Search This Blog

Showing posts with label User Data. Show all posts

How Does Increased User Privacy Alter Mobile Advertisement Set-up?

Since Apple came up with its ATT privacy framework in order to garner users' control over their data, tech businesses are facing challenges over making tradeoffs to adapt to the new data restrictions, while still maintaining their growth objectives. 

While mobile advertisements would no longer be able to target iOS users via their personal IDs, who certainly did not consent to be tracked, there are numerous different alternative ways at their disposal - such as contextual signals and probabilistic attribution – to aid in targeting quality potential customers across the mobile ecosystem. 

Given that the Identifier for Advertisers has been deprecated, in-app advertising may appear to be less effective (IDFA). However, with adequate data, tactics, and partners, it is not only still a feasible growth strategy but also a crucial one. 

Changes Made After iOS 14.5 

Under the new privacy restrictions introduced by Apple, app advertisers can no longer rely on the IDFA to provide them with device-level user data in order to pursue iOS device users with relevant advertisements. 

Since advertisers can no longer track users’ activities across apps on iOS, such as clicks, downloads, and conversions, advertisers are less able to measure the efficacy of their ads and use that data to manage their campaigns and ad budgets. 

Performance Marketing is Different, Not Worse 

With iOS 14.5, while advertisers would not be able to access device ID data, they can still utilize contextual signals in order to show ads to a quality audience. 

Contextual signals are the privacy-induced data points that transmit significant information regarding an ad opportunity, such as location device type, and information about the environment in which an ad is shown (i.e. characteristics of an app or website). 

With this kind of data, advertisers may use contextual targeting to precisely estimate the possibility that a user would interact with an advertisement by matching an ad to an impression opportunity. They can then decide how much to bid for each impression. 

Since users are automatically opted out of IDFA tracking, advertisers will no longer be able to access device IDs in order to access data on how a user interacts with the ad, nor target audience one-on-one based on their in-app activities. Instead, machine learning models are utilizing new contextual signals to effectively predict user response. 

New Data, New Competitive Landscape 

Contextual data can further be combined with other metrics. For Example, the number of interactions with a certain ad element reveals which aspect of the creative is most effective. Of course, this is not as accurate as using the IDFA, but thanks to advancements in machine learning (ML) technology, it is now able to absorb these signals and forecast the value of each ad impression in real-time with a level of accuracy that is almost on par with device ID-powered advertising. 

Moreover, the competitive landscape of mobile advertising is more level than it has ever been. In recent times, all tech giants (such as Facebook and Google) have limited information about their users than before. This has eventually compressed the space, and niche players with specialized historical ML models and more active algorithms compete with the tech giants. 

For the given reason, the marketing platforms that continue to make investments in enhancing the effectiveness of their models by including more predictive signals have experienced the most success in the wake of the deprecation of the IDFA. 

Through more effective bidding, lower CPIs, improved user quality, and eventually higher ROAS for their advertisers, it will be possible to continuously train models to boost their prediction accuracy.  

Norton LifeLock Issues a Warning for Password Manager Account Breach


Customers of Norton LifeLock have been the victims of a credential-stuffing attack. In accordance with the company, cyberattackers utilised a third-party list of stolen username and password combinations to attempt to hack into Norton accounts and possibly password managers. 

Gen Digital, the LifeLock brand's owner, is mailing data-breach notifications to customers, mentioning that the activity was detected on December 12 when its IDS systems detected "an unusually high number of failed logins" on Norton accounts. According to the company, after a 10-day investigation, the activity dates back to December 1. 

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers had access to names, phone numbers, and mailing addresses from any Norton account. And it added, "we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password." 

Those "details" are, of course, the strong passwords generated for any online services used by the victim, such as corporate logins, online banking, tax filing, messaging apps, e-commerce sites, and so on.

Threat actors utilize a list of logins acquired from another source — such as purchasing cracked account information on the Dark Web — to try against new accounts, hoping that users have repurposed their email addresses and passwords across multiple services. As a result, the irony of the Norton incident is not lost on Roger Grimes, KnowBe4's data-driven defense evangelist.

"If I understand the reported facts, the irony is that the victimized users would have probably been protected if they had used their involved password manager to create strong passwords on their Norton login account. Password managers create strong, perfectly random passwords that are essentially unguessable and uncrackable. The attack here seems to be that users self-created and used weak passwords to protect their Norton logon account that also protected their Norton password manager," he stated via email.

Identity and access management systems have recently been attacked by attackers, as a single compromise can unlock a veritable treasure trove of information across high-value accounts for attackers, not to mention a variety of enterprise pivot points for moving deeper into networks.

LastPass, for example, was targeted in August 2022 through an impersonation attack in which cyber attackers breached its development environment and stole source code and customer data. A follow-up attack on a cloud storage bucket utilized by the company occurred last month.

In March of last year, Okta revealed that cyberattackers had used a third-party customer support engineer's system to obtain access to an Okta back-end administrative panel used for customer management, among other things. There were approximately 366 customers affected, with two actual data breaches occurring.

Why are Passwords Phasing Out in 2023? Here's Everything You Need to Know


You are not alone if you dislike using passwords. Passwords are inconvenient, forgettable, and often not the best security solution for most of us. The best part is that passwords are likely to become obsolete. Passwords will be phased out for a few websites by 2023. 

Why are passwords becoming outdated? Eventually, a password-free future will become a reality. IT managers and security professionals have long sought better password authentication alternatives. Here are some of the reasons why:

Weak Security

Passwords are vulnerable to dictionary attacks, brute-force attacks, and other standard password-hacking techniques. Even if you use good password practices and create super-strong passwords, you could be a victim of a social engineering attack.

You may forget your master password if you utilize a password manager. In such a situation, gaining access to saved passwords can be extremely difficult. The sale of stolen passwords on the dark web demonstrates that passwords are not a secure authentication method.

High Cost

Password creation, entry, and reset all take time. As a result, using passwords as an authentication method costs money. According to a Yubico-sponsored study, an average user spends 10.9 hours per year setting, entering, and resetting passwords. Users might be surprised to learn that password-related activities cost large corporations an average of $5.2 million per year.

Inadequate User Experience

Most of us dislike creating strong passwords, remembering them, and entering them each time we access a device or account. This is why the majority of users despise passwords. Worse, because people must remember passwords, we tend to create weak ones. Utilizing a password manager makes managing passwords easier. However, not everyone wants to use a password manager to manage their passwords.  

