Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Identity Theft. Show all posts
Identity Theft
Airline Customer Data Cyber Attacks cyberattacks on airline Data Breaches Data Leak data security Hackers Identity Theft

Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks

 

Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses a “severe, long-term identity theft risk” since they are difficult to replace and can be exploited for years in fraud schemes involving fake identities, counterfeit documents, and impersonation scams. 

The recent Qantas Airways data breach, claimed by the Scattered LAPSUS$ Hunters group, underscores the sector’s growing vulnerability. The stolen data included names, email addresses, Frequent Flyer details, and limited personal information such as phone numbers and birth dates. Fortunately, Qantas confirmed that no passport details, financial information, or credit card data were compromised. 

However, experts warn that even limited leaks can have serious consequences. “Attackers often combine personal identifiers like names and loyalty program details from multiple breaches to build complete identity profiles,” said Darius Belejevas, Head of Incogni. Such composite records can enable large-scale fraud even without financial data exposure. 

The Qantas incident also highlights the danger of third-party compromises. The breach reportedly stemmed from Salesforce social engineering and vendor vulnerabilities, illustrating how a single compromised supplier can have ripple effects across industries. Belejevas emphasized that “one compromised partner can expose millions of records in a single incident.” 

Data breaches in the airline industry are escalating rapidly. According to Cyble’s threat intelligence database, more than 20 airline-related breaches have been reported on the dark web in 2025 — a 50% increase from 2024. Much of this surge is attributed to coordinated attacks by Scattered Spider and the broader Scattered LAPSUS$ Hunters alliance, although other groups have also begun targeting the aviation sector. 

In a separate incident, the CL0P ransomware group claimed to have breached Envoy Air, a regional carrier of American Airlines. Envoy confirmed the intrusion but stated that no customer data was affected, only limited business information. In contrast, WestJet, which suffered a breach in June 2025, had passports and government-issued IDs exposed, prompting it to offer two years of free identity monitoring to affected customers. Incogni, however, warned that identity theft risks from such documents can persist well beyond two years. 

Experts urge travelers to take preventive security measures. Incogni recommends enrolling in identity theft monitoring, reporting phishing attempts to national anti-fraud agencies, using strong passwords with multi-factor authentication, and removing personal data from data broker sites. 

“Individuals and organizations must do more to safeguard sensitive data,” said Ron Zayas, CEO of Incogni. “In today’s world, data isn’t just being stolen by hackers — it’s also being misused by legitimate entities to manipulate outcomes.”
Read more »
Salesforce
Airways Data Breach Data Leaked Identity Theft LAPSUS$ Qantas Salesforce

Qantas Faces Scrutiny After Massive Data Leak Exposes Millions of Customer Records

 



Qantas Airways is under investigation after personal data belonging to millions of its customers appeared online following a major cyberattack. The breach, which originated from an offshore call centre using Salesforce software, is believed to have exposed information from around 5.7 million individuals.

According to cybersecurity reports, the data was released after a criminal group known as Scattered LAPSUS$ Hunters followed through on a ransom threat. The leaked files reportedly include customers’ full names, email addresses, Frequent Flyer membership numbers, phone numbers, home and business addresses, dates of birth, and gender details. In some cases, even meal preferences were among the stolen data.

Although Qantas had outsourced customer support operations to an external provider, Australian officials emphasized that responsibility for data protection remains with the airline. “Outsourcing does not remove a company’s cybersecurity obligations,” warned Cyber Security Minister Tony Burke, who added that serious penalties may apply if organisations fail to meet legal requirements for safeguarding personal data.

Experts have cautioned customers not to search for the leaked information online, particularly on dark web platforms, to avoid scams or exposure to malicious content.

Cybersecurity researcher Troy Hunt explained that while the stolen data may not include financial details, it still poses serious risks of identity theft. “The information provides multiple points of verification that can be exploited for impersonation attacks,” he noted. Hunt added that Qantas would likely face substantial legal and financial repercussions from the incident, including class-action lawsuits.

RMIT University’s Professor Matthew Warren described the event as the beginning of a “second wave of scams,” predicting that fraudsters could impersonate Qantas representatives to trick customers into disclosing more information. “Attackers may contact victims, claiming to offer compensation or refunds, and request bank or card details,” he said. With most Qantas passengers being Australian, he warned, “a quarter of the population could be at risk.”

In response, Qantas has established a dedicated helpline and identity protection support for affected customers. The airline also secured a court injunction from the New South Wales Supreme Court to block access to the stolen data. However, this order only applies within Australia, leaving the information still accessible on some foreign websites where the databases were leaked alongside data from other companies, including Vietnam Airlines, GAP, and Fujifilm.

Legal experts have already lodged a complaint with the Office of the Australian Information Commissioner, alleging that Qantas failed to take sufficient steps to protect personal information. Similar to previous high-profile breaches involving Optus and Medibank in 2022, the case may lead to compensation claims and regulatory fines.

