolen data.

Salesforce, whose database was infiltrated, confirmed that it would not negotiate or pay ransom demands, stating: “We will not engage, negotiate with, or pay any extortion demand.” The company also clarified that its platform itself remained uncompromised and that it continues to work closely with affected clients.

A Qantas spokesperson added: “With the help of specialist cyber security experts, we are investigating what data was part of the release.”
They continued: “We have also put in place additional security measures, increased training across our teams, and strengthened system monitoring and detection since the incident occurred.”
Read more »
private key breach
Blockchain Security Crypto Theft crypto wallet hack Data Breach Ethereum transfer Hyperliquid hack PeckShield report private key breach

$21 Million Stolen in Hyperliquid Private Key Breach: Experts Warn of Rising Crypto Wallet Hacks

 

Hyperliquid user, identified by the wallet address 0x0cdC…E955, has reportedly lost $21 million in cryptocurrency after hackers gained access to their private key.

According to blockchain security firm PeckShield, the attackers swiftly transferred the compromised funds to the Ethereum network, as confirmed through on-chain tracking. The stolen crypto included approximately 17.75 million DAI tokens and 3.11 million MSYRUPUSDP tokens. PeckShield also shared visual data mapping out the wallet addresses connected to the heist.

“A victim 0x0cdC…E955 lost ~$21M worth of cryptos due to a private key leak. The hacker has bridged the stolen funds… including 17.75M & 3.11M,” — PeckShieldAlert (@PeckShieldAlert)

Blockchain records indicate that the stolen tokens were strategically transferred and redistributed across multiple wallets, mirroring tactics seen in earlier high-profile crypto thefts.

An unusual detail in the case is the timing of certain trading activities. Just as PeckShield’s alert went public, data showed that a Hyperliquid account closed a $16 million HYPE long position, followed by the liquidation of 100,000 HYPE tokens worth about $4.4 million.

Researchers analyzing transactions on Hypurrscan suggested that this trading account might have belonged to the same compromised user. Their findings indicate that the liquidated assets were later converted into USDC and DAI, with transfers spanning both the Ethereum and Arbitrum networks—aligning closely with the hacker’s movements identified by PeckShield.

The breach wasn’t limited to Hyperliquid balances. Investigations revealed an additional $3.1 million was siphoned from the Plasma Syrup Vault liquidity pool, with the tokens quickly routed to a newly created wallet.

Prominent X (formerly Twitter) user Luke Cannon suggested that the total damage could be higher, estimating another $300,000 stolen from linked wallet addresses.

Recurring Attacks Raise Security Concerns

Another Hyperliquid user, @TradeThreads (BRVX), reported losing $700,000 in HYPE tokens last month under similar circumstances.

“Lost 700k in hype in a similar incident last month. Not sure how they hacked. No malware, no discord chats, no TG calls, no email download,” — BRVX (@TradeThreads)

He speculated that Windows malware might have been the cause, as he had not accessed his wallets for a week and had recently switched to a new MacBook where the wallet wasn’t even set up.

Unlike exchange or smart contract vulnerabilities, this breach resulted from a private key leak, which grants attackers full access to wallet credentials. Such leaks often stem from phishing attacks, malware, or insecure key storage practices.

Cybersecurity experts continue to emphasize the importance of cold wallets or multi-signature setups for protecting high-value crypto assets.

Recently, Blockstream issued a security alert warning Jade hardware wallet owners of a phishing campaign spreading through fake firmware update emails.

Growing Pattern of Private Key Exploits

Private key-related hacks are becoming alarmingly common. Just weeks ago, North Korean hackers reportedly stole $1.2 million from Seedify’s DAO launchpad, causing its token SFUND to drop by 99%. Similarly, a Venus Protocol user on BNB Chain lost $27 million to a key breach in September.

According to CertiK’s annual security report, over $2.36 billion was lost across 760 on-chain security incidents last year, with $1.05 billion directly linked to private key compromises—making up 39% of all attacks.

The report explains that phishing remains a preferred method among hackers because it exploits human error rather than technological weaknesses. Since blockchain transactions are irreversible, even a single mistake can result in irreversible losses.

The Ethereum network continues to witness the most attacks, followed by Binance Smart Chain (BSC)—but experts warn that Hyperliquid is now becoming a new target for cybercriminals due to its decentralized infrastructure.
Read more »
North Korea Hackers
Crypto Theft Data Breach Discord Breach North Korea Hackers

Crypto Vanishes: North Korea’s $2B Heist, Discord Breach Exposes Millions

 

North Korean hackers have stolen over $2 billion in cryptocurrency in 2025, while a Discord breach exposed sensitive user data, including government IDs of approximately 70,000 individuals. These incidents highlight the growing sophistication of cyber threats targeting both financial assets and personal information.

Cybercrime surge

North Korean state-sponsored hacking groups, such as the Lazarus Group, have significantly increased their cryptocurrency thefts, amassing more than $2 billion in 2025 alone, marking a record for these cybercriminals. The funds are believed to support North Korea’s nuclear weapons and missile development programs.The regime’s hacking activities now contribute approximately 13% to its estimated $15.17 billion GDP. 

The largest single theft occurred in February 2025, when hackers stole $1.4 billion from the crypto exchange ByBit, with other attacks targeting platforms like WOO X and Seedify resulting in millions more in losses. North Korean hackers are increasingly focusing on wealthy individual cryptocurrency holders, who often lack the robust security measures of institutional investors, making them vulnerable targets. 

Discord ID breach and data exposure

Discord confirmed a breach in which hackers accessed the government-issued identification documents of around 70,000 users who had uploaded them for age verification disputes. The attackers infiltrated a third-party customer service provider, 5CA, to gain access to this sensitive data. 

The stolen information, including selfies holding IDs, email addresses, and partial phone numbers, is being shared in Telegram groups, raising serious privacy concerns about digital age verification systems. This incident underscores the risks associated with centralized storage of personal identification documents.

New tactics: EtherHiding on blockchains

In a significant evolution of cyber-espionage tactics, a North Korean threat actor tracked as UNC5342 has been observed using a technique called “EtherHiding” since February 2025. This method involves embedding malicious code within smart contracts on public blockchains like Ethereum or BNB Smart Chain, using the decentralized ledger as a resilient command-and-control server. 