What Is Replacing Passwords?

If you're thinking about passwordless authentication for your company or just browsing the web and wondering how you will get into your accounts, the following options are becoming more popular.

Authentication with Multiple Factors

To verify your identity, multi-factor authentication (MFA) requires more than one factor or element. Passwords are frequently replaced with PINs or OTPs in the multi-factor authentication method. Other methods include biometrics, codes on authenticator apps, codes in emails, and so on.

With so many passwordless authentication tools available, you can easily implement MFA in your company. MFA can be secure, but you should be aware of MFA fatigue attacks to be on the safe side.

Behavioral recognition

Behavioral recognition takes into account multiple data points to generate a score that determines whether or not to trust a user to grant access to a device/resource. Keystroke dynamics, gait recognition, voice ID, mouse, and touch use characteristics, and location behavior are examples of data collected and analyzed in the behavioral authentication method.

Cards and Pins

Smart cards and pins provide a secure authentication method for creating, storing, and operating cryptographic keys. Smart cards, card readers, and authentication software programs are used in the smart card authentication method.

A smart card stores your public credentials as well as a personal identification number (PIN), which serves as the secret key for authentication. To gain access to a device/resource, you must insert your smart card into the card reader and enter your PIN.

The Advantages of Passwordless Authentication:

The following are the primary advantages of passwordless authentication:

Improved Cybersecurity

Passwordless authentication protects against password-related cyberattacks like brute force and dictionary attacks. Furthermore, passwordless authentication methods are frequently resistant to phishing. This is because users will not send any login credentials to a hacker via email or text. As a result, implementing passwordless authentication can help your company's cybersecurity.

Supply Chain Security Enhancement

Many supply chain attacks make use of stolen credentials and passwords. By removing passwords from your organization, you can guarantee that your digital assets are safe from supply chain attacks.

Cost-cutting measures

Passwordless logins can lower your company's operating costs over time because users don't have to spend time creating, entering, and managing passwords.

What's Next?

Passwordless logins are becoming more popular. Apple, Google, and Microsoft have joined forces to expand support for the FIDO Alliance and World Wide Web Consortium's passwordless sign-in standard.

Humans are the weakest link in cybersecurity. This explains why phishing and social engineering attacks are so effective. Password theft, password cracking, and credential theft can all be reduced by implementing passwordless authentication.

Why Improving Cybersecurity is Crucial for Reducing the Danger of a Data Leak in 2023?


Since performing national security-related business through personal devices and email accounts, members of the UK government have run the risk of operating in "wild west" conditions, according to intelligence analysts and former government officials. Unsettlingly, it has been reported that foreign operatives have hacked into some of these unencrypted connections. All organisations, whether in the public or private sector, face the same risks when conducting sensitive business in this manner, despite the fact that the stakes are quite high for government and public officials. In fact, there are considerable gaps that need to be filled in by 2023, including poor cyber hygiene and business-wide cybersecurity procedures that put firms at danger of data breaches.

One of the most important security issues of the present is data leaks. However, a lot of businesses fall short in protecting the data of their staff members and preparing them for cyber dangers. In reality, our own research revealed that 54% of employees are not regularly obliged to complete cybersecurity training, and nearly 57% of respondents acknowledged using a work-issued device for personal use in the previous year. Additionally, many employees report losing or breaking their gadgets, which are frequently used to authenticate corporate business accounts.

Additionally, the majority of employees continue to use the simplest kinds of authentication as their main way for logging into their accounts, despite the fact that these methods have been shown to be useless against the modern world's most popular credential-stealing strategies. For instance, passwords are the least effective technique of protecting online data since they are vulnerable to frauds like phishing, password spraying, and man in the middle (MitM) assaults. In order to safeguard accounts without using the conventional username and password combination, an increasing number of businesses (as well as individuals) are moving toward passwordless authentication.

Providing phishing-resistant multi- or two-factor authentication (MFA/2FA) access to business apps across corporate-issued and personal devices is crucial in the era of hybrid and remote working. Adopting MFA/2FA solutions adds an additional layer of security by requiring a user to provide two or more forms of identity verification before granting access. But not all MFA/2FA applications are created equal.

Consider moving toward passwordless and implementing strong 2FA/MFA as more current, reliable authentication methods that also provide a better user experience are needed by organizations. For instance, the FIDO Alliance's open FIDO2 authentication standard provides more contemporary authentication alternatives, such as strong single factor (passwordless), strong two-factor, and multi-factor authentication. 

The most recent set of digital authentication standards, FIDO2, is essential for overcoming problems with traditional authentication and doing away with the widespread usage of passwords. It enables users to quickly authenticate via devices with built-in security capabilities to access their digital information, such as fingerprint readers, smartphone cameras, or hardware-based security keys. These contemporary solutions, which are user-friendly and close the gap between internal and external user authentication, have been shown to be the most efficient business-wide cybersecurity options. In reality, the US government and standards bodies both require the use of FIDO2 Security Keys, which are recognized as the industry standard for phishing-resistant authentication.

Importance of education and communication

To ensure they can recognize frauds and defend against some attacks on their own, today's workers are becoming more and more aware of the need for stronger cybersecurity policies and training. Staff members who aren't given cybersecurity training aren't equipped with the knowledge they need to practice good cyber hygiene and respond to risks when they do occur. Therefore, in order to effectively minimize the growth in data breaches and other cyberattacks, UK organizations must also mandate current and continuous cyber training to all workers in addition to implementing stronger, phishing-resistant authentication. It's crucial to outline the benefits of any new authentication procedures and other processes to employees when discussing security changes, emphasizing both their simplicity of use and the benefits of increased security.

Organizations can only be sure they are safeguarding themselves against today's increasingly sophisticated cyber threats through extensive training, planning, and implementation of effective cybersecurity, together with cutting-edge authentication solutions.

Twitter Data Breach: Hacker Posted List of Hacked Data of 400M Users


One of the biggest Twitter data breaches has resulted in the selling of 400 million Twitter users' personal information on the dark web. The news was released just one day after the Irish Data Protection Commission (DPC) said that it was looking into a prior Twitter data leak that affected more than 5.4 million users, according to CyberExpress. 

In late November, the previous breach was discovered. The hacker released a sample of the data on one of the hacker sites as evidence that the data is real. Email, username, follower count, creation date, and, in some situations, the users' phone numbers are all included in the sample data.

