Latest news with #cyberbreach
CNA
09-07-2025
- Business
- CNA
Qantas confirms personal data of over a million customers leaked in breach
Australia's Qantas Airways said on Wednesday (Jul 9) more than a million customers had their phone number, birth date or home address accessed in one of the country's biggest cyber breaches in years. The airline operator said that another four million customers had just their name and email address taken during the hack. After disclosing a cyberattack last week, Qantas said on Wednesday that the breached database contained unique personal information of 5.7 million customers, after removing duplicate records from the initial 6 million affected. There is no evidence that any personal data of the customers has been released and the company is actively monitoring the situation, Qantas said in a statement. "Since the incident, we have put in place a number of additional cybersecurity measures to further protect our customers' data, and are continuing to review what happened," Qantas Group CEO Vanessa Hudson said. The breach represents Australia's most high-profile cyberattack since telecommunications giant Optus and health insurer Medibank were hit in 2022, incidents that prompted mandatory cyber resilience laws.
Yahoo
09-07-2025
- Business
- Yahoo
Qantas confirms over a million customers' personal information leaked
(Reuters) -Australia's Qantas Airways said on Wednesday more than a million customers had their phone number, birth date or home address accessed in one of the country's biggest cyber breaches in years.
Khaleej Times
03-07-2025
- Business
- Khaleej Times
A CISO's guide to securing XIoT in the Middle East
The rapid expansion of the Internet of Things (IoT) is reshaping the physical and digital contours of modern infrastructure. From biometric gates at international airports to infusion pumps at hospitals, from ubiquitous surveillance devices to office peripherals of a mundane kind — the networked device universe is ubiquitous and exposed. This interconnected network offers clear functional benefits. However, as more devices communicate with each other, there are more entry points for cyberattacks. The numbers are staggering. The Middle East IoT market is projected to grow from $43.99 billion to $241.65 billion by 2030, a 449 per cent increase. Saudi Arabia alone commands nearly 40 per cent of the regional market, generating $10.22 billion in revenues. Yet, as organisations embrace XIoT (extended Internet of Things), security risks escalate. The Middle East saw a 211 per cent rise in Distributed Denial of Service (DDoS) attacks in 2024, while the average cost of a cyber breach now stands at $8.75 million. Mega-breaches — those affecting 50 to 60 million records — have soared to $375 million, up $43 million from 2023. To fully benefit from the tremendous value of IoT devices, they need to be secured and managed effectively. Proper security management ensures devices are protected from cyber threats, minimising vulnerabilities that attackers exploit. This involves comprehensive visibility into device usage, regular updates to firmware, strong authentication methods, and proactive monitoring to detect and respond swiftly to security incidents. Organisations should invest in robust cybersecurity frameworks to harness IoT's full potential safely and sustainably. For the modern CISO, the mandate extends beyond protection to building a resilient cybersecurity strategy — one that ensures rapid detection, response, and recovery. In today's threat landscape, resilience isn't optional; it's a strategic necessity for business continuity and trust. 1. Know what you own: The XIoT visibility challenge You cannot protect what you cannot see. Many organisations have thousands of connected devices, yet few have a complete inventory. From smart cameras to industrial sensors, these silent operators are often neglected, leaving security gaps. S teps to take: • Catalogue every device – Identify all XIoT endpoints across departments, from IT to operational technology (OT). • Assess security measures – Check for outdated firmware, default passwords, and unpatched vulnerabilities. • Engage stakeholders – Hold cross-functional meetings with IT, OT, and physical security teams to ensure all devices are accounted for. Visibility is the foundation of security. Without a real-time asset inventory, XIoT security is a guessing game. 2. Automate security fixes: Stay ahead of the threats Manual patching is a losing battle. With multiple vendors, different operating systems, and legacy devices, keeping up with security updates is impossible without automation. What to automate: • Eliminate default logins – Many devices ship with 'admin/admin' credentials. These must be changed immediately. • Firmware updates – Some vulnerabilities, like those in Z-Wave chipsets, require urgent patching. If updates are unavailable, devices must be segmented. • Standardise security settings – Enforce encryption, secure boot, and endpoint monitoring across all connected devices. • Pro tip: Not all XIoT devices can be patched. If an update is unavailable, limit access and segment networks to reduce risk. 3. Continuous monitoring: The watchtower approach Static defences are not enough. Attackers are evolving, and so must security teams. Continuous monitoring provides real-time visibility into suspicious behaviours, unauthorised access attempts, and misconfigured devices. Best practices: • Monitor device behaviour – Use AI-driven analytics to flag unusual activity, such as an XIoT device suddenly communicating with an unknown server. • Establish incident workflows – Ensure that alerts from security operation centers (SOCs) reach the right teams in real time — whether IT, OT, or physical security. • Leverage threat intelligence – Study patterns of attempted intrusions to adjust defenses accordingly. XIoT security is not just about detection — it's about rapid response. A CISO's playbook for XIoT security Securing XIoT in the Middle East demands a dynamic, strategic approach that matches the scale and speed of the growing threat landscape. The region's digital economy is accelerating, and the volume of connected devices is rapidly multiplying. To stay ahead, CISOs must proactively identify assets, automate defences, consistently monitor threats, and swiftly enforce response frameworks. Speed and scalability are critical organisations must transition swiftly from reactive strategies to proactive, automated, and ultimately autonomous security operations. Ultimately, it is leadership, not just technology, that drives robust xIoT security. By positioning cybersecurity as a long-term strategic investment, organisations can protect infrastructure, ensure operational resilience, maintain trust, and unlock the benefits of digital transformation safely. In our increasingly connected world, proactive protection is no longer optional — it's the smarter path forward. The writer is Middle East & Africa Vice President at Phosphorus Cybersecurity.
ABC News
02-07-2025
- Business
- ABC News
Qantas says 'significant' portion customers' data likely stolen
Qantas is investigating a cyber breach on a third-party platform used by the airline's contact centre, with the proportion of customer data stolen expected to be "significant".
RNZ News
25-06-2025
- Health
- RNZ News
Tonga's government mum on health cyber breach
A cyber expert from Australia has been in the country for nearly a week and local media report more personnel are being brought in. Photo: 123RF The Tongan government has yet to reveal more details about a cyber breach of its health records that occured 10 days ago. The breach by hackers and their subsequent demand for payment were revealed in parliament four days after the event. A cyber expert from Australia has been in the country for nearly a week, and local media report that more personnel are being brought in. Meanwhile, concern about illegal access to health records is mounting, amid a requirement that patients bring any medical records they have into the country's hospitals as staff are now relying on manual data. Former Prime Minister Siaosi Sovaleni wants a full explanation from the government, but most of the country's leaders are in Ha'apai this week for the annual conference of the Wesleyan Church. Police have said that the hackers have demanded a payment in "the millions". A media conference scheduled for later on Thursday is expected to shed more light on the issue.