Professor Warren emphasised that low conviction rates for cybercrimes continue to embolden hackers. “When attackers see few consequences, it reinforces the idea that cyber laws are not a real deterrent,” he said.


Read more »
UK Trade Union
Bectu Data Breach Cybersecurity Incident Data protection ICO Investigation Identity Theft Member Information Leak Privacy Prospect Cyberattack UK Trade Union

Data Breach at Bectu Exposes Members’ Information and Bank Details


 

Prospect, one of the UK's leading trade unions, has revealed that in June 2025, it was seriously affected by a cyberattack which had been discovered in the wake of a sophisticated cyberattack that had been launched against it. This underscores the sophistication and persistence of cyber attacks against professional bodies that are becoming ever more sophisticated. A significant part of the data that has been compromised is sensitive financial and personal data belonging to members of Prospect, the union affiliated with Prospect, and its member union, Bectu, a major representation body for professionals in the film and television industry in the country. 

Prospect, a national organisation of close to 160,000 engineers, scientists, managers, and specialists from companies including BT Group, Siemens, and BAE Systems, disclosed that the breach involved a considerable amount of confidential information from its members. Based on preliminary findings, it has been found that the attackers have accessed names, birthdates, contact information, bank account information, including sort codes, for over one year. 

Moreover, it has been suggested that data related to protected personal characteristics, including gender, race, religion, disability status, and employment status, may also have been compromised. A disclosure of this nature is not surprising considering that unions and membership-based organisations are increasingly relying on digital platforms for managing member records, communicating with members, and processing subscriptions – all of which make them attractive targets for cybercriminals who are looking for large quantities of personal information in bulk. 

Bectu Members Among the Most Affected

It is estimated that thousands of people, including Bectu, one of the largest unions in the UK representing professional workers in the film and television industries, as well as theatre and live entertainment, will be affected by this strike. The organisation, which operates under Prospect, acts as an important voice for screen and stage workers, from technicians to creative freelancers, as well as the production crew. A significant percentage of Bectu's approximately 40,000 members may have been affected by the breach, according to internal assessments. While it has not yet been officially confirmed how large a compromise was, early indications suggest that the attack may have exposed highly detailed personal information, leaving individuals open to the possibility that their data could be misused. There are several types of information that have been compromised in addition to bank account information and financial details, including addresses, phone numbers, and email accounts, as well as personal identifiers such as birth dates. The information, which includes diversity and equality statistics and individual case files - often used in representation and employment disputes - was also accessed in some instances. 

Timeline and Discovery of the Breach 

There was a report of a cyberattack that occurred in June 2025, however the full extent of the incident did not become apparent until a detailed forensic investigation of the incident in the months that followed. Prospect's General Secretary, Mike Clancy, formally notified members of the breach in October 2025 via email communications, explaining the nature of the breach, as well as the measures that were being taken to address it. After the incident occurred, Prospect has reported it to the Information Commissioner's Office (ICO), the police, and other relevant authorities. The company has also hired cybersecurity specialists to assist in the ongoing investigation, strengthen internal defences, and ensure that affected individuals receive information on how to safeguard their personal information. 

Prospect’s Official Response 

Michael Clancy, president of the company, issued an official statement addressing the incident in which he confirmed that internal investigations had confirmed that unauthorised access had been gained to the data of specific members. “This investigation is ongoing, but we have unfortunately identified that some member information was accessed during this incident. The evidence we have gathered has identified the members that we need to contact about an impact on their personal information. We have written to them with information on what this means for them and the support Prospect will provide to mitigate risk,” Clancy said.

Among the union's commitments to transparency and determination to assist affected members after the breach, the union stressed its commitment to transparency. Prospect will be offering a free 12-month credit and identity monitoring service as part of its response strategy to help safeguard members from potential financial fraud or identity theft caused by the stolen information as part of its response strategy. 

Cybersecurity Experts Warn of Growing Risks to Unions.  Several cybersecurity analysts have pointed out that trade unions, as well as professional associations, are becoming prime targets for data breaches due to the sheer amount of personal information they collect and store. Many unions, in contrast to corporations, do not have a lot of IT resources at their disposal, making them more vulnerable to sophisticated cyberattacks than other organisations. 

It is important to note that unions store an enormous amount of sensitive information - from payroll information to contact information to equality and disciplinary records. In addition to this, cybercriminals are highly interested in these types of data and can exploit or sell it for financial or political gain. Although the motives behind the Prospect breach remain unclear, investigators have not yet officially identified any specific threat actor responsible for the attack, despite similar incidents occurring in recent years having been linked to organised cybercrime groups that extort organisations or sell stolen data via dark web marketplaces in an attempt to profit. 

