All news with #pii tag

Millions of Qantas Customers' Data Published Online

🔐 Around three months after an early-July cyberattack, hackers have published online data reportedly belonging to up to 5.7 million Qantas customers. The airline says the information was stolen via a third-party provider's platform and included names, emails, phone numbers, dates of birth and frequent flyer numbers, but not credit card, financial or passport data. Qantas obtained an Australian court injunction prohibiting use of the information; the data appeared on both the dark web and publicly accessible sites.

Fake 'Inflation Refund' Texts Target New Yorkers in NY

🔔 A new smishing campaign impersonates the New York Department of Taxation and Finance, sending texts that urge recipients to submit payment information to process an 'Inflation Refund.' Links lead to a counterfeit site requesting name, address, phone, email and Social Security Number. New Yorkers are reminded the refund is automatic for eligible taxpayers and agencies will not text or call for payment details. Report suspicious messages to the Tax Department or IRS.

Stealit Campaign Abuses Node.js Single Executable Packaging

🔍 FortiGuard Labs identified an active Stealit campaign that distributes malware packaged with Node.js Single Executable Application (SEA) technology to create standalone Windows binaries. Operators deliver fake game and VPN installers via file-sharing sites and Discord, using multi-layer obfuscation and in-memory execution. The modular payloads harvest browser data, extension-based crypto wallets, and provide remote access, with persistence via a startup Visual Basic script. Fortinet provides detections and recommends updating protections and user training.

Class Action in Germany Targets Meta over 2021 Facebook Leak

⚖️ A German consumer association has launched a model declaratory action against Meta after data from more than 530 million Facebook users was posted on the dark web in April 2021. The Federation of German Consumer Organisations argues Meta failed to protect user data and to inform affected people adequately. Plaintiffs seek tiered compensation of €100–€600 and the Hanseatic Higher Regional Court will first address jurisdictional and formal matters in the hearing.

Protecting Your Car from Hacking: Practical Guidance 2025

🚗 Modern vehicles increasingly rely on interconnected electronics and external services, creating multiple remote attack vectors — from CAN, LIN and OBD ports to Wi‑Fi, Bluetooth and cellular links. The article notes that attackers now often target manufacturer servers (e.g., Toyota’s 2024 data loss) and references UN R155/R156 and ISO/SAE 21434. It describes vehicle risk categories, practical buyer and setup checks, and step‑by‑step advice if you suspect a compromise.

Hotel Booking Software Vulnerability Exposed Millions' Data

🔓 Security researchers from Zerforschung discovered a vulnerability in the Gubse AG hotel booking system that exposed customer data including names, addresses, identity documents and credit card details. Investigators estimate more than 35.5 million reservations and 48.5 million guest records were retrievable, with Motel One especially affected. A number of hostel and hotel groups, including DJH state hostels, AWO SANO and the DeHoGa campus, were named. Vendors report the gaps have been closed and say there is no confirmed misuse or public leak so far.

ClayRat Android Spyware Campaign Targets Russian Users

🛡️Researchers at Zimperium zLabs have identified a rapidly evolving Android spyware campaign, dubbed ClayRat, targeting users in Russia via Telegram channels and phishing sites. The malware is distributed inside fake apps impersonating services such as WhatsApp, TikTok, Google Photos and YouTube, and operators are using fake reviews, download counts and step-by-step guides to trick victims. Once granted privileges, ClayRat can exfiltrate SMS, call logs and notifications, take front-camera photos, and even send messages or place calls while abusing Android's SMS handler role. Security firms report over 600 samples and coordinated disclosure to Google resulted in Play Protect protections.

UK Upper Tribunal Upholds ICO Claim Against Clearview

🔍 The UK Information Commissioner’s Office (ICO) won an Upper Tribunal ruling that bolsters its authority to enforce the UK GDPR against Clearview AI and increases the likelihood of a previously issued £7.5m penalty being upheld. The tribunal found that Clearview’s scraping and global database usage involved monitoring the behavior of UK residents and is not beyond the reach of UK law even when services are provided to foreign law‑enforcement customers. The UT has directed the First‑Tier Tribunal to reconsider its earlier decision in light of this jurisdictional clarity, though Clearview may still appeal.

Kantsu’s Ransomware Crisis: Recovery, Costs, and Lessons

🔒 Kantsu, a midsize Japanese logistics firm, was hit by ransomware on Sept. 12, 2024 that encrypted servers, cut communications, and halted shipping operations for hundreds of clients. The company refused to pay a ransom, shut down networks, replaced PCs, and rebuilt its cloud WMS Cloud Thomas on AWS while using analog processes to maintain critical shipments. Executives prioritized speed, cash availability, and employee welfare during an expensive recovery process that exposed gaps in cyber insurance.

Hackers Claim Discord Zendesk Breach Exposed 5.5M Users

🛡️ Discord says it will not pay extortionists who claim to have stolen data from a third‑party customer support service and disputes claims that 2.1 million ID photos were exposed. Attackers allege they obtained 1.6 TB of data from the company's Zendesk instance, impacting 5.5 million users and including partial payment and MFA‑related information. Discord says roughly 70,000 ID photos may have been exposed and characterizes the larger figures as part of an extortion attempt.