This approach, part of a campaign named “Contagious Interview,” uses social engineering—posing as recruiters on LinkedIn—to lure victims into executing malware that downloads further payloads via blockchain transactions. The decentralized nature of blockchains makes EtherHiding highly resistant to takedown efforts, presenting a new challenge for cybersecurity defenses.
Read more »
Scattered Spider
Customer Data Data Breach Extortion Group NCA Ransomware Salesforce Scattered Spider

Salesforce Refuses to Pay Extortion Demand After Alleged Theft of Nearly One Billion Records




Salesforce has confirmed it will not pay a ransom to an extortion group that claims to have stolen close to one billion records belonging to several of its customers. The company stated that it will not enter negotiations or make payments to any threat actor, reaffirming its policy of non-engagement with cybercriminals.


Extortion Group Claims to Have Breached Dozens of Salesforce Customers

The group behind the alleged theft calls itself “Scattered LAPSUS$ Hunters”, a name that appears to blend identities from three notorious cyber-extortion collectives: Scattered Spider, LAPSUS$, and ShinyHunters. Cybersecurity firm Mandiant, owned by Google, has been tracking this activity under the identifier UNC6040, though analysts say the group’s exact origins and membership remain unconfirmed.

According to Mandiant’s June report, the campaign began in May, when attackers used voice-based social engineering, or “vishing,” to trick employees at several organizations using Salesforce’s platform. Pretending to represent technical support teams, the callers persuaded employees to connect an attacker-controlled application to their company’s Salesforce environment. Once integrated, the app provided unauthorized access to stored customer data.

Security researchers described the tactic as simple but highly effective, since it relies on human trust rather than exploiting software vulnerabilities. Several organizations unknowingly granted the attackers access, enabling them to exfiltrate vast amounts of data.

Earlier this month, the extortionists created a leak site listing approximately 40 affected Salesforce customers, including large global firms. The site claimed that 989.45 million records had been compromised and demanded that Salesforce begin ransom negotiations “or all your customers’ data will be leaked.” The attackers added that if Salesforce agreed to pay, other victim companies would not be required to do so individually.

Salesforce, however, made its position clear. In a statement to media outlets, a company spokesperson said, “Salesforce will not engage, negotiate with, or pay any extortion demand.” The company also informed customers via email that it had received credible intelligence about plans by ShinyHunters to release the stolen data publicly, but it would still not yield to any ransom demand.


Broader Concerns Over Ransomware Economics

The incident adds to a growing global debate over ransom payments. Analysts say extortion and ransomware attacks persist largely because organizations continue to pay. According to Deepstrike Security, global ransom payments in 2024 reached $813 million, a decline from $1.1 billion in 2023 but still a major incentive for criminal groups.

Experts such as independent security researcher Kevin Beaumont have repeatedly criticized the practice of paying ransoms, arguing that it directly funds organized crime and perpetuates the cycle of attacks. Beaumont noted that while law enforcement agencies like the UK’s National Crime Agency (NCA) publicly discourage payments, some companies still proceed with negotiations, sometimes even with NCA representatives present.


Risks and Lessons for Organizations

Data stolen from cloud-based platforms like Salesforce may include customer identifiers, contact details, transaction histories, and other business records. Even without financial information, such data can be weaponized in phishing, identity theft, or fraud campaigns.

Security professionals advise all organizations using cloud platforms to implement multi-factor authentication, enforce least-privilege access controls, and review all third-party applications connected to their systems. Employees should be trained to verify unexpected support calls or administrative requests through official channels before granting access.

The Salesforce case underscores the growing sophistication of social engineering attacks targeting major enterprise platforms. As digital ecosystems expand, cybercriminals are increasingly exploiting human error rather than software flaws. Salesforce’s refusal to pay marks a firm stance in an era when ransom-driven extortion continues to dominate the threat landscape, sending a strong message to both the cybersecurity community and the attackers themselves.



Read more »
ransomware attacks
Clinical Safety cyber resilience cybersecurity in healthcare Data Breach Digital Health Threats Health ISAC Medical Device Security patient data protection ransomware attacks

Cyber Risks Emerge as a Direct Threat to Clinical Care

 


Even though almost every aspect of modern medicine is supported by digital infrastructure, the healthcare sector finds itself at the epicentre of an escalating cybersecurity crisis at the same time. Cyberattacks have now evolved from being just a financial or corporate problem to a serious clinical concern, causing patients' safety to be directly put at risk as well as disrupting essential healthcare. 

With the increasing use of interconnected systems in hospitals and diagnostic equipment, as well as cloud-based patient records, the attack surface on medical institutions is expanding, making them increasingly susceptible to ransomware and data breaches posed by the increasing use of interconnected systems. 

The frequency and sophistication of such attacks have skyrocketed in recent years, and the number of attacks has almost doubled compared to 2023, when the number of ransomware attacks in the United States alone climbed by a staggering 128 per cent in the same year. As far as data loss and financial damage are concerned, the consequences of these breaches do not stop there. 

There are estimates of healthcare organisations losing up to $900,000 per day because of operational outages linked to ransomware, which excludes the millions—or billions—that are spent on ransom payments. In IBM's 2024 Cost of a Data Breach Report, healthcare was ranked as the highest cost per incident in the world, with an average cost of $9.8 million. This was significantly more than the $6.1 million average cost per incident within the financial sector. 

In spite of this fact, the most devastating toll of cyberattacks is not in currency, but rather in the lives of victims. Studies indicate that cyberattacks have resulted in delayed procedures, compromised care delivery, and, in some cases, increased mortality rates of patients. There has been a troubling increase from the previous year, since 71 per cent of healthcare organisations affected by cyber incidents reported negative patient outcomes due to service disruptions in 2023. 

With the rapid growth of digital transformation in healthcare, the line between data security and clinical safety is fast disappearing - making cybersecurity an urgent issue of patient survival rather than mere IT resilience as digital transformation continues to redefine healthcare. With cyber threats growing more sophisticated, healthcare is experiencing a troubling convergence of digital vulnerability and human consequences that is becoming more and more troubling. 

There was once a time in healthcare when cybersecurity was viewed solely as a matter of data protection; however, today, it has become an integral part of patient safety and wellbeing, which is why experts are predicting that the threat of cybersecurity attacks will escalate significantly by the year 2025, with hospitals and health systems facing increasing financial losses as well as the threat of escalating risks. 