Regulatory and Legal Implications 

The UK Data Protection Act 2018 and the UK GDPR require Prospect to report significant data breaches to the Information Commissioner (ICO) and inform affected individuals “without undue delay.” As part of its review of the case, the ICO will examine whether appropriate data protection measures had been implemented before the incident and whether additional sanctions or guidance should have been issued in the future. 

There may be substantial penalties imposed on organisations which fail to implement sufficient cybersecurity safeguards, including a fine of up to £17.5 million or 4% of the company's global annual turnover, whichever is greater. There is, however, a significant difference between Prospect and other unions, which are typically nonprofit organisations, and regulatory authorities may instead concentrate on remediation, accountability, and security governance reform. 

Industry Repercussions and Member Concerns 

Many members of both Bectu and Prospect have expressed concern about the incident, since they work in sectors already confronted with job insecurity and issues relating to data privacy. A number of people have expressed concerns about the misuse of financial information or the possibility of targeted phishing attacks following the breach. 

Bectu members, whose professional lives are often based on freelance or contractual work, should be aware that any compromise of personal or banking details could lead to serious consequences for them. According to the union, members should be vigilant, monitor their bank accounts regularly, and report suspicious activity to the financial institution as soon as possible. 

In the opinion of industry observers, the reputational impact could extend far beyond the unions themselves. Due to the waning confidence in digital record-keeping systems, organisations are being urged to invest in stronger encryption, zero-trust network frameworks, and regular security audits in order to avoid similar incidents from occurring again. 

A Wake-Up Call for the Sector

A breach like this serves as an important reminder for all professional organisations that handle large amounts of member or employee data regularly. In an increasingly digitalised world, in which sensitive information is exchanged and stored online, robust cybersecurity measures are no longer optional — they are essential to maintaining trust and operational integrity in the digital age. 

 There has been a clear commitment by Prospect and Bectu to assist affected members, strengthen their IT infrastructure, and prevent future breaches as investigations continue. The outcome of the ICO’s review, which is expected to be completed later this year, may serve as a guide for how similar incidents are handled across the UK's trade union landscape going forward.
Read more »
Scams
AI Cyber Fraud Deepfake Identity Theft Keystrokes Ransomware Scams

AI Turns Personal: Criminals Now Cloning Loved Ones to Steal Money, Warns Police

 



Police forces in the United Kingdom are alerting the public to a surge in online fraud cases, warning that criminals are now exploiting artificial intelligence and deepfake technology to impersonate relatives, friends, and even public figures. The warning, issued by West Mercia Police, stresses upon how technology is being used to deceive people into sharing sensitive information or transferring money.

According to the force’s Economic Crime Unit, criminals are constantly developing new strategies to exploit internet users. With the rapid evolution of AI, scams are becoming more convincing and harder to detect. To help people stay informed, officers have shared a list of common fraud-related terms and explained how each method works.

One of the most alarming developments is the use of AI-generated deepfakes, realistic videos or voice clips that make it appear as if a known person is speaking. These are often used in romance scams, investment frauds, or emotional blackmail schemes to gain a victim’s trust before asking for money.

Another growing threat is keylogging, where fraudsters trick victims into downloading malicious software that secretly records every keystroke. This allows criminals to steal passwords, banking details, and other private information. The software is often installed through fake links or phishing emails that look legitimate.

Account takeover, or ATO, remains one of the most common types of identity theft. Once scammers access an individual’s online account, they can change login credentials, reset security settings, and impersonate the victim to access bank or credit card information.

Police also warned about SIM swapping, a method in which criminals gather personal details from social media or scam calls and use them to convince mobile providers to transfer a victim’s number to a new SIM card. This gives the fraudster control over the victim’s messages and verification codes, making it easier to access online accounts.

Other scams include courier fraud, where offenders pose as police officers or bank representatives and instruct victims to withdraw money or purchase expensive goods. A “courier” then collects the items directly from the victim’s home. In many cases, scammers even ask for bank cards and PIN numbers.

The force’s notice also included reminders about malware and ransomware, malicious programs that can steal or lock files. Criminals may also encourage victims to install legitimate-looking remote access tools such as AnyDesk, allowing them full control of a victim’s device.

Additionally, spoofing — the act of disguising phone numbers, email addresses, or website links to appear genuine, continues to deceive users. Fraudsters often combine spoofing with AI to make fake communication appear even more authentic.

Police advise the public to remain vigilant, verify any unusual requests, and avoid clicking on suspicious links. Anyone seeking more information or help can visit trusted resources such as Action Fraud or Get Safe Online, which provide updates on current scams and guidance on reporting cybercrime.