What's shocking is that the hacker's sample data includes information from some pretty well-known user accounts. The user data in the sample data includes the following:

  • Alexandria Ocasio-Cortez
  • SpaceX
  • CBS Media
  • Donald Trump Jr.
  • Doja Cat
  • Charlie Puth
  • Sundar Pichai
  • Salman Khan
  • NASA's JWST account
  • NBA
  • Ministry of Information and Broadcasting, India
  • Shawn Mendes
  • Social Media of WHO

The sample data includes the data of many more well-known users. The majority of them will point to the social media staff, but if the data leak is real, it will be disastrous. While other threat actors have not verified the data yet, Alon Gal in his LinkedIn post states that "The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta."

Meanwhile, In his post, the hacker writes, "Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively."

The hacker states he is open to the 'Deal' going through a middle man and further stated, "After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash."

LastPass: Hackers Stole Customers’ Password Vaults, Breach Worse Than Initially Thought


This past August witnessed a breach at LastPass, one of the most well-known password manager services available. The harm caused by the unidentified hackers is significantly worse than was initially believed, according to the company. Passwords should be changed immediately by users. LastPass stated that "only" the company's source code and confidential information were compromised in the initial report on the data breach event that was detected in August. 

Passwords and user information remained clean and secure. The hostile actors were able to access some users' data as well, according to a subsequent security notification on the same issue. The hat in black According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. 

By copying a backup that contained "basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," they were able to further undermine the platform's security.

The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secure notes, and data entered into forms.

According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. By copying a backup that contained "basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," they were able to further undermine the platform's security.

The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secure notes, and data entered into forms.

Since they were created using a 256-bit AES-based encryption algorithm and "can only be decrypted with a unique encryption key derived from each user's master password using our Zero Knowledge architecture," the encrypted fields "remain secure," according to LastPass, even when in the hands of cybercriminals. Zero Knowledge signifies that LastPass is unaware of the master password required to unlock the data, and that the decryption process itself is always carried out locally, never online.

LastPass partially stores credit card information in a different cloud environment. Furthermore, there are currently no signs that such data has been accessed. All things considered, LastPass is attempting to convey the idea that users' encrypted data should still be protected in spite of the extensive breach of the company's technology.

However, that doesn't mean there aren't any risks or dangers associated with the breach. Despite the fact that the firm routinely tests "the newest password cracking tools against our algorithms to maintain pace with and improve upon our cryptographic controls," LastPass claims that a determined hostile actor might attempt to brute-force the encrypted passwords.

Additional dangers could be associated with phishing or brute-force attacks against online accounts linked to users' LastPass vaults. LastPass stated that they would never contact a user by phone, email, or text and ask them to click on a link to confirm their personal information. They also won't inquire for a vault's master password. Users of the online password manager are urged to update both their master password and every password kept in the vault as a last line of defense.

Cyberattacks on Municipalities Have Reportedly Cost Taxpayers a $379M Since 2020


The municipality of WestLake-Gladstone in Manitoba suffered a loss of over $450,000 as a result of a series of cyberattacks in December 2019 after one of its employees opened a malicious link in a phoney email. 

Saint John, New Brunswick spent $2.9 million in November 2020 updating its website after scammers gained access to the network of the municipality. In January 2021, numerous gigabytes of private information were stolen and ransomed in Durham Region, Ontario. Wasaga Beach, Ont., Midland, Ont., Stratford, and other communities have all been the target of cyberattacks in the previous four years, to name a few. Scams and fraud increased by 130% between 2020 and 2021, costing Canadians an estimated $379 million, according to the Canadian Anti-Fraud Centre (CAFC).

“Municipalities are a very good target for bad guys,” says Ali Ghorbani, a cyber security professor at the University of New Brunswick and the director of the Canadian Institute for Cyber Security.

As per Ghorbani, municipalities are appealing since they deal with financial resources that are far larger than those of an individual and frequently top millions of dollars. Through services like bylaw, permitting, and others, they also store the private information of residents. Ransomware is the most typical form of assault, according to Ghorbani. Through social engineering, which entails tricking someone into doing something or sharing sensitive information, fraudsters can enter a municipality's network.

Scams involving phishing come into this category. An email will be sent to a municipality employee from what appears to be a reliable source. There will be a link in the email. The municipal network is infected with ransomware when the employee clicks the link.

"They’re establishing admin access to the infrastructure, and then they take over the data and encrypt it so no one else can open it,” Ghorbani says.

The fraudsters then demand payment from the municipality in exchange for their promise to divulge the sensitive information. The stakes are larger, yet it's the same tactic that fraudsters use to target specific people. Through a phishing scheme, criminals in WestLake-Gladstone gained access to the municipal system and began draining bank accounts, transferring the money to Bitcoin, and making it vanish. In Saint John, scammers shut down all online services and demanded $17 million in Bitcoin to unfreeze the network. The municipality's usage of the Accellion File Transfer Appliance software, a product that sparked a massive wave of cyberattacks around the world, enabled fraudsters access to Durham Region.

These municipalities would have each had a set of cyber security guidelines, however they were unsuccessful. There are no general cyber security regulations that municipalities must abide by in Canada. The Association of Municipalities Ontario (AMO) provides guidance and highlights important security considerations in its cyber security toolkit. The level of protection, however, is up to the municipality.

For rural municipalities, this may provide difficulties. An urban area like Toronto will have a far larger budget than a municipality like WestLake-Gladstone, therefore it will have more money to spend on cyber security. Tech talent also has a tendency to migrate to positions in large cities, requiring rural governments to increase wages in order to recruit professionals. Ghorbani asserts that those fields need IT expertise.

However, this does not imply that rural administrations should not be safeguarded. Ghorbani proposes splitting the cost of hiring a cyber security expert with other nearby municipalities for municipalities with limited budgets wishing to strengthen their online defenses. To hire a specialist to remodel their IT department and ensure their infrastructure is up to date for several months, two or three neighboring municipalities may pool their resources.

Education is yet another important barrier. According to Ghorbani, municipal employees and residents can benefit much from training. They have then instructed staff to operate their system correctly. Ghorbani suggests posting education advice on the town's website and holding workshops on safety every few months to inform workers and residents.