Recent reports have highlighted hospitals being incapacitated by ransomware attacks, which have compromised critical care, eroded public trust, and left healthcare staff unable to provide care. "Patient safety is inseparable from cyber safety," emphasised Ryan Witt, Proofpoint's healthcare leader, emphasising that when digital systems fail, life-saving care can be compromised. Statistics behind these incidents reveal a frightening reality. 

A study found that nearly seventy-eight per cent of healthcare organisations experienced disruptions in patient care as a result of ransomware, email compromise, cloud infiltration, and supply chain attacks. More than half of these patients experienced extended stays in the hospital or medical complications, while almost a third saw a rise in death rates. 

Financial figures often overshadow the human toll of a major attack: although the average cost has fallen to $3.9 million from $4.7 million, ransom payments have risen to $1.2 million from $4.7 million. It is important to remember that there are no monetary figures that can fully capture the true impacts of systems that go dark-missing diagnoses, delays in surgery, and the lives put at risk of clinicians, nurses, and technicians. 

Considering that time and precision are synonymous with survival in the healthcare sector, it has become clear that the encroachment of cybercrime is more than merely a technology nuisance and has become a profound threat to the very concept of care itself. Health Information Sharing and Analysis Centre (Health-ISAC) continues to play an important role in strengthening the industry's defences amidst increasing global cyber threats targeting the healthcare sector. 

It serves as an important nexus for collaboration, intelligence sharing, and real-time threat mitigation across healthcare networks worldwide. Health-ISAC is a non-profit organisation run by its members. A vital resource for safeguarding both digital and physical health infrastructures, Health-ISAC has disseminated actionable intelligence and strengthened organizational resilience through the distribution of actionable intelligence and strengthening of organisational resilience. 

It has recently been reported that the organisation has identified several security threats, including critical vulnerabilities found within Citrix NetScaler ADC, NetScaler Gateway, and Cisco Adaptive Security Appliances (ASA) that could potentially be exploited. Immediately after the identification of these flaws, Health-ISAC issued over a hundred targeted alerts to member institutions in order to minimise the risk of exploitation. 

These vulnerabilities have been exploited by threat actors since then, highlighting how the healthcare sector needs to be monitored continuously and provide rapid response mechanisms. As well as detecting threats, Health-ISAC has also been involved in regulatory alignment, particularly addressing FDA guidance regarding cybersecurity for medical devices that was recently updated. 

Revisions to the quality system considerations and the content of premarket submissions, issued in June 2025, have replaced the earlier version, which was issued in 2023, and incorporate Section VII of the Federal Food, Drug, and Cosmetic Act (FD&C Act). In this section, manufacturers are outlined in detail about their specific compliance obligations, including the use of cybersecurity assurance procedures, Software Bills of Materials (SBOMs), and secure development methods. 

It has also been emphasised by Health-ISAC that there are related regulatory frameworks that will affect AI-enabled medical devices, such as the FDA Quality Management System Regulation, the EU Cyber Resilience Act, and emerging standards such as AI-enabled data providers. In the organisation's latest analysis, the organisation explored how the geopolitical climate has been shifting in the Asia Pacific region, where growing tensions between the Philippines and China, particularly over the Scarborough Shoal, which has now been designated by China as a maritime wildlife refuge, are reshaping regional security. 

The significant investment Australia has made in asymmetric warfare capabilities is a further indication of the interconnectedness between geopolitics and cybersecurity threats. Denise Anderson, President and CEO of Health-ISAC, commented on the organisation's 15-year milestone and stated that the accomplishments of the organisation demonstrate the importance of collective defence and shared responsibility. She added, "Our growth and success are a testament to the power of collaboration and to our members' passion to improve the welfare of patients," she expressed.

"With the emergence of sophisticated threats, a unified defence has never been more needed." In the near future, Health-ISAC plans to strengthen the intelligence sharing capabilities of the organisation, expand its partnerships throughout the world, and continue promoting cybersecurity awareness - all of which will strengthen the organisation's commitment to making healthcare safer and more resilient throughout the world. 

The healthcare landscape is becoming increasingly digitalised, and preserving it will require not only a proactive defence but a coordinated, unified approach as well. As technology and patient care have converged, cybersecurity has become a clinical imperative, one that will require the collaboration of policymakers, hospital administrators, medical device manufacturers, and cybersecurity specialists. 

Various experts highlight that through investment in secure infrastructure, workforce training, and continuous monitoring and assessment of risks, there is no longer an option but instead a necessity to maintain the trust of patients and ensure the continuity of operations. 

There is a significant reduction in vulnerabilities across complex healthcare ecosystems when zero-trust frameworks are implemented, timely software patches are made, and transparent data governance takes place. Moreover, fostering global intelligence-sharing alliances, such as the one promoted by Health-ISAC, can strengthen our collective resilience to emerging cyber threats.

With the sector facing a number of emerging challenges in the future - from ransomware to artificial intelligence-enabled attacks - it is imperative that cyber safety is treated as an integral part of patient safety in order to survive. In addition to protecting data, healthcare delivery is also preserving its most vital mission: saving lives in a world where the next medical emergency could be just as easily caused by malicious code as it would be caused by the hospital.
Read more »
User Privacy
Data Breach Discord Hack Third-Party Vendor unauthorised access User Privacy

Discord Third-Party Breach Exposes User Data and Government IDs

 

Discord has confirmed a significant data breach affecting users who interacted with their customer support or trust & safety teams, stemming not from a direct attack on Discord’s own systems but through a compromised third-party vendor that handled customer service operations.

This incident highlights a persistent and growing vulnerability within the tech industry—outsourcing crucial services to external parties with potentially weaker cybersecurity standards, making user data increasingly reliant on the practices of organizations that customers never directly chose to trust.

Data exposed in the breach

The breach resulted in unauthorized access to sensitive personal information stored in customer service records. Specifically, exposed data included names, email addresses, Discord usernames, and various contact details for users engaging with Discord support. Furthermore, hackers gained limited billing information comprising payment types, purchase history, and the last four digits of credit cards, with full card numbers and passwords remaining secure.

A particularly concerning aspect was a small subset of government-issued ID images—such as driver’s licenses and passports—belonging to users who had submitted documents for age verification purposes. Although not all Discord users were affected, the breach still poses a tangible risk of identity theft and privacy erosion for those involved.