Read more »
Phone
Android Apple Bank Accounts Cyber Security Data Email Identity Theft MFA Phone

Lost or Stolen Phone? Here’s How to Protect Your Data and Digital Identity

 



In this age, losing a phone can feel like losing control over your digital life. Modern smartphones carry far more than contacts and messages — they hold access to emails, bank accounts, calendars, social platforms, medical data, and cloud storage. In the wrong hands, such information can be exploited for financial fraud or identity theft.

Whether your phone is misplaced, stolen, or its whereabouts are unclear, acting quickly is the key to minimizing damage. The following steps outline how to respond immediately and secure your data before it is misused.


1. Track your phone using official recovery tools

Start by calling your number to see if it rings nearby or if someone answers. If not, use your device’s official tracking service. Apple users can access Find My iPhone via iCloud, while Android users can log in to Find My Device.

These built-in tools can display your phone’s current or last known location on a map, play a sound to help locate it, or show a custom message on the lock screen with your contact details. Both services can be used from another phone or a web browser. Avoid third-party tracking apps, which are often unreliable or insecure.


2. Secure your device remotely

If recovery seems unlikely or the phone may be in someone else’s possession, immediately lock it remotely. This prevents unauthorized access to your personal files, communication apps, and stored credentials.

Through iCloud’s “Mark as Lost” or Android’s “Secure Device” option, you can set a new passcode and display a message requesting the finder to contact you. This function also disables features like Apple Pay until the device is unlocked, protecting stored payment credentials.


3. Contact your mobile carrier without delay

Reach out to your mobile service provider to report the missing device. Ask them to suspend your SIM to block calls, texts, and data usage. This prevents unauthorized charges and, more importantly, stops criminals from intercepting two-factor authentication (2FA) messages that could give them access to other accounts.

Request that your carrier blacklist your device’s IMEI number. Once blacklisted, it cannot be used on most networks, even with a new SIM. If you have phone insurance, inquire about replacement or reimbursement options during the same call.


4. File an official police report

While law enforcement may not always track individual devices, filing a report creates an official record that can be used for insurance claims, fraud disputes, or identity theft investigations.

Provide details such as the model, color, IMEI number, and the time and place where it was lost or stolen. The IMEI (International Mobile Equipment Identity) can be found on your phone’s box, carrier account, or purchase receipt.


5. Protect accounts linked to your phone

Once the device is reported missing, shift your focus to securing connected accounts. Start with your primary email, cloud services, and social media platforms, as they often serve as gateways to other logins.

Change passwords immediately, and if available, sign out from all active sessions using the platform’s security settings. Apple, Google, and Microsoft provide account dashboards that allow you to remotely sign out of all devices.

Enable multi-factor authentication (MFA) on critical accounts if you haven’t already. This adds an additional layer of verification that doesn’t rely solely on your phone.

Monitor your accounts closely for unauthorized logins, suspicious purchases, or password reset attempts. These could signal that your data is being exploited.


6. Remove stored payment methods and alert financial institutions

If your phone had digital wallets such as Apple Pay, Google Pay, or other payment apps, remove linked cards immediately. Apple’s Find My will automatically disable Apple Pay when a device is marked as lost, but it’s wise to verify manually.

Android users can visit payments.google.com to remove cards associated with their Google account. Then, contact your bank or card issuer to flag the loss and monitor for fraudulent activity. Quick reporting allows banks to block suspicious charges or freeze affected accounts.


7. Erase your device permanently (only when recovery is impossible)

If all efforts fail and you’re certain the device won’t be recovered, initiate a remote wipe. This deletes all data, settings, and stored media, restoring the device to factory condition.

For iPhones, use the “Erase iPhone” option under Find My. For Androids, use “Erase Device” under Find My Device. Once wiped, you will no longer be able to track the device, but it ensures that your personal data cannot be accessed or resold.


Be proactive, not reactive

While these steps help mitigate damage, preparation remains the best defense. Regularly enable tracking services, back up your data, use strong passwords, and activate device encryption. Avoid storing sensitive files locally when possible and keep your operating system updated for the latest security patches.

Losing a phone is stressful, but being prepared can turn a potential disaster into a controlled situation. With the right precautions and quick action, you can safeguard both your device and your digital identity.



Read more »
Spear Phishing
Cyber Security Emails Google Ads Identity Theft Linkedin links phishing Spear Phishing

Phishing Expands Beyond Email: Why New Tactics Demand New Defences

 


Phishing has long been associated with deceptive emails, but attackers are now widening their reach. Malicious links are increasingly being delivered through social media, instant messaging platforms, text messages, and even search engine ads. This shift is reshaping the way organisations must think about defence.


From the inbox to every app

Work used to be confined to company networks and email inboxes, which made security controls easier to enforce. Today’s workplace is spread across cloud platforms, SaaS tools, and dozens of communication channels. Employees are accessible through multiple apps, and each one creates new openings for attackers.