Ghorbani stated, “Municipalities shouldn’t have the mindset that they’re small, so they’re not going to spend money on doing anything because they may not be a target. They miss the point that bad guys don’t really care. They take whatever they can. In fact, a smaller fish is more attractive to them because it’s less publicity than attacking a big fish.”

Fake Festive Scams Set to Surge as AFP Alerts of Fake Delivery Texts


The Australian Federal Police is gearing up for an uptick in the number of Australians falling victim to fake delivery scams as criminal syndicates take advantage of the Christmas shopping season. Scammers use legitimate-looking text messages to deceive people into providing personal information, which is then sold on the dark web for a profit or used to defraud victims out of thousands of dollars. 

The messages purport to be a delivery status update and encourage the recipient to click on a link to track, redirect, or collect a parcel. They may occasionally request that the recipient confirm a postal address. Scammers frequently use a technique known as "spoofing," which involves using software technology to disguise a phone number and make it appear to be from a legitimate source to impersonate businesses and popular delivery services, including Australia Post, DHL and Amazon.

When the recipient clicks on the link, they are taken to a bogus company website where they are asked to enter their personal information in order to complete the delivery. The scams are engineered to steal personal and financial information from victims and install malware on their devices, enabling criminals to access their usernames and passwords.

According to the Australian Competition and Consumer Commission, Australians will lose more than $2 billion to scams in 2021. This figure is expected to exceed $4 billion by the end of the year.

Phishing is the most common type of scam, with over 57,000 reports of suspicious calls and messages to the commission in the first ten months of this year. Criminals sought to exploit people who were stressed and less attentive in the run-up to the holiday season, according to AFP cybercrime operations commander Chris Goldsmid.

He stated that criminals used the information gained from the scams to extract money from the recipients' bank accounts, apply for loans in their name, or sell their information online to other criminals for profit.

“Scam activity, in particular, is profit-driven,” he said. “Whatever the criminals can do to monetize the information they steal from the public, they’ll do that.”

According to Goldsmid, online cybercrime services that provide "phishing kits" and other spoofing software to would-be scammers have flourished in recent years. The website, which was shut down by UK authorities as part of the "biggest ever fraud operation" in British history, offered software services to scammers for as little as $36.

Before clicking on a link, Goldsmid advised consumers to check the legitimacy of the message and look for red flags such as grammatical errors, requests for personal information, and suspicious URLs. Most delivery companies, including Australia Post and Amazon, do not call or email customers to request personal information, payment, or software installation. Unbranded web addresses and an unusual sense of urgency in messages, according to an Australia Post spokesperson, are also signs of fraudulent texts.

“We’re seeing a greater public awareness of scams and cybersecurity, however, we encourage customers to be aware of how to spot a scam,” she said.

Amazon stated that it had spent more than $900 million globally to hire an additional 12,000 workers to combat cybercrime and online fraud and that it had "zero tolerance for fraud."

 “Amazon impersonation scams put our customers at risk, and while these happen outside our stores, we will continue to invest in protecting them,” the statement read.

A DHL representative advised customers to always use the official DHL website and to avoid disclosing personal information. Those who believe they have been a victim of cybercrime should contact their bank and file a report with the Australian Cyber Security Centre online. If the scam involves Australia Post branding, please report it to

Financial Institutions are More Vulnerable to Unintentional Data Leakage


Netwrix has released additional findings from its global 2022 Cloud Security Report for the financial and banking sectors. Financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure than other industries surveyed.

Indeed, 44 percent of respondents in this sector believe their own IT staff is the greatest threat to cloud data security, while 47 percent are concerned about contractors and partners, compared to 30 percent and 36 percent, respectively, in other verticals surveyed. 
“Financial organizations experience accidental data leakage more often than companies in other verticals: 32 percent of them reported this type of security incident within the last 12 months, compared to the average of 25 percent. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organizations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed,” comments Dirk Schrader, VP of security research at Netwrix.

“Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.”

Phishing is the most common type of attack reported by all sectors. 91 percent of financial institutions, on the other hand, say they can detect phishing within minutes or hours, compared to 82 percent of respondents in other verticals.

“Even though financial organizations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated,” adds Schrader.

“To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organization and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration”.

Health Insurer Accuro: 30K Customers’ Data Potentially Leaked in a Hack


Accuro, a New Zealand health insurer, claims that a cyber hack has compromised Accuro, a New Zealand health insurer, claims that a cyber hack has compromise As per the company, there is no proof of personal health data being compromised at this time, but it cannot be ruled out. 

"Our IT provider is working with their own forensic experts and Government agencies to understand the nature and extent of the impact. We have also notified the relevant regulatory authorities including the Office of the Privacy Commissioner," Accuro said. "At this stage, we have no evidence that any Accuro data has been compromised but we cannot rule out this possibility. Our current focus is working with our IT provider to investigate and understand the situation further."

The company stated once again that it takes its obligations to safeguard customer privacy "very seriously." 

"For the time being, our systems remain offline which will impact services and we request your patience as we work towards a solution," the statement said.

The Accuro hack came in the wake of a similar incident in Australia, where the country's largest health insurer, Medibank, was mistreated by a cybercrime that compromised the personal information of approximately 4 million customers. 

Private patient data stolen in a cyber attack on New Zealand GP provider Pinnacle Health was also posted online in October.

LastPass Experiences its Second Major Data Breach in 4 Months


LastPass's data breach in August permitted a hacker to infiltrate the company again and steal customer data. LastPass announced on Wednesday that it was investigating the breach, which involved a third-party cloud storage service linked to company systems. 
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” the company wrote in a blog post(Opens in a new window). 

It is unknown what data was stolen. LastPass, on the other hand, has stated that customers' passwords should be safe because the company does not store(Opens in a new window) information on the "Master Password" that customers use to access the encrypted password vaults on the platform.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional,” the company said.  

Nonetheless, the incident demonstrates that the August breach at LastPass was more serious than previously thought. At the time, the company confirmed that the August breach only affected internal software development systems and did not include any customer password information. Despite this, the hacker was able to steal portions of the company's source code as well as some proprietary LastPass technical information, which likely paved the way for the subsequent intrusion.

LastPass also announced in September that it had completed its investigation into the breach with the assistance of cybersecurity firm Mandiant. According to the findings, the hacker only had access to the internal systems for four days. 

There was also no evidence of tampering. However, it appears that LastPass did not uncover all of the possible ways the hacker could use the access to breach the company again. LastPass did not identify the third-party cloud storage service used by the hacker to breach the company a second time. LastPass, on the other hand, has been sharing the cloud storage service with its affiliate GoTo. Private equity firms currently own both companies.