Third-Party vendor risks

The incident underscores the dangers posed by outsourcing digital operations to third-party vendors. Discord’s response involved revoking the vendor’s access and launching a thorough investigation; however, the damage had already been done, reflecting security gaps that even prompt internal actions cannot immediately resolve once data is compromised. 

The broader issue is that while companies often rely on vendors to reduce costs and streamline services, these relationships introduce new, often less controllable, points of failure. In essence, the robust security of a major platform like Discord can be undermined by external vendors who do not adhere to equally rigorous protection standards.

Implications for users

In the aftermath, Discord followed standard protocols by notifying affected users via email and communicating with data protection authorities. Yet, this episode demonstrates a critical lesson: users’ digital privacy extends beyond the platforms they consciously choose, as it also depends on a network of third-party companies that can become invisible weak links. 

Each vendor relationship broadens the attack surface for potential breaches, transforming cybersecurity into a chain only as strong as the least secured party involved. The Discord incident serves as a stark reminder of the challenges in safeguarding digital identity in an interconnected ecosystem, where the security of personal data cannot be taken for granted.
Read more »
Privacy Act Australia
AI Risks ChatGPT Privacy Cyber Security NSW Cybersecurity Data Breach Generative AI NSW Government Personal Data Protection Privacy Act Australia

Sensitive Information of NSW Flood Victims Mistakenly Entered into ChatGPT

 


A serious data breach involving the personal details of thousands of flood victims has been confirmed by the New South Wales government in an unsettling development that highlights the fragile boundary between technology and privacy.

There has been an inadvertent upload of sensitive information by a former contractor to ChatGPT of the information belonging to applicants in the Northern Rivers Resilient Homes Program, which exposed the email addresses, phone numbers, and health information of thousands of applicants. NSW Reconstruction Authority informed us that the breach took place in March of this year. They said the incident was deeply regrettable and apologized to those affected as a result of this. 

It has been stated that authorities have not yet found any evidence that the data has been published, although they have acknowledged that it cannot be entirely dismissed as a possibility. The NSW Cyber Security NSW team is conducting an in-depth investigation into this matter to determine how much of the exposed information has been exposed and what precautions must be taken to ensure that the breach does not occur again. 

According to the NSW Reconstruction Authority, the breach was caused by a former contractor who uploaded an Excel spreadsheet containing over 12,000 rows of information without authorization to ChatGPT. This particular file, which contained details relating to the personal and contact details of thousands of people who were associated with the Northern Rivers Resilient Homes Program, is believed to have exposed the personal and contact information of as many as 3,000 people. 

It was launched in the wake of the catastrophic floods of 2022 to assist residents by offering home buybacks, rebuilding funds, or improving flood resilience in the area. In spite of the fact that the incident occurred between March 12 and 15, the public disclosure was delayed several months after the incident took place, coincidental with a public holiday in New South Wales. 

According to the authority, the upload was an isolated incident that was not sanctioned by the department. The specialists at Cyber Security NSW are currently reviewing the spreadsheet meticulously, line-by-line in order to determine if any information has been further disseminated or misused, and whether the disclosure is extensive enough to warrant it. 

Northern Rivers Resilient Homes was established to provide support to residents whose properties were devastated by the floods of 2022, through government-funded home buybacks in high-risk areas, along with assistance with rebuilding or strengthening structures that may be vulnerable to future disasters. 

This initiative has resulted in an array of homeowners, including Harper Dalton-Earls from South Lismore, providing extensive personal information during the application process. The application process for home acquisitions under the program was referred to as a “mountain of data” by Mr Dalton-Earls, who acquired his new home under the program. This is due to the extent to which a person's personal and financial details were shared with authorities. 

Despite this, the recent breach has raised serious concerns about the protection of privacy, since the names, addresses, email addresses, phone numbers, and other sensitive personal and health information of candidates were exposed. According to the NSW Reconstruction Authority, no evidence exists to show that the compromised data has been publicly disclosed, although the NSW Reconstruction Authority officials have acknowledged that there has been a delay in informing affected individuals of the complexity of the ongoing investigation and the delay in notifying them. 

During the meeting, the department reiterated that every precaution is being taken to ensure that accurate communication is provided to all impacted residents as well as to prevent any further dissemination of this information from occurring. Those who witnessed the incident have renewed their concerns about the security of personal data once it enters into generative artificial intelligence systems, which is highlighting the growing uncertainty regarding privacy in the age of machine learning. 

In addition to the major data breaches involving Optus and Medibank that exposed millions of personal details, Australia is now facing a more complex challenge where there are growing concerns about the blurring of lines between data misuse and data training. The experts warn that when using artificial intelligence tools, interactions are not private at all, pointing out that sharing sensitive information on such platforms can result in it being shared in a public forum.

Researcher Dr. Chamikara, who specializes in cybersecurity, emphasized that users should always assume that any data entered into a chatbot may be saved, re-used, or inadvertently exposed. Consequently, he urged companies to create robust internal policies prohibiting the sharing of confidential data with generative artificial intelligence systems, which will prevent a business from doing so. 

The Privacy Act 1988 of Australia still does not provide comprehensive provisions for the governance of AI models, which leads to significant gaps in accountability and the rights of users over their own data. This complicates the situation even more. According to the NSW Reconstruction Authority, it has been informed that it is reaching out to all individuals affected by the breach and is working closely with Cyber Security NSW to keep an eye out for any evidence of the breach on the internet and dark web.

In spite of initial findings indicating no unauthorized access to the system has yet been detected, authorities have established ID Support NSW to provide direct assistance and tailored advice to those affected by the issue. As a further recommendation, cybersecurity experts have suggested changing all passwords relevant to their account, enabling two-factor authentication, keeping an eye out for unusual financial activity, and reporting any suspicious financial activity to the Australian Cyber Security Centre and Cyber Security NSW. 

There is no doubt that the breach will serve as a resounding reminder of the urgent need for governments and organizations to improve data governance frameworks in the era of artificial intelligence. Experts advise that the importance of building privacy-by-design principles into every stage of digital operations is growing exponentially as technology continues to advance faster than the regulatory environment can keep up with.

There must be proactive education and accountability, which are more important than reactive responses to incidents. This is to ensure that all contractors and employees understand what AI tools are able to do for them as well as the irreversible risks associated with mishandling personal information. Additionally, the event highlights the increasing need for clear legislative guidance regarding the retention of AI data, the transparency of model training, and the right to consent for users.