Links no longer arrive only in email. Adversaries exploit WhatsApp, LinkedIn, Signal, SMS, and even in-app messaging, often using legitimate SaaS accounts to bypass email filters. With enterprises relying on hundreds of apps with varying security settings, the attack surface has grown dramatically.


Why detection lags behind

Phishing that occurs outside email is rarely reported because most industry data comes from email security vendors. If the email layer is bypassed, companies must rely heavily on user reports. Web proxies offer limited coverage, but advanced phishing kits now use obfuscation techniques, such as altering webpage code or hiding scripts to disguise what the browser is actually displaying.

Even when spotted, non-email phishing is harder to contain. A malicious post on social media cannot be recalled or blocked for all employees like an email. Attackers also rotate domains quickly, rendering URL blocks ineffective.


Personal and corporate boundaries blur

Another challenge is the overlap of personal and professional accounts. Staff routinely log into LinkedIn, X, WhatsApp, or Reddit on work devices. Malicious ads placed on search engines also appear credible to employees browsing for company resources.

This overlap makes corporate compromise more likely. Stolen credentials from personal accounts can provide access to business systems. In one high-profile incident in 2023, an employee’s personal Google profile synced credentials from a work device. When the personal device was breached, it exposed a support account linked to more than a hundred customers.


Real-world campaigns

Recent campaigns illustrate the trend. On LinkedIn, attackers used compromised executive accounts to promote fake investment opportunities, luring targets through legitimate services like Google Sites before leading them to phishing pages designed to steal Google Workspace credentials.

In another case, malicious Google ads appeared above genuine login pages. Victims were tricked into entering details on counterfeit sites hosted on convincing subdomains, later tied to a campaign by the Scattered Spider group.


The bigger impact of one breach

A compromised account grants far more than access to email. With single sign-on integrations, attackers can reach multiple connected applications, from collaboration tools to customer databases. This enables lateral movement within organisations, escalating a single breach into a widespread incident.

Traditional email filters are no longer enough. Security teams need solutions that monitor browser behaviour directly, detect attempts to steal credentials in real time, and block attacks regardless of where the link originates. In addition, enforcing multi-factor authentication, reducing unnecessary syncing across devices, and educating employees about phishing outside of email remain critical steps.

Phishing today is about targeting identity, not just inboxes. Organisations that continue to see it as an email-only problem risk being left unprepared against attackers who have already moved on.


Read more »
TransUnion
Consumer Protection Cybersecurity Data Breach Identity Theft Social Engineering third-party risk TransUnion

Credit Bureau TransUnion Confirms Breach Impacting Millions


 

In the apparent wake of growing threats to consumers' personal information, credit reporting giant TransUnion has recently announced a cybersecurity incident that exposed personal information from more than 4.4 million Americans. Several regulators and state attorneys general have confirmed that the breach took place on July 28, 2025, and was discovered just two days later by investigators. 

Among the data exposed was sensitive information such as names, Social Security numbers, and dates of birth, which were linked to a third-party application that was used by TransUnion in its U.S. consumer operations. In its statement, TransUnion clarified that the breach was limited in scope, clarifying that its internal systems and core credit reporting databases were not impacted by the breach. 

The company also stated that no credit reports or core financial records - information that could be highly valuable to fraudsters - were accessed by anyone. TransUnion filed notifications in Maine and Texas indicating that the incident was related to a third-party platform that was reportedly linked to Salesforce, rather than TransUnion's own infrastructure. 

Despite the company’s description of the exposure, which was limited to “some limited personal data”, the magnitude of the breach underscores the ongoing risks associated with external service providers in the financial services industry. 

Recent years have seen a growing concern for credit bureaus as consumer information has become increasingly attractive to cybercriminals as a target. This latest security incident is another in a long string of security incidents that have impacted major financial institutions in recent years, highlighting the difficulty of safeguarding sensitive information across a complex digital ecosystem. 

In addition to Experian and Equifax, TransUnion is one of the nation's "big three" credit reporting agencies, and together with them, they play an important role in shaping our nation's financial system by compiling detailed credit histories on nearly every consumer who has an active credit history. These files are used to create credit reports that lenders, landlords, and employers use in order to gauge a person's financial security, and they are also used to build widely known scoring models like FICO. 

This is the method by which lenders, landlords, and employers use to calculate a credit score that is composed of three digits. It is therefore natural for breaches involving such institutions to have such a significant impact on consumers and the economy as a whole. Taking a step in response to the latest incident, TransUnion has begun to send out letters to affected individuals directly and has urged consumers to contact the fraud helpline at 1-800-516-4700, which is open on weekdays, to find out if they are in good standing. 

In addition, experts suggest that consumers periodically review their credit reports across the three credit bureaus—which can be accessed for free once a week by visiting AnnualCreditReport.com.com—to see if there are any inaccuracies or if there are signs that something is amiss. As a measure of further security, paid services, like MyFico, can track FICO scores in real time and monitor fraud, while platforms like Credit Karma and WalletHub offer free VantageScore reports to subscribers who enrol in them. 

