Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label personal data leak. Show all posts
personal data leak
Customer Data Cyber Attacks Data Breaches Data Leak Data protection data security Personal Data personal data leak

WestJet Confirms Cyberattack Exposed Passenger Data but No Financial Details

 

WestJet has confirmed that a cyberattack in June compromised certain passenger information, though the airline maintains that the breach did not involve sensitive financial or password data. The incident, which took place on June 13, was attributed to a “sophisticated, criminal third party,” according to a notice issued by the airline to U.S. residents earlier this week. 

WestJet stated that its internal precautionary measures successfully prevented the attackers from gaining access to credit and debit card details, including card numbers, expiry dates, and CVV codes. The airline further confirmed that no user passwords were stolen. However, the company acknowledged that some passengers’ personal information had been exposed. The compromised data included names, contact details, information and documents related to reservations and travel, and details regarding the passengers’ relationship with WestJet. 

“Containment is complete, and additional system and data security measures have been implemented,” WestJet said in an official release. The airline emphasized that analysis of the incident is still ongoing and that it continues to strengthen its cybersecurity framework to safeguard customer data. 

As part of its response plan, WestJet is contacting affected customers to offer support and guidance. The airline has partnered with Cyberscout, a company specializing in identity theft protection and fraud assistance, to help impacted individuals with remediation services. WestJet has also published advisory information on its website to assist passengers who may be concerned about their data.  

In its statement, the airline reassured customers that swift containment measures limited the breach’s impact. “Our cybersecurity teams acted immediately to contain the situation and secure our systems. We take our responsibility to protect customer information very seriously,” the company said. 

WestJet confirmed that it is working closely with law enforcement agencies, including the U.S. Federal Bureau of Investigation (FBI) and the Canadian Centre for Cyber Security. The airline also notified U.S. credit reporting agencies—TransUnion, Experian, and Equifax—along with the attorneys general of several U.S. states, Transport Canada, the Office of the Privacy Commissioner of Canada, and relevant provincial and international data protection authorities. 

While WestJet maintains that the exposed information does not appear to include sensitive financial or authentication details, cybersecurity experts note that personal identifiers such as names and contact data can still pose privacy and fraud risks if misused. The airline’s transparency and engagement with regulatory agencies reflect an effort to mitigate potential harm and restore public trust. 

The company reiterated that it remains committed to improving its security posture through enhanced monitoring, employee training, and the implementation of additional cybersecurity controls. The investigation into the breach continues, and WestJet has promised to provide further updates as new information becomes available. 

The incident highlights the ongoing threat of cyberattacks against the aviation industry, where companies hold large volumes of personal and travel-related data. Despite the rise in security investments, even well-established airlines remain attractive targets for sophisticated cybercriminals. WestJet’s quick response and cooperation with authorities underscore the importance of rapid containment and transparency in handling such data breaches.
Read more »
personal data leak
Data Breach Data Leak data security Data stealing malware Database Breach Infostealer Infostealer Malware Login Credentials Login Security Malware attacks personal data leak

Massive Data Leak Exposes 16 Billion Login Records from Major Online Services

 

A recent investigation by Cybernews has uncovered a staggering 30 separate online datasets containing approximately 16 billion stolen login credentials from services including Apple, Google, and Facebook. These data dumps, discovered through open sources, appear to be the result of large-scale malware attacks that harvested user information through infostealers. 

Each dataset contains a URL alongside usernames and passwords, suggesting that malicious software was used to collect login details from infected devices. While some overlap exists among the records, the overall size and spread of the leak make it difficult to determine how many unique users have been compromised. 

Except for one dataset previously identified by cybersecurity researcher Jeremiah Fowler—which included over 185 million unique credentials—most of the remaining 29 databases had not been publicly reported before. These leaked collections are often only temporarily available online before being removed, but new compilations are regularly uploaded, often every few weeks, with fresh data that could be weaponized by cybercriminals. The exact sources and individuals behind these leaks remain unknown. 

To avoid falling victim to similar malware attacks, experts advise staying away from third-party download platforms, especially when obtaining software for macOS. Users are encouraged to download apps directly from the Mac App Store or, if not available there, from a developer’s official website. Using cracked or pirated software significantly increases the risk of malware infection. 

Phishing scams remain another common threat vector. Users should be cautious about clicking on links in unsolicited emails or messages. Even if a message appears to come from a trusted company, it’s vital to verify the sender’s address and inspect URLs carefully. You can do this by copying the link and pasting it into a text editor to see its actual destination before clicking. 

To reduce the chance of visiting malicious sites, double-check the spelling of URLs typed manually and consider bookmarking commonly used sites. Alternatively, using a search engine and clicking on verified results can reduce the risk of visiting typo-squatting domains. 

If you suspect your credentials may have been compromised, take immediate action. Start by updating passwords on any affected services and enabling two-factor authentication for added security. It’s also wise to check your financial statements for unauthorized activity and consider placing a freeze on your credit file to prevent fraudulent account openings. 

Additionally, tools like Have I Been Pwned can help verify if your email address has been part of a known breach. Always install the latest system and app updates, as they often include crucial security patches. Staying current with updates is a simple but effective defense against vulnerabilities and threats.
Read more »
TransUnion
Data Breach Experian N4ughtySecTU personal data leak Ransom Demand South Africa data breach TransUnion

Data Breach Threat: Hackers Target TransUnion and Experian, Demand R1.1 Billion Ransom

 

 In a recent development, two of South Africa's largest credit bureaus, TransUnion and Experian, have been targeted by hackers known as N4ughtySecTU, who claim to have gained access to sensitive financial and personal data of South African citizens.

TransUnion has confirmed the hackers' demand for a R1.1 billion ransom and their ultimatum of releasing the confidential information within 72 hours. However, TransUnion maintains that they have found no evidence of a security breach and that their systems remain intact.

This is not the first time TransUnion has been subjected to cyberattacks. Last year, the hackers demanded a R223 million ransom.

In August 2020, Experian experienced a significant data breach, exposing the personal information of over 20 million South Africans and 793,749 businesses to a fraudster named Karabo Phungula, who was later sentenced to 15 years in prison.

Despite the allegations, Experian has also denied any data compromise, stating that their systems remain secure and that they take such threats very seriously. "Protecting our customers and data is our top priority," Experian asserted.

As the situation unfolds, both TransUnion and Experian continue to monitor the situation closely and maintain that their priority remains safeguarding their customers' data and ensuring the integrity of their systems.
Read more »
Subscribe to: Posts (Atom)