The incident emphasizes the importance of digital vigilance for citizens: they should maintain safe online practices, use strong authentication methods, and be aware of where and how their data is shared with the outside world. While the state government has taken quick measures to contain the impact, the broader lesson is unmistakable — that, in today’s interconnected digital world, there is a responsibility for safeguarding personal information that must evolve at the same rate as the technology that threatens it.
Read more »
Discord user data leak
Data Breach Discord Discord age verification Discord government ID hack Discord security incident Discord user data leak

Discord Data Breach Exposes User IDs Linked to Age Verification Appeals Amid Rising Privacy Concerns

 

Discord has confirmed that one of its third-party customer support providers experienced a security breach, resulting in the unauthorized access of some user data — including government-issued IDs.

The incident has reignited concerns about age verification laws across regions such as the UK, US, and the EU, where many users have turned to VPNs to avoid sharing sensitive information due to cybersecurity risks.

Cybersecurity experts have long warned that collecting personal data like government IDs is a “disaster waiting to happen,” arguing that platforms requiring such information for age checks are prime targets for hackers.

Discord’s case appears to support this warning. The company revealed that IDs accessed during the breach were submitted by users who had “appealed an age determination,” rather than those directly providing identification for verification.

The company explained that an “unauthorized party” infiltrated its third-party customer service system “to access user data, with a view to extort a financial ransom from Discord.”

The extent of compromised data varies by user, but may include:

  1. Name, Discord username, and email address
  2. Contact details and limited billing information
  3. IP address and correspondence with support agents
  4. Limited internal business data
  5. Government ID images

Discord clarified that credit card details, CCV codes, passwords, and chat messages were not affected. Users impacted by the breach will receive an official notification from noreply@discord.com
, and those whose ID images were accessed will be explicitly informed.

After discovering the incident, Discord revoked the vendor’s access to its ticketing system, initiated an internal investigation, and alerted law enforcement. The platform also reviewed and strengthened its security and monitoring systems for third-party partners.

Discord has urged affected users to “stay alert when receiving messages or other communication that may seem suspicious.”

The breach underscores the potential privacy risks tied to age verification laws, as the compromise of ID information demonstrates how easily sensitive data can become vulnerable. Although the stolen IDs were not taken from a dedicated age verification provider, the situation highlights the inherent dangers of sharing personal data with third-party services.

Critics maintain that users should not have to submit personal documents to access online platforms. While the laws aim to protect minors from harmful online content, privacy advocates suggest more secure alternatives exist.

Laura Tyrylyte, a privacy advocate at NordVPN, stated that “device-level controls are the most effective way to manage children's internet access,” citing parental control tools as examples that allow parents to block certain apps, set age limits, and manage downloads.

The UK’s Online Safety Act, implemented in July 2025, mandated nationwide age verification, which led to a surge in VPN usage as users sought to bypass the restrictions. In the US, 24 states have already enacted similar laws, with more expected to follow soon.
Read more »
Payment Data
Data Breach Discord Email address Passwords Payment Data

Discord confirms third-party support breach; some users’ ID photos, support messages and limited payment details were accessed

 



Discord, the popular communication platform used by millions worldwide, has confirmed a data breach that compromised the systems of one of its third-party customer support providers. The incident, which occurred on September 20, 2025, allowed an unauthorized individual to gain access to a database containing user information linked to customer support interactions. Discord disclosed the breach in an official statement released on October 3, assuring users that the attack did not target its internal servers or primary infrastructure.

According to the company, the attacker infiltrated a third-party vendor that managed certain customer service functions on behalf of Discord. Once discovered, Discord immediately revoked the vendor’s access, launched an internal review, and appointed an external cybersecurity firm to conduct a forensic investigation. Law enforcement authorities have also been notified, and Discord says that the investigation remains ongoing.


Details of Compromised Information

Discord confirmed that the breach involved data submitted through customer support or Trust & Safety tickets. This included users’ names, email addresses, Discord usernames, IP addresses, and any messages or attachments exchanged with support representatives.

In addition, a limited amount of payment-related data was exposed. This information was restricted to payment type, purchase history, and the last four digits of credit card numbers. Full credit card numbers, security codes, passwords, and account authentication data were not accessed.

In a smaller subset of cases, images of government-issued identification, such as driver’s licenses or passports, were also accessed. These documents were typically submitted by users appealing age-verification decisions or account restrictions. Discord stated that approximately 70,000 accounts may have been affected in this way.


Ongoing Investigation and Conflicting Claims

While Discord has provided official figures, several online reports have circulated with conflicting claims regarding the size and nature of the data stolen. Some threat actors have claimed responsibility for the breach, while others have denied involvement, and certain forums have reported exaggerated data volumes. Discord has cautioned users to approach such claims with skepticism, describing them as part of an extortion attempt aimed at pressuring the company into paying a ransom.

The identity of the compromised vendor has also been discussed in several reports. Discord named the third-party service provider involved in its statement, while other publications have mentioned companies such as Zendesk and 5CA in connection to the breach. However, details about the vendor’s technical infrastructure and the exact attack vector remain under forensic examination.


What Affected Users Should Do

Discord has contacted users whose information was affected, sending official notification emails that include the corresponding support ticket numbers. Those who received this communication are advised to follow the instructions in the email and verify which data may have been accessed.

Users who did not receive a message from Discord are believed to be unaffected. However, all users are urged to stay vigilant by monitoring bank statements for unauthorized activity, avoiding suspicious links or phishing emails, and reporting any unusual behavior through Discord’s official support channels. The company also recommends enabling multi-factor authentication to strengthen account security.

This incident underlines a broader cybersecurity challenge that many organizations face: third-party vulnerabilities. Even when a company’s internal systems are well protected, outsourced vendors handling sensitive user data can become weak points in the security chain.

Cybersecurity experts note that such breaches highlight the need for stricter vendor management, including routine audits, limited data retention policies, and well-defined access controls. Companies must ensure that external partners uphold the same data protection standards expected within their own infrastructure.


Discord’s Response

Discord stated that it remains committed to protecting user privacy and maintaining transparency as the investigation continues. The company is working closely with forensic specialists to identify the extent of the exposure and prevent similar incidents in the future.