In response to the new breach, LastPass has implemented additional security measures and increased monitoring of its IT infrastructure. It has also contacted Mandiant and law enforcement to inquire about the hack.

A Copyright Violation Lawsuit Involves Telegram Sharing Users' Data


Following a court order in India, Telegram has disclosed the names, contact information, and IP addresses of administrators of channels accused of copyright infringement. The fact that it can provide authorities with such a large volume of data about its users in just a few seconds demonstrates the power of the instant messaging platform in terms of what it can get. 

An order by the Delhi High Court compelled the app owner to share the data imposed on him by the court. An argument was made that the company had not taken enough steps to prevent the unauthorized distribution of a teacher's course material on the platform. This was after she filed a lawsuit against the company. Neetu Singh, the teacher who was the plaintiff in the case, told several Telegram channels were reselling her study materials. However, they were not allowed to do so. 

Telegram had earlier been ordered by an Indian court to follow Indian law and disclose information about the members who operate such channels. 

During its litigation, Telegram tried unsuccessfully to argue that disclosing information about users would violate its privacy policies and the laws of Singapore. Telegram is currently maintaining its physical servers for storing the data of its users in Singapore. The court dismissed this argument as the ongoing infringement activity is connected to Indian works. This activity is likely to be attributed to Indian users. However, even if the data is stored in places other than India, it could still be accessed from there. 

Earlier this week, Justice Pratibha Singh told Telegram's board members that Telegram had complied with the earlier order and had shared the data with them. 

As part of the case, a copy of the said data will be provided to counsel for the plaintiffs. This will be with a clear warning that neither they nor any of their representatives shall share this data with a third party. However, for the present proceedings, such disclosure is not permitted. A report first put forth by LiveLaw from the court (PDF) states that disclosure of information to the police/government authorities is permissible. 

Telegram spokesperson Remi Vaughn commented that there was no response from Telegram regarding whether private information was shared. He added, generally, Telegram does not store very much information about its users. Our understanding is that, in many cases, we will not be able to access any user data without a specific entry point. This may have been the case here. Due to this, Telegram cannot confirm that there has been any sharing of private information in this instance.

Interestingly, Telegram has grown to rank among the top five most used apps in the South Asian region. This is because Telegram has nearly 150 million users across the continent. According to a previous report, Telegram's piracy problem might have contributed to the sudden popularity of the app among some users. Movies and TV shows are widely shared on the platform. These movies and TV shows will remain littered with easily discoverable channels, some of which have tens of thousands of users - where users can discover or find easily discoverable content.

This TikTok Thirst Trap Dupes Users Into Downloading Malware


In a new malware attack, digital thieves are exploiting horny TikTok viewers' desire for nude images. The attack, revealed by Checkmarx researchers, entices users by offering to remove a filter used by TikTokers participating in the "Invisible Challenge." 

Users who participate in the challenge upload nude or mostly nude images of themselves to TikTok and then use an invisibility filter to remove their bodies from the video, leaving only a ghostly blurry image in their wake. Preying on viewers' curiosity, the attackers offer "unfilter" software that claims to be able to remove the filter. In reality, that "unfilter" download contains malware skilled of stealing passwords, credit card information, and other private details.

The Checkmarx report cites attackers who posted their own TikTok videos promoting software that they claim can discard the invisible filter. These videos contained links to a Discord server where users could download the files. That server, dubbed "Space Unfilter," contains nude images uploaded by the attackers as proof that the unfilter tools work.

Users who download the software expecting to see boobs inadvertently install "WASP Stealer" malware hidden in a Python package. That malware is said to be capable of stealing a wide range of personal information, from credit card numbers and cryptocurrency wallets to Discord account information. Checkmarx estimates that over 30,000 people joined the Discord server before it was shut down.

“The high number of users tempted to join this Discord server and potentially install this malware is concerning,” Checkmarx Software Engineer Guy Nachshon said in a blog post. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”

The Invisible Challenge, which depends on a filter that acts as a type of green screen by matching a user's skin tone to their background, has been around for a while but has recently gained traction. The #invisiblefilter tag had over 27 million views at the time of writing. With all of the attention, the challenge becomes a breeding ground for attackers looking to catch pervy users with their pants down.

“By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it,” Cybersmart CEO and co-founder Jamie Akhtar​​ said in an interview with Forbes. “Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”

Cyber Black Market Selling Compromised ATO and MyGov Logins Illustrates Medibank & Optus Only Tip of Iceberg


Millions of Australians' highly sensitive data is being openly traded online, including logins for personal Australian Tax Office accounts, medical and personal data of thousands of NDIS recipients, and confidential information of an alleged assault on a Victorian school student by their teacher. 

An ABC investigation discovered large chunks of previously unreported confidential material widely available on the internet, ranging from sensitive legal contracts to individual MyGov account login details being sold for as little as $1 USD. The massive amount of newly discovered data confirms that the high-profile hacks of Medibank and Optus represent only a small portion of the confidential Australian records recently stolen by cybercriminals. 

In the last few months, hackers have exposed the personal information of at least 12 million Australians. It has also been revealed that many of those affected only discovered they had been victims of data theft after being contacted by the ABC.

They claimed that the organizations in charge of protecting their data either failed to notify them adequately or misled them about the severity of the breach. One of the main hubs where stolen data is published is a Google-searchable forum that only appeared eight months ago and has soared in popularity, much to the chagrin of global cyber intelligence experts.

Anonymous users on the forum and similar websites frequently sell stolen databases containing the personal information of millions of Australians. Others were seen offering generous rewards to those brave enough to go after specific targets, such as one post seeking classified intelligence on Australian submarine development. 

CyberCX director of cyber intelligence Katherine Mansted stated, "There's a criminal's cornucopia of information available on the clear web, which is the web that's indexed by Google, as well as in the dark web. There's a very low barrier of entry for criminals … and often what we see with foreign government espionage or cyber programs — they are not above buying tools or buying information from criminals either." 

In one case, law student Zac's medical information was stolen in one of Australia's most heinous cyber breaches and freely published by someone with no discernible motive. Zac suffers from a rare neuromuscular disorder that has rendered him unable to walk and prone to extreme weakness and fatigue. The ABC has agreed not to use his full name because he is concerned that the stolen information could be used to track him down.