The TransUnion company initially stated that there had been no compromise of credit files; however, subsequent disclosures told a much more troubling story. According to regulatory filings filed with the Texas Attorney General’s office, among the exposed data set were names, dates of birth, and Social Security numbers, which are some of the most sensitive identifiers in the world today. 

There is no way to monitor or reset Social Security numbers, unlike credit information, which can be monitored or reset, and it may serve as a gateway to long-term identity theft and fraud. Several financial security experts warn that such information can be used for a number of purposes, including opening unauthorised credit lines, applying for loans or government benefits under stolen identities, submitting false tax returns, and other financial crimes. 

Considering that TransUnion is among the largest credit bureaus in the nation and holds records on over 260 million Americans, this breach raises serious concerns about the resilience of institutions that safeguard some of the country’s most critical consumer information. As a consequence of the breach, which was detected on July 28  and contained within hours, affected individuals have now been notified about it. 

There has been no compromise of TransUnion's core credit database or consumer credit reports, a company that is among the nation's three primary credit bureaus, along with Equifax and Experian. Rather, the intrusion was traced back to a third-party application supporting U.S. consumer operations, where unauthorised access allowed for the publication of limited personal information. According to court filings in Maine and Texas, however, names, birthdates, and Social Security numbers were among the data that had been compromised. 

In order to assess the full scope of this incident, TransUnion has engaged an independent cybersecurity expert to conduct a forensic analysis. The incident occurred in the midst of a large wave of cyberattacks targeting Salesforce-connected software. In June, Google revealed that hackers were using modified versions of Salesforce-related tools for infiltration and stealing large amounts of sensitive data from cloud systems. ShinyHunters, a cybercriminal organisation suspected of being involved in such campaigns, has been accused of using extortion tactics against employees of victim companies.

Security researchers have noted that some of the biggest corporations in the world have been breached in similar ways in recent months, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas. This highlights the importance of supply-chain vulnerabilities in a wide range of popular platforms as well as the dangers they pose. 

According to Salesforce, social engineering attacks against users, and not flaws in Salesforce's platform, were at fault, as it has maintained. A comparison is inevitably drawn with Equifax's 2017 data breach, one of the biggest in U.S. history, in which 147 million Americans' personal data was exposed, costing the company nearly $700 million in settlements and fines, and ultimately causing the company to lose millions of dollars. 

In the wake of this incident, congressional hearings were held and scrutiny of the credit reporting industry heightened, which led to state and federal government reforms aimed at strengthening consumer data protection. As a result of the TransUnion breach, security experts are once again urging the affected to be vigilant, reviewing their credit reports, setting up fraud alerts, and monitoring their accounts to ensure that unusual activity does not occur. 

As of right now, AnnualCreditReport.com is providing free weekly credit reports from all three major credit bureaus. Additional monitoring services may also provide a means of detecting signs of fraud, while in the meantime, Schubert Jonckheer & Kolbe has announced an investigation into the TransUnion incident, signalling the possibility of further litigation. 

TransUnion has yet to provide any details regarding the new safeguards that TransUnion intends to implement, nor has it specified whether financial restitution will be provided to victims. There have been a growing number of high-profile breaches involving third-party providers, which have been attributed to vulnerabilities in those third parties during the last few years.

For example, in June 2025, a cyberattack against chains IQ chain exposed proprietary data and banking information of the banking giant UBS. The following month, Allianz Life announced that a compromised cloud-based customer relationship management system had been used to obtain personal information regarding the majority of the company's 1.4 million American customers. That same month, Qantas confirmed that approximately six million customer records were exposed after hackers breached a third-party customer service platform on which Qantas had relied. 

Researchers have identified many of these incidents as related to cybercriminal groups such as ShinyHunters and Scattered Spider, both of which specialise in exploiting third-party information technology and cloud providers, and both of which specialise in using advanced social engineering tactics to do so. A number of these groups are thought to be associated with "The Com," a sprawling, loosely organised, cybercriminal community comprised of thousands of English-speaking actors who have collaborated on data theft, extortion, and fraud campaigns across a wide range of industries. 

A number of recent incidents have highlighted the persistent vulnerability of third-party platforms, as well as the increasing sophistication of cybercriminal groups attacking the financial services industry. As consumers are reminded by the breach, even when core systems remain intact, the theft of identifying information like Social Security numbers can result in long-term impacts that go beyond the initial intrusion, even if the original intrusion is not detected. 

It is highly recommended that individuals do more than simply review their credit reports—by freezing their credit with all three credit bureaus, a person is preventing the opening of a new account in their name by criminals, while a fraud alert can assist in making it more difficult for the criminals to take advantage of stolen information. 