The breach serves as a reminder for users to remain cautious online and for organizations to constantly evaluate their digital supply chains. As investigations continue, Discord has emphasized that no action is required from users who have not received a notification, but heightened awareness remains essential for all.



Read more »
Ransomware attack
Data Breach Data Theft DCS J Group Ransomware attack

Ransomware Gang Claims Boeing, Samsung Supplier Breach in 11GB Data Theft

 

A ransomware group named J GROUP claims to have breached Dimensional Control Systems (DCS), stealing 11GB of sensitive data, including proprietary software architecture, client metadata, and internal security procedures. 

DCS, a Michigan-based provider of dimensional engineering software, serves major clients such as Boeing, Samsung, Siemens, and Volkswagen across aerospace, automotive, and electronics sectors.

Alleged data exposure

J GROUP published sample files on its leak site to substantiate the attack, comprising a text file and a compressed folder containing documents with employee names and expense reports. Cybernews researchers analyzed the samples but could not verify their authenticity, cautioning that cybercriminals often reuse data from past breaches to falsely support new extortion claims.

Company response and risks

As of the report, DCS has neither confirmed nor denied the breach, maintaining public silence. Local media outlets in Michigan contacted the company for comment but received no response. 

If the breach is confirmed, it could lead to severe consequences, including intellectual property theft, supply chain vulnerabilities, exposure of client data, and regulatory repercussions. The incident may also damage DCS’s reputation, eroding client trust and questioning its technical and security reliability.

Rising threat 

This incident aligns with a growing trend of ransomware attacks targeting third-party vendors to access high-value industrial clients. Previous attacks on firms like Nissan and Dell highlight similar tactics, where threat actors exploit service providers to infiltrate larger organizations. 

The alleged breach underscores the need for stringent cybersecurity measures across extended supply chains, particularly in manufacturing and engineering sectors reliant on specialized software. 

Organizations are urged to audit vendor security protocols and enhance monitoring for early threat detection. The situation remains ongoing, with no official statement from DCS as of publication.
Read more »
Payroll Company
Data Breach Email Hackers HR MFA Microsoft Payroll Company

Payroll Hackers Target U.S. Universities, Microsoft Warns

 



Microsoft researchers have surfaced a new phishing campaign where cybercriminals are stealing university employees’ salaries by redirecting their payroll deposits to accounts under their control. The group behind the attacks has been named “Storm-2657” by Microsoft.

The hackers have been carrying out these attacks since March 2025, targeting staff at multiple U.S. universities and organizations that use third-party HR and payroll platforms, including Workday.

According to Microsoft’s report, at least 11 employee accounts across three universities were compromised and later used to send phishing emails to nearly 6,000 individuals in 25 universities. The scale of the attack suggests a coordinated attempt to infiltrate university payroll systems through deception and stolen credentials.


How the Attack Works

The attackers send phishing emails that appear to come from legitimate university sources or human resources departments. These emails often carry urgent subjects like “COVID-Like Case Reported — Check Your Contact Status” or “Faculty Compliance Notice – Classroom Misconduct Report.”

When recipients click on the embedded links, they are redirected to fake login pages designed to steal their login details and multifactor authentication (MFA) codes. With these details, the hackers gain full access to the victim’s Workday or HR accounts.

Once inside, the criminals create inbox rules that automatically delete emails from Workday, particularly notifications about payroll or bank account changes, ensuring victims remain unaware of any tampering. They also register their own devices for MFA, allowing them to retain access even if the victim later changes their password.

This enables the attackers to quietly change the employee’s bank account information, diverting salary payments into accounts they control.


Broader Pattern of Business Email Compromise

Experts classify this as a variant of Business Email Compromise (BEC), a fraud method where attackers infiltrate or impersonate legitimate business accounts to redirect payments or steal sensitive data.

According to the FBI’s 2024 Internet Crime Report, BEC scams caused over $2 billion in losses last year alone. Many victims include corporations, suppliers, and even schools that handle large financial transactions through wire transfers or automated clearing house (ACH) systems.

In one notable 2024 case, cybercriminals stole $60 million from a major carbon products supplier, while a Tennessee school district also lost millions through similar fraudulent transfers.


Microsoft and Workday Respond

Microsoft said it has alerted affected institutions and shared recommendations to contain the threat. The company advised organizations to adopt phishing-resistant MFA options, monitor for suspicious inbox rules, and require extra verification for any changes to payroll details.

A Workday spokesperson also encouraged clients to strengthen their MFA policies and implement additional review steps before processing sensitive updates like salary or banking information.


Protecting Employees and Institutions

Cybersecurity experts emphasize the importance of employee awareness and vigilant reporting. Staff should avoid clicking on unsolicited HR emails and instead confirm any urgent requests directly with their university’s payroll or IT department.

With education institutions increasingly targeted by financially motivated hackers, proactive defenses and real-time verification remain the most effective safeguards against salary diversion scams.



Read more »
Workplace Compliance
AI governance Corporate Security cybersecurity risk Data Breach Data Privacy Generative AI Information Protection Shadow AI Workplace Compliance

Unauthorized Use of AI Tools by Employees Exposes Sensitive Corporate Data


 

Artificial intelligence has rapidly revolutionised the modern workplace, creating both unprecedented opportunities and presenting complex challenges at the same time. Despite the fact that AI was initially conceived to improve productivity, it has quickly evolved into a transformational force that has changed the way employees think, work, and communicate. 

Despite the rapid rise in technology, many organisations are still ill-prepared to deal with the unchecked use of artificial intelligence. With the advent of generative AI, which can produce text, images, videos, and audio in a variety of ways, employees have increasingly adopted it for drafting emails, preparing reports, analysing data, and even creating creative content. 

The ability of advanced language models, which have been trained based on vast datasets, to mimic the language of humans with remarkable fluency can enable workers to perform tasks that once took hours to complete. According to some surveys, a majority of American employees rely on AI tools, often without formal approval or oversight, which are freely accessible with a little more than an email address to use. 

Platforms such as ChatGPT, where all you need is an email address if you wish to use the tool, are inspiring examples of this fast-growing trend. Nonetheless, this widespread use of unregulated artificial intelligence tools raises many concerns about privacy, data protection, and corporate governance—a concern employers must address with clear policies, robust safeguards, and a better understanding of the evolving digital landscape to prevent these concerns from becoming unfounded. 