His sensitive personal data was stolen in May during a cyber attack on CTARS, a company that provides the National Disability Insurance Scheme with a cloud-based client management system (NDIS). The NDIA, which is in charge of the NDIS, told a Senate committee that it had confirmed with CTARS that all 9,800 affected participants had been notified.

However, ABC Investigations has determined that this is not the case. The ABC interviewed 20 victims of the breach, and all but one — who later discovered a notice in her junk mail — said they had not received a notification or had even heard of the hack. The ABC confirmed that the leaked CTARS database contained Medicare numbers, medical information, tax file numbers, prescription records, mental health diagnoses, welfare checks, and observations about high-risk behavior such as eating disorders, self-harm, and suicide attempts.

"It's really, really violating," said Zac, whose leaked data included severe allergy listings for common food and medicine. "I may not like to think of myself as vulnerable … but I guess I am quite vulnerable, particularly living alone. Allergy records, things that are really sensitive, [are kept] private between me and my doctor and no one else but the people who support me. That's not the sort of information that you want getting into the wrong hands, particularly when ... you don't have a lot of people around you to advocate for you."

The CTARS database is just one of many thousands being traded on the ever-expanding black market for cybercrime. These postings appear on both the clear web, which is accessible through standard web browsers, and the dark web, which requires special software to access. The low prices demanded for confidential data demonstrate the magnitude of the problem.

ABC Investigations discovered users selling personal information and log-in credentials to individual Australian accounts such as MyGov, the ATO, and Virgin Money for as little as $1 to $10 USD.
Two-factor authentication is developed into MyGov and ATO services, which protects accounts with compromised usernames and passwords, but those same login details could be utilized to circumvent less-secure services.

A cyber intelligence expert demonstrated to the ABC a popular hackers forum where remote access to an Australian manufacturing company was auctioned off for up to $500. He refused to name the company. According to Ms. Mansted of CyberCX, the "black economy" in stolen data and hacking services is the world's third-largest economy, trailing only the US and Chinese GDP.

"The cost of buying a person's personal information or buying access to hack into a corporation, that's actually declining over time, because there is so much information and so much data out there," said Ms. Mansted. 

Cyber threat investigator Paul Nevin monitors online forums where hundreds of Australians' login data are traded each week.

"The volume of them was staggering to me," said Mr. Nevin, whose company Cybermerc runs surveillance on malicious actors and trains Australian defense officials.

"In the past, we'd see small scatterings of accounts but now, this whole marketplace has been commoditized and fully automated. The development of that capability has only been around for a few years but it shows you just how successful these actors are at what they do."

Private school information has been leaked

The cyber attack on Medibank last month by the Russian criminal group REvil demonstrated the devastation that cyber crime can cause.

After REvil obtained the data of 9.7 million current and former customers and published highly sensitive medical info online, the country's largest health insurer is now encountering a possible class action lawsuit. Russian and Eastern European criminal groups host sites on the dark web where they publish ransom threats and later leak databases if the ransom is not paid.

The groups conduct research on their targets in order to inflict the most damage. Victims include multinational corporations such as Thales and Accenture, as well as Australian schools.

The Kilvington Grammar School community in Melbourne is reeling after a prolific ransomware gang, Lockbit 3.0, leaked more than 1,000 current and former students' personal data in October. The private school notified parents via email, including one on November 2, which stated that an "unknown third party has published a limited amount of data taken from our systems."

According to correspondence sent to parents, this "sensitive information" included contact information for parents, Medicare details, health information such as allergies, and some credit card information. The cache of information actually published by Lockbit 3.0, on the other hand, was far more extensive than initially suggested.

According to ABC Investigations, the ransomware group published highly confidential documents containing parents' bank account numbers, legal and debt disputes between the school and families, report cards, and individual test results.

The publication of details about an investigation into a teacher accused of assaulting a child and privileged legal advice about a student's death was the most shocking. Kilvington Grammar has been at the center of a coronial inquest into the death of Lachlan Cook, 16, who died in 2019 after suffering complications from Type 1 diabetes while on a school trip to Vietnam.

Lachlan became critically ill and began vomiting, which was misdiagnosed as gastroenteritis rather than a rare diabetes complication. The coroner has indicated that the death was avoidable because neither the school nor the tour operator, World Challenge, provided specific diabetes care for the teenager.
Lachlan's parents declined to comment, but ABC Investigations understands that they were not notified by the school that sensitive legal documents concerning his death had been stolen and published online.

Other parents whose information was compromised told ABC that they were dissatisfied with the school's failure to explain the scope of the breach.

"That's distressing that this type of data has been accessed," said father of two, Paul Papadopoulos.

"It's absolutely more sensitive [than parents were told] and I think any person would want to have known about it." 

Kilvington Grammar did not respond to specific questions about the Cook family tragedy or whether a ransom was demanded or paid in a statement to ABC. Camilla Fiorini, the school's marketing director, admitted that the school's attempt to notify families about the specifics of what personal data was stolen was an "imperfect process."

"We have adopted a conservative approach and contacted all families that may have been impacted," she said.

"We listed — to the best of our abilities —  what data had been accessed ... we also suggested additional steps those individuals can consider taking to further protect their information. The school is deeply distressed by this incident and the impact it has had on our community." 

Lockbit 3.0 recently targeted a law firm, a wealth management firm for high-net-worth individuals and a major hospitality company in Australia. According to correspondence sent to parents, this "sensitive information" included contact information for parents, Medicare details, health information such as allergies, and some credit card information.

The cache of information actually published by Lockbit 3.0, on the other hand, was far more extensive than initially suggested. According to ABC Investigations, the ransomware group published highly confidential documents containing parents' bank account numbers, legal and debt disputes between the school and families, report cards, and individual test results.

The publication of details about an investigation into a teacher accused of assaulting a child and privileged legal advice about a student's death was the most shocking. Kilvington Grammar has been at the centre of a coronial inquest into the death of Lachlan Cook, 16, who died in 2019 after suffering complications from Type 1 diabetes while on a school trip to Vietnam.

Lachlan became critically ill and began vomiting, which was misdiagnosed as gastroenteritis rather than a rare diabetes complication. The coroner has indicated that the death was avoidable because neither the school nor the tour operator, World Challenge, provided specific diabetes care for the teenager. Lachlan's parents refused to comment, but ABC Investigations understands that they were not notified by the school that sensitive legal documents concerning his death had been stolen and published online.