Moreover, consumers should also consider employing identity monitoring tools that can provide them with the ability to scan the dark web for compromised information before potential misuse turns into financial damage. 

There is also a clear lesson to be learned from reliance on third-party applications: organisations need not only contractual protection but also continuous monitoring, rigorous vetting, and layers of defence to prevent unauthorised access to their systems. Increasingly, supply chain attacks will be a growing problem, and resilience will be dependent upon proactive investment in security as well as consumer awareness of the threats.
Read more »
malware
2FA cryptocurrency Fake Captcha Identity Theft Lumma Stealer malware

Hackers Trick Users with Fake Captchas to Steal Data

 



Cybersecurity researchers have uncovered a new technique where attackers use fake Captcha tests to trick people into installing malware called Lumma Stealer. This malicious program is designed to quietly search infected computers for valuable information, such as login credentials, cryptocurrency wallet details, and two-factor authentication codes.

The scheme first appeared on a Greek banking website, where users were shown what looked like a Captcha security test. Instead of a normal verification, the prompt instructed Windows users to copy a piece of text into their Run dialog box and press Enter. By doing so, victims unknowingly triggered the installation of Lumma Stealer without downloading a visible file.

According to data shared by DNSFilter, a security company monitoring the incident, clients came across this fake Captcha 23 times in just three days. Alarmingly, around 17% of users who saw it followed the instructions, which led to attempts to infect their systems with malware.


How Lumma Stealer Works

Once inside a computer, Lumma Stealer immediately begins searching for anything that can be exploited for profit. This includes saved browser passwords, cookies, stored two-factor authentication tokens, cryptocurrency wallets, and even the data kept in password managers. Cybercriminals can use this stolen information to commit identity theft, break into financial accounts, or steal digital assets such as crypto funds.

What makes this threat particularly concerning is that Lumma Stealer can be hidden on otherwise legitimate websites, meaning unsuspecting users may fall victim even without visiting suspicious or obviously harmful pages.


Malware-as-a-Service Model

Lumma Stealer is part of a growing cybercrime trend known as Malware-as-a-Service (MaaS). Under this model, professional malware developers create the malicious software, improve its ability to avoid detection, and maintain hosting services. They then rent access to the malware to other cybercriminals in exchange for subscription fees. This arrangement makes it easy for attackers with little technical expertise to launch damaging campaigns.

Earlier this year, authorities attempted to disrupt Lumma Stealer operations. The U.S. Department of Justice seized several domains linked to the malware, while Microsoft removed thousands of related websites. However, security analysts report that Lumma Stealer quickly resurfaced, showing just how resilient and profitable such services can be.

Part of Lumma Stealer’s popularity comes from its low cost. Subscriptions can be found on underground forums for only a few hundred dollars per month, yet the potential financial return for criminals is enormous. In recent analyses, experts estimated that hundreds of thousands of devices have been compromised, with losses reaching tens of millions of dollars.

The importance of staying alert online cannot be emphasised enough. Unusual instructions, such as copying text into a computer’s Run command should raise suspicion immediately. Cybersecurity specialists advise users to verify unexpected prompts and ensure their systems are protected with updated security tools to reduce the risk of infection.



Read more »
Identity Theft
CERT Cyberattack CyberCrime Dark Web Data Breach Digital Vulnerability FBI Hospitality Security Identity Theft

Cybercriminals Steal Thousands of Guest ID Documents from Italian Hotels

 


Thousands of travellers have been left vulnerable to cyberattacks caused by hotel systems that have been breached by a sweeping cyberattack. Identities that have been stolen from hotel systems are now circulating on underground forums. According to the government's Agency for Digital Italy (CERT-AGID), the breach has now become among the most significant data security incidents to have struck the country's tourism industry in recent years due to the breach that has been confirmed by the agency. 

According to an FBI report, a hacker using the alias “mydocs” is suspected of gaining access to hotel reservation platforms from June to August, allowing them to download high-resolution copies of passports, identification cards, and other identity documents obtained during guest check-in. This hacker has been selling a total of over 90,000 documents on well-known cybercrime forums, spread across a number of batches. 

Hotels and Guests Caught Off Guard

A total of ten hotels have been confirmed to have been affected by the theft, but officials warn that this number may increase as the investigation continues. It has been observed that CERT-AGID has already intercepted at least one attempt to resell the data illegally, which suggests that much of the information being offered is genuinely accurate rather than exaggerated, as is often the case within cybercriminal circles. Passports, as well as national identification cards, are of particular value because of their potential for abuse, which means that they are particularly valuable. 

There is a possibility that fraudsters can exploit this information to create false identities, open accounts with banks, or launch sophisticated social engineering attacks in an effort to fool the victim into divulging even more personal information. It is stated in the CERT-AGID public advisory that the possible consequences for those affected are "serious, both legally and financially." 