Cybernews has recently found out that the surge in unapproved AI use in the workplace is a concerning phenomenon. While digital risks are on the rise, a staggering 75 per cent of employees who use so-called “shadow artificial intelligence” tools admit to having shared sensitive or confidential information through them.

Information that could easily compromise their organisations. However, what is more troubling is that the trend is not restricted to junior staff; it is actually a trend led by the leadership at the organisation. With approximately 93 per cent of executives and senior managers admitting to using unauthorised AI tools, it is clear that executives and senior managers are the most frequent users. Management accounts for 73 per cent, followed by professionals who account for 62 per cent. 

In other words, it seems that unauthorised AI tools are not isolated, but rather a systemic problem. In addition to employee records and customer information, internal documents, financial and legal records, and proprietary code, these categories of sensitive information are among the most commonly exposed categories, each of which can lead to serious security breaches each of which has the potential to be a major vulnerability. 

However, despite nearly nine out of ten workers admitting that utilising AI entails significant risks, this continues to happen. It has been found that 64 per cent of respondents recognise the possibility of data leaks as a result of unapproved artificial intelligence tools, and more than half say they will stop using those tools if such a situation occurs. However, proactive measures remain rare in the industry. As a result, there is a growing disconnect between awareness and action in corporate data governance, one that could have profound consequences if not addressed. 

There is also an interesting paradox within corporate hierarchies revealed by the survey: even though senior management is often responsible for setting data governance standards, they are the most frequent infringers on those standards. According to a recent study, 93 per cent of executives and senior managers use unapproved AI tools, outpacing all other job levels by a wide margin.

There is also a significant increase in engagement with unauthorised platforms by managers and team leaders, who are responsible for ensuring compliance and modelling best practices within the organisation. This pattern, researchers suggest, reflects a worrying disconnect between policy enforcement and actual behaviour, one that erodes accountability from the top down. Žilvinas GirÄ—nas, head of product at Nexos.ai, warns that the implications of such unchecked behaviour extend far beyond simple misuse. 

The truth is that it is impossible to determine where sensitive data will end up if it is pasted into unapproved AI tools. "It might be stored, used to train another model, exposed in logs, or even sold to third parties," he explained. It could be possible to slip confidential contracts, customer details, or internal records quietly into external systems without detection through such actions, he added.

A study conducted by IBM underscores the seriousness of this issue by estimating that shadow artificial intelligence can result in an average data breach cost of up to $670,000, an expense that few companies are able to afford. Even so, the Cybernews study found that almost one out of four employers does not have formal policies in place governing artificial intelligence use in the workplace. 

Experts believe that awareness alone will not be enough to prevent these risks from occurring. As Sabeckis noted, “It would be a shame if the only way to stop employees from using unapproved AI tools was through the hard lesson of a data breach. For many companies, even a single breach can be catastrophic. GirÄ—nas echoed this sentiment, emphasising that shadow AI “thrives in silence” when leadership fails to act decisively. 

The speaker warned that employees will continue to rely on whatever tools seem convenient to them if clear guidelines and sanctioned alternatives are not provided, leading to efficiency shortcuts becoming potential security breaches without clear guidelines and sanctioned alternatives. Experts emphasise that organisations must adopt comprehensive internal governance strategies to mitigate the growing risks associated with the use of unregulated artificial intelligence, beyond technical safeguards. 

There are a number of factors that go into establishing a well-structured artificial intelligence framework, including establishing a formal AI policy. This policy should clearly state the acceptable uses for AI, prohibit the unauthorised download of free AI tools, and limit the sharing of personal, proprietary, and confidential information through these platforms. 

Businesses are also advised to revise and update existing IT, network security, and procurement policies in order to keep up with the rapidly changing AI environment. Additionally, proactive employee engagement continues to be a crucial part of addressing AI-related risks. Training programs can provide workers with the information and skills needed to understand potential risks, identify sensitive information, and follow best practices for safe, responsible use of AI. 

Also essential is the development of a robust data classification strategy that enables employees to recognise and handle confidential or sensitive information before interacting with AI systems in a proper manner. 

The implementation of formal authorisation processes for AI tools may also benefit organisations by limiting access to the tools to qualified personnel, along with documentation protocols that document inputs and outputs so that compliance and intellectual property issues can be tracked. Further safeguarding the reputation of your brand can be accomplished by periodic reviews of AI-generated content for bias, accuracy, and appropriateness. 

By continuously monitoring AI tools, including reviewing their evolving terms of service, organisations can ensure ongoing compliance with their company's standards, as well. Finally, it is important to put in place a clearly defined incident response plan, which includes designated points of contact for potential data exposure or misuse. This will help organisations respond more quickly to any AI-related incident. 

Combined, these measures represent a significant step forward in the adoption of structured, responsible artificial intelligence that balances innovation and accountability. Although internal governance is the cornerstone of responsible AI usage, external partnerships and vendor relationships are equally important when it comes to protecting organisational data. 

According to experts, organisation leaders need to be vigilant not just about internal compliance, but also about third-party contracts and data processing agreements. Data privacy, retention, and usage provisions should be explicitly included in any agreement with an external AI provider. These provisions are meant to protect confidential information from being exploited or stored in ways that are outside of the intended use of the information.

Business leaders, particularly CEOs and senior executives, must examine vendor agreements carefully in order to ensure that they are aligned with international data protection frameworks, such as the General Data Protection Regulation and California Consumer Privacy Act (CCPA). In order to improve their overall security posture, organisations can ensure that sensitive data is handled with the same rigour and integrity as their internal privacy standards by incorporating these safeguards into the contract terms. 

In the current state of artificial intelligence, which has been redefining the limits of workplace efficiency, its responsible integration has become an important factor in enhancing organisational trust and resilience as it continues to redefine the boundaries of workplace efficiency. Getting AI to work effectively in business requires not only innovation but also a mature set of governance frameworks that accompany its use. 

Companies that adopt a proactive approach, such as by enforcing clear internal policies, establishing transparency with vendors, and cultivating a culture of accountability, will be able to gain more than simply security. They will also gain credibility with clients and employees, as well as regulators. Although internal governance is the cornerstone of responsible AI usage, external partnerships and vendor relationships are equally important when it comes to protecting organisational data. 

According to experts, organisation leaders need to be vigilant not just about internal compliance, but also about third-party contracts and data processing agreements. Data privacy, retention, and usage provisions should be explicitly included in any agreement with an external AI provider. 