Other parents whose information was affected told the ABC that they were dissatisfied with the school's failure to explain the scope of the breach.

"That's distressing that this type of data has been accessed," said father of two, Paul Papadopoulos. "It's absolutely more sensitive [than parents were told] and I think any person would want to have known about it." 

Kilvington Grammar did not respond to specific questions about the Cook family tragedy or whether a ransom was demanded or paid in a statement to the ABC. Camilla Fiorini, the school's marketing director, admitted that the school's attempt to notify families about the specifics of what personal data was stolen was a "imperfect process."

"We have adopted a conservative approach and contacted all families that may have been impacted," she said. "We listed — to the best of our abilities —  what data had been accessed ... we also suggested additional steps those individuals can consider taking to further protect their information. The school is deeply distressed by this incident and the impact it has had on our community." 

Lockbit 3.0 recently targeted a law firm, a wealth management firm for high-net-worth individuals, and a major hospitality company in Australia.

Victims are left out in the cold as a result of the blame game

Kilvington Grammar's inability to properly notify victims of data theft is not an isolated incident, and its targeting by a ransomware group is representative of a growing apparatus commoditizing stolen personal information.

Personal data is becoming "increasingly valuable to cybercriminals who see it as the information they can exploit for financial gain," according to Australian Federal Police (AFP) Cybercrime Operations Commander Chris Goldsmid.

"Cybercriminals can now operate at all levels of technical ability and the tools they employ are easily accessible online," he warned.

"We suspect there are many more victims but they are too embarrassed to come forward, or they have not realized what has happened to them is a crime," Commander Goldsmid said.

While authorities and the Federal Government have warned Medibank customers to be on the lookout for identity thieves, many other Australians are completely unaware they are victims.

All government agencies, organizations that hold health information, and businesses with an annual revenue of more than $3 million are required by the Privacy Act to notify individuals when their data has been breached if it is deemed "likely to cause serious harm." 

After CTARS was hacked in May, the company issued a statement on its website about the breach but delegated responsibility for informing NDIS recipients to 67 individual service providers affected by the breach. When ABC Investigations asked CTARS why many of the impacted NDIS recipients had not been notified, it stated that the processes were best handled by each provider.

"The OAIC [Office of the Australian Information Commissioner] suggests that notifications are usually best received from the organization who has a relationship with impacted individuals — in this case, the service providers," a CTARS spokesperson said.

"CTARS worked extensively to support the service providers in being able to ... bring the notification to their clients' attention."

However, the NDIA told the ABC this responsibility lay not with those individual providers, but with CTARS.

"The Agency's engagement with CTARS following the breach indicated that CTARS was fulfilling all its obligations under the Privacy Act in relation to the breach," an NDIA spokesperson said.

"The Agency has reinforced with CTARS its obligation to inform users of their services."

This has provided little comfort to Zac and other CTARS victims whose personal information may never be erased from the internet.

"It's infuriating, it's shocking and it's disturbing," said Zac.

"It makes me really angry to know that multiple government agencies and these private support companies, who I would have thought would be duty bound to hold my best interests at heart … especially when my safety is at risk … that they at no level attempted to get in contact with me and assist me in protecting my information."

Zac's former service provider, Southern Cross Support Services, did not respond to the ABC's questions.

Karen Heath was a victim of another hack published on the same forum as the CTARS data.

In the last month, the Victorian woman has been the victim of two hacks, one of Optus customer data and the other of confidential information stored by MyDeal, which is owned by retail giant Woolworths Group. Woolworths told the ABC that since the MyDeal hack, it has "enhanced" its security and privacy practises, and it "unreservedly apologize[d] for the considerable concern the MyDeal breach has caused."

But Ms. Heath stays anxious. 

"You feel a bit helpless [and] you get worried about it," Ms. Heath said.

She further added, "I don't even know that I'll shop at Woolworths again ... they own MyDeal. They have insurance companies, they have all sorts of things. So where does it end?"

An Online Date Led to an Inquiry into 'Systemic' Failures at American Express


Last summer, John Smith* had just returned to Sydney after more than a decade abroad when he met someone online. He began chatting with a man named Tahn Daniel Lee on the dating app Grindr. Lee was undergoing treatment for COVID at the time, so they communicated online for a few weeks before meeting in Sydney's Surry Hills for their first date - a Japanese dinner followed by Messina ice cream. The date would be one of many in a relationship that progressed quickly before taking a dark turn when Smith began to suspect Lee was watching his bank accounts.

The Age and The Sydney Morning Herald can disclose that American Express, one of the world's largest financial companies, would not only dismiss Smith's initial complaint without proper investigation but would also provide misleading information during an external inquiry. It comes after two major ASX-listed companies, Optus and Medibank, revealed sensitive identification and health data to criminals, igniting a national debate about how to best deal with emerging cyber threats.

The "insider threat," according to cybersecurity experts, is a major risk, and the Privacy Commissioner's inability to penalize companies that violate the law has created a culture of impunity among corporate Australia.

“Because, what is the recourse? Businesses just aren’t doing the risk management that’s required. The tone starts from the top, ” says former Australian Federal Police investigator turned cyber expert Nigel Phair.

Smith's first assumption of Lee was that he had a charming smile, and the relationship developed quickly. Lee worked as a relationship manager for American Express Centurion, an exclusive club for black cardholders who spend at least $500,000 per year.

Smith had a platinum American Express card from living in the United States, but Lee suggested he sign up in Australia so he could illustrate how to maximize the benefits. He consented and began using American Express as his primary banking card shortly thereafter. After a series of comments about items Smith had purchased, places he had been, or payments he had made, he became skeptical that Lee was watching his transactions.

“I asked him how he was able to do this without my consent or authority (one-time pin etc), and he replied, ‘because the system is completely open, I have god mode’,” Smith wrote in a complaint later filed with American Express.

Smith has autism, and while he is classified as "high functioning," he occasionally struggles to recognize inappropriate behavior. He noticed "warning signs" about Lee but ignored them while traveling to Hawaii and Hamilton Island with his new partner, he claims.

During one of these trips, Smith became uneasy with the manner in which Lee discussed his clients' affairs, including major food distributor Primo Foods, which he claimed siphoned millions of dollars to the Cayman Islands. Lee later texted, "FYI, everything I tell you about work is highly confidential." 