Flock License-Plate Surveillance Raises Legal Concerns

🔍 A U.S. District Court complaint alleges that Norfolk, Virginia’s 176 Flock Safety automated license-plate readers tracked plaintiffs repeatedly as they drove — one retired veteran was logged 526 times and another resident 849 times between mid-February and early July. The September lawsuit contends that this pervasive, warrantless tracking raises serious Fourth Amendment and privacy issues. The ACLU and a 2024 ruling by Judge Jamilah LeCruise, which excluded warrantless plate-reader data in a robbery prosecution, underscore growing legal scrutiny.

Met Police Arrest Two Teens Over Nursery Ransomware

🔒 Two teenage boys were arrested in Bishop's Stortford on suspicion of computer misuse and blackmail following a ransomware attack on the Kido nursery group, the Metropolitan Police said. Referred to the Met by Action Fraud on 25 September, investigators allege attackers demanded £600,000 in Bitcoin after stealing names, addresses, contact details and photos of around 8,000 children via a Famly account. The group, which called itself "Radiant," reportedly contacted parents directly and posted some images on the dark web before blurring and later claiming deletion; the app provider says its infrastructure was not breached. The Met described the arrests as a significant step while inquiries continue alongside partner agencies.

DraftKings Alerts Customers to Credential Stuffing Breach

🔒 DraftKings has notified customers that attackers accessed some accounts in a wave of credential stuffing attacks. The company says the threat actors used credentials stolen from non‑DraftKings sources to log in and may have viewed limited profile and account data — including name, address, date of birth, email, phone, the last four digits of a payment card, profile photo, transaction history, account balance, and the date the password was last changed. DraftKings said no full financial account numbers or government‑issued identification numbers were accessed. Affected users will be required to reset passwords and are being urged to enable multifactor authentication and monitor their financial and credit records.

Avnet Confirms Breach; Stolen EMEA Sales Data Unreadable

🔒 Avnet confirmed unauthorized access to externally hosted cloud storage that supported an internal sales tool used in the EMEA region. The company says most stolen files are not easily readable without access to Avnet's proprietary sales tool, which it says was not impacted, while attackers claim they exfiltrated 1.3TB of compressed (7–12TB raw) data. Avnet detected the activity on September 26, rotated secrets across Azure/Databricks, notified authorities, and will contact affected customers and suppliers; the number of potentially impacted individuals remains unknown.

Qilin Ransomware Disrupts Mecklenburg County Schools

🔒 A Russian-linked ransomware group, Qilin, has claimed responsibility for a September 2, 2025 attack that disrupted Mecklenburg County Public Schools and said it exfiltrated 305 GB of data, including financial records, grant documents, budgets and children’s medical files. The attack forced teachers offline for about a week while internet systems were restored. Superintendent Scott Worner said the district does not currently intend to pay the ransom and is still assessing the scope, urging other districts to review cyber-insurance and preparedness.

Enterprise AI Now Leading Corporate Data Exfiltration

🔍 A new Enterprise AI and SaaS Data Security Report from LayerX finds that generative AI has rapidly become the largest uncontrolled channel for corporate data loss. Real-world browser telemetry shows 45% employee adoption of GenAI, 67% of sessions via unmanaged accounts, and copy/paste into ChatGPT, Claude, and Copilot as the primary leakage vector. Traditional, file-centric DLP tools largely miss these action-based flows.

Discord Confirms Customer Data Breach via Third-Party

🔒 Discord has disclosed a data breach after a third-party customer support provider was compromised, allowing a ransomware actor to access limited customer information. Potentially exposed data includes names, Discord usernames, contact details, last four digits of payment cards, IP addresses, messages with support agents and a small number of government ID images submitted for age appeals. Discord says no passwords, full card numbers or CVVs were accessed and is contacting affected users and authorities.

Why Successful Businesses Are Built on Cyber Protection

🔒 Company leaders must treat cyber risk as a strategic priority rather than a discretionary cost. The piece highlights a persistent budget-perception gap between CISOs and boards and notes SMBs often remain reactive, prioritizing firefighting over prevention. It cites high-profile breaches and the IBM Cost of a Data Breach to quantify losses and recommends technologies such as SIEM and SOAR, alongside governance measures like board oversight and appointed CISOs. Practical advice stresses framing security as business risk, using financial metrics, and reporting regularly to embed security-by-design.

Trinity of Chaos Launches TOR Data Leak Site, Exposes Data

🔓 The Trinity of Chaos collective has opened a data leak site on the TOR network, publishing previously undisclosed records tied to past breaches and listing 39 major global firms. Resecurity says the group claims more than 1.5 billion records across 760 companies and has set an October 10 negotiation deadline. Samples reportedly contain substantial PII and appear to stem from compromised SaaS environments via stolen OAuth tokens and vishing; the FBI has issued a flash alert. The group also threatened to leverage existing litigation and regulatory complaints against Salesforce, which has denied new vulnerabilities.

Discord Support Data Stolen in Third-Party Breach Incident

🔒Discord has confirmed that attackers accessed data belonging to users who contacted its customer support after a breach at a third-party provider, reportedly Zendesk. Exposed information includes names, Discord usernames, emails, IP addresses, messages with support agents, limited billing details (payment type and last four card digits), and a small number of government ID images. Discord says full card numbers, CCV codes and account passwords were not accessed, and is contacting affected users while warning of potential phishing attempts.