These provisions are meant to protect confidential information from being exploited or stored in ways that are outside of the intended use of the information. Business leaders, particularly CEOs and senior executives, must examine vendor agreements carefully in order to ensure that they are aligned with international data protection frameworks, such as the General Data Protection Regulation and California Consumer Privacy Act (CCPA). 

In order to improve their overall security posture, organisations can ensure that sensitive data is handled with the same rigour and integrity as their internal privacy standards by incorporating these safeguards into the contract terms. In the current state of artificial intelligence, which has been redefining the limits of workplace efficiency, its responsible integration has become an important factor in enhancing organisational trust and resilience as it continues to redefine the boundaries of workplace efficiency. 

Getting AI to work effectively in business requires not only innovation but also a mature set of governance frameworks that accompany its use. Companies that adopt a proactive approach, such as by enforcing clear internal policies, establishing transparency with vendors, and cultivating a culture of accountability, will be able to gain more than simply security. They will also gain credibility with clients and employees, as well as regulators.

In addition to ensuring compliance, responsible AI adoption can improve operational efficiency, increase employee confidence, and strengthen brand loyalty in an increasingly data-conscious market. According to experts, artificial intelligence should not be viewed merely as a risk to be controlled, but as a powerful tool to be harnessed under strong ethical and strategic guidelines. 

It is becoming increasingly apparent that in today's business climate, every prompt, every dataset can potentially create a vulnerability, so organisations that thrive will be those that integrate technological ambition with a disciplined governance framework - trying to transform AI from being a source of uncertainty to being a tool for innovation that is as sustainable and secure as possible.
Read more »
Personal Data
Data Breach Data Exposure Data Leak data security leaked sensitive data Malware. Scattered Spider online crimes Telstra Personal Data

Telstra Denies Scattered Spider Data Breach Claims Amid Ransom Threats

 

Telstra, one of Australia’s leading telecommunications companies, has denied claims made by the hacker group Scattered Spider that it suffered a massive data breach compromising nearly 19 million personal records. The company issued a statement clarifying that its internal systems remain secure and that the data in question was scraped from publicly available sources rather than stolen. In a post on X (formerly Twitter), Telstra emphasized that no passwords, banking details, or sensitive identification data such as driver’s licenses or Medicare numbers were included in the dataset. 

The claims originated from a dark web post published on October 3 by a group calling itself Scattered Lapsus$ Hunters, an offshoot of Scattered Spider. The group alleged it had stolen more than 100GB of personally identifiable information, including names and physical addresses, and warned that company executives should negotiate to avoid further data exposure. The attackers claimed the alleged breach took place in July 2023 and threatened to release the data publicly if a ransom was not paid by October 13, 2025. They also asserted possession of over 16 million records contained in a file named telstra.sql, which they said was part of a larger collection of 19 million records. 

In a surprising twist, the ransom note also mentioned Salesforce, the global cloud computing company, demanding negotiations begin with its executives. Salesforce swiftly rejected the demand, issuing a statement on October 8 declaring that it “will not engage, negotiate with, or pay any extortion demand,” aligning with global cybersecurity guidelines that discourage ransom payments. 

Scattered Lapsus$ Hunters has made similar claims about breaches involving several major corporations, including Qantas, IKEA, and Google AdSense. Cybersecurity intelligence platforms like Cyble Vision have documented multiple previous instances of alleged Telstra data breaches, some dating back to 2022. In one notable case, a threat actor called UnicornLover67 claimed to possess a dataset containing over 47,000 Telstra employee records, including email addresses and hashed passwords. Telstra has previously confirmed smaller breaches linked to third-party service providers, most recently in 2022, affecting around 132,000 customers. 

However, cybersecurity analysts remain uncertain whether the current claims represent a fresh breach or a recycling of old data. Experts suggest that previously leaked or publicly available datasets may have been repurposed to appear as new evidence of compromise. This possibility aligns with Telstra’s statement that no recent intrusion has occurred. 

The investigation into the alleged breach remains ongoing as the ransom deadline approaches. While Telstra continues to assert that its systems are uncompromised, the persistence of repeated breach claims underscores the growing challenge of misinformation and data reuse in the cybercrime landscape. The Cyber Express has reached out to Telstra for further updates and will continue to monitor the situation as new details emerge.
Read more »
Motility Software Solutions ransomware attack
Data Breach data breach 2025 dealership software data leak DMS provider cyberattack Motility Software Solutions ransomware attack

Ransomware Attack on Motility Software Solutions Exposes Data of 766,000 Customers

 


Motility Software Solutions, a leading U.S.-based provider of dealer management software (DMS), has confirmed a ransomware attack that compromised the personal data of approximately 766,000 customers.

The company, previously known as Systems 2000 (Sys2K), serves over 7,000 dealerships across the automotive, marine, powersports, heavy-duty, and RV retail industries. Its suite of software tools supports operations such as CRM, sales, accounting, inventory tracking, fleet management, rentals, and mobile dashboard access.

According to a data breach notification filed with the Office of the Maine Attorney General, the cyberattack occurred on August 19, 2025. During the incident, hackers infiltrated Motility’s systems, stole sensitive data, and later encrypted parts of its servers to disrupt operations.

“On or about August 19, 2025, we detected unusual activity within certain computer servers that support our business operations,” the notification to affected users stated. “An investigation determined that an unauthorized actor deployed malware that encrypted a portion of our systems.”

Motility revealed that forensic analysis suggests the attackers may have exfiltrated limited customer data before encryption. The information potentially exposed varies by individual and may include:

  • Full name

  • Physical address

  • Email address

  • Phone number

  • Date of birth

  • Social Security number (SSN)

  • Driver’s license number

Following the incident, the company initiated an internal investigation, enhanced its cybersecurity defenses, and restored affected systems using backups. While it remains unclear whether Motility communicated with the attackers, the company has implemented dark web monitoring to detect any leaks of stolen data online.

Currently, no ransomware group has claimed responsibility for the breach. Motility stated that there is no evidence of data misuse at this time but encouraged customers to remain vigilant and take protective steps such as credit monitoring, fraud alerts, and credit freezes.

As part of its response, Motility is offering one year of free identity monitoring through LifeLock, with enrollment available until December 19, 2025, using a personalized activation code.

Read more »
Subscribe to: Comments (Atom)