By April, he had attempted to end the relationship and had warned Lee that he would report his behavior to American Express. Lee reacted negatively to this. He begged Smith to continue the relationship and, at one point, called Smith's close friend out of the blue to persuade her not to file a complaint. This was the breaking point. He was hell-bent on reporting Lee.

Amex: ‘No inappropriate access’

At the same time, another American Express employee noticed unusual activity on Smith's account. Lee was subjected to an internal investigation, which swiftly cleared him of any wrongdoing. On May 26, the company wrote to Smith, claiming Lee was not in a position to access his account and, in any case, there was training and processes in place to protect customer data.

Unconvinced, Smith asked American Express to confirm that Lee's access to his account had been blocked and reported the Primo Foods discussions. Smith claims that the following week, during a phone call, he was told that if Lee had looked at his account, it was no big deal because they were partners, and discussing Centurion's clients was also no cause for concern.

Smith filed a complaint with the Privacy Commissioner, who directed it to the Australian Financial Complaints Authority. AFCA immediately requested a meeting with American Express to verify that Lee had lost the rights to Smith's account.

The company's response was quick, but it turned out to be incorrect.  “We confirm that the employee has no access to [Smith]’s account,” Amex responded.

In subsequent letters between AFCA, Smith, and American Express, the company continued to imply that there had been no inappropriate access or violation of privacy laws. Until the plot shifted. In August, three months after Lee's suspicious activity was discovered, Smith was notified by American Express that Lee had indeed accessed his personal information.  

Lee accessed Smith's private account nine times between February and April of this year, according to digital access logs. American Express then stated that while it was impossible to prevent Lee from accessing the account, he would be disciplined and the account would be monitored to ensure no further intrusions.

“American Express is unable to practically restrict American Express employees from being able to access any specific Card member data. We acknowledge that [Smith] feels uncomfortable with his previous partner access to his personal information and have made every effort to implement controls to further protect his data,” the company wrote in a letter.

In a final decision issued this month, AFCA determined that American Express violated privacy laws by letting Lee to access his accounts without authorization both before and after the relationship. It awarded Smith $2000 in damages but did not order an apology or absolve the company of any wrongdoing.

“I am satisfied the financial firm has investigated the matters raised by the complainant, and in the circumstances, it has responded appropriately,” AFCA found.

American Express declined to answer specific questions about how it investigated Smith's complaint or what action it took against Lee, but stated it maintains the "highest levels of integrity" and has cooperated with AFCA.

“Whilst they made a determination against us, they concluded that American Express had investigated and responded appropriately,” the company said. “We are satisfied that this matter poses no risk to the integrity of our systems. Protecting the privacy of our customers and the integrity of our systems remains our utmost priority.”

Current laws allow for fines of up to $2.2 million for each unauthorized access. The federal government is considering raising the penalty to $50 million per breach, which would mean that American Express could have faced penalties totaling $450 million for the nine breaches.

“Companies need to take this issue around unauthorized access to information more seriously because the penalties are significant,” CyberCX privacy law expert David Batch says. “But in reality, the Privacy Commissioner has historically not handed down those fines.”

Smith was informed in October that AFCA's systemic issues team had agreed to investigate American Express's handling of Smith's case. This team investigates serious violations and systemic issues and has the authority to refer cases to other regulators, such as the Privacy Commissioner, however, its findings are a little transparent. AFCA was unable to comment on whether the promised investigation would be carried out.

According to Nigel Phair, Professor of Cybersecurity at the University of New South Wales, the "insider threat" is a major concern for businesses, where the actions of rogue employees can jeopardize the security of the entire organization.

He claims that the government's failure to implement harsh penalties on companies that mishandle their customers' data fosters a culture of impunity among Australian corporations.

For Smith, American Express and the system designed to hold companies accountable have let him down. He now makes a point of only using the card in ways that do not reveal his location. Requests for comment from Lee and Primo Foods were not returned.

*Not his real name. He asked that his identity be kept confidential.

Thales Denies Getting Hacked as Ransomware Group Reveals Gigabytes of Information


Overnight, a 9.5-gigabyte archive of information pertaining to [the French company] Thales was published on the website of the cybercrime gang Lockbit. The archive houses information about Thales contracts and partnerships in Italy and Malaysia. When contacted by Le Monde, Thales confirmed that the data had been posted on the hackers' website, but claimed that "no intrusion" had occurred into the company's IT system. 

"Thales' security experts have narrowed down one of two possible sources of the information theft. It was a partner's account on a dedicated exchange portal that led to the disclosure of a limited amount of information," said a company spokesperson, adding that its teams are working to identify the second source. Thales also stated that the data leak has no impact on its business.

The documents published on Lockbit's website mention, among other items, a project announced in 2018 by Thales and Malaysia-based Novatis Resources to implement aerial surveillance tools for Malaysia's Kota Kinabalu airport. The documents, which are dated 2021, indicate the project and the company's monitoring. 

Other files discuss Thales' contracts in Italy, particularly in Florence, to support an automated ticket sales system for public transportation services. The archive appears to include no personal information about the company's employees.

Lockbit announced earlier this month that it had data stolen from Thales and threatened to publish it on its website. The cybercriminal group then announced a November 7 release date. On that day, the site posted a message stating that the data had been published but did not provide access to it, casting doubt on the attack's factuality. The stolen files were eventually discovered on the site during the night of November 10 to 11.

Lockbit has claimed an attack on Thales before: in January, the group announced that it had stolen data from the company. The data released at the time consisted primarily of code repositories from the company's external server, data deemed "not very sensitive" by the French company.

On Thursday, US authorities revealed the arrest of a Canadian citizen suspected of working for the Lockbit group. This citizen, who holds dual Russian and Canadian citizenship, is currently being held in detention awaiting extradition to the United States.

According to court documents, a search conducted by law enforcement agencies in August resulted in the seizure of the suspect's computer, which disclosed traces of logins to the control panel of Lockbit's ransomware, as well as messages exchanged with LockBitSupp, an account used by the cybercriminal group to provide support for its software. 

As per the US Attorney's Office, a file on the suspect's computer contained a list of past and future Lockbit group targets. During a second search, investigators discovered a cryptocurrency wallet belonging to the suspect, which contained 0.8 bitcoin (€13,482 at the time of publication). This bitcoin came from a ransom payment made by one of the Lockbit group's victims. The suspect faces a maximum sentence of five years in prison.