The Scale of the Breach

Hotels are being questioned about how much information they keep, and for how long, based on the scope of the breach. In spite of the fact that the incidents are believed to have occurred between June and July, investigators can't rule out the possibility that years of archived guest scans were hacked. Several travelers would have been affected beyond the tens of thousands confirmed to have been affected, which is a significant increase in the number of affected travellers. 

There has been a report on the Ca’ dei Conti in Veneto, a four-star hotel in Venice, that was among the properties that were targeted. According to Corriere del Veneto, as many as 38,000 guest records have been gathered at this hotel, which demonstrates just how large the attack has been. It has been reported that stolen data is being offered on the dark web for sale at a price ranging from $937 to $11,714 per tranche, depending on the size and type of the data. 

A Familiar Target for Cybercriminals 

There has been a troubling pattern of attacks in the hospitality sector for some time now. As a result of collecting a combination of financial and identity data from millions of guests each year, hotels have always been a target for hackers. Due to their old IT systems, fragmented digital platforms, and global nature, they are a relatively easy target and high in value. 

In April of this year, CERT-AGID interrupted a separate smishing campaign aimed at stealing Italian citizens' identification documents. It was found that the attackers asked victims to send selfies with their identification cards as a way to increase the value of stolen credentials for fraudulent activity and impersonation schemes. This was done as a result of the fact that multiple, unrelated operations have emerged within the last few months, demonstrating the growing demand for identity data on criminal markets for a variety of reasons. 

How the Data Can Be Abused

It is important to note that cybersecurity experts warn that stolen identity scans can be reused in several ways that travellers might not anticipate. Besides the obvious risks of opening a bank account or applying for a loan, criminals can also use this information to rent properties or commit tax fraud or circumvent identity checks on the web. These documents can form the basis of long-term fraud campaigns when combined with other leaked information, such as email addresses and telephone numbers, that has been leaked. 

The authorities are warning anyone who stayed in an Italian hotel over the summer to keep an eye out for red flags such as credit inquiries, unusual account activity, or unsolicited bank correspondence. It is not uncommon for the first signs of misuse to emerge weeks or even months after the initial breach has taken place. 

Industry Response and Urgency 

It has been urged that hotels and other organisations that handle identity information take immediate steps to strengthen their defences. In the agency's advisory, it was stressed that businesses had to go beyond simply complying with data processing laws, and should adopt robust digital security practices, from encrypted storage to stronger authentication protocols as well as regular audits of their systems. 

The increase in illicit identity document sales confirms that increased awareness and protective measures should be taken by both the organisations that manage them and the citizens themselves, according to a statement released by the agency. Italy, where tourism is a significant part of its national economy, faces both economic and reputational risks as a consequence of the incident. 

There are millions of visitors who each year submit sensitive information to websites in the hope that their privacy will be protected. Experts warn, however, that if breaches of this scale continue, it will have a long-term impact on public trust in the industry. 

A Warning for the Global Hospitality Industry

There is no doubt that the "mydocs" case is a wake-up call for Italy, but it is also a wake-up call for the entire international hotel industry. Hotels around the world have adopted digital check-in tools and automated identification verification tools for the purpose of protecting sensitive data, often without the required security measures to protect them. 

As investigators continue to uncover the extent of this breach, it is becoming increasingly clear that cybersecurity must now take precedence in an industry where efficiency and convenience often dominate. When there is no stronger protection in place, hotels risk becoming prime hunting grounds for identity thieves, leaving guests to pay for their actions long after they have checked out of their hotel. 

Hotel businesses in Italy are facing a breach that is more than a cautionary tale. It is also an opportunity for their approach to digital trust to be reevaluated. The problem with maintaining guests’ confidence has become increasingly important in an age where privacy and security are key components of customer expectations, and hotels and tourism operators face the challenge of complying with regulatory requirements as well. 

Providing a high-quality service to guests must include a strong emphasis on cybersecurity, just as much as comfort and convenience. Investing in stronger encryption systems, secure data storage, periodic penetration testing, and employee awareness programs can considerably reduce risks, while partnering with cybersecurity firms may allow people to add a further layer of protection.

It is also important for guests to take steps to safeguard themselves against misuse of their credit reports by monitoring credit reports, using identity protection services, and limiting the sharing of unnecessary documents during check-in. The headlines of this incident emphasise the alarming reality of stolen identities, but if this incident prompts meaningful change in the future, it is likely to be one of resilience. 

Taking decisive action now could not only enable Italy's hospitality sector to recover from this blow but also be a driving force in setting a new benchmark for digital safety in global tourism in the future.
Read more »
Scattered Spider
Data Breach Identity Theft Indemnity Insurance philadelphia Scattered Spider

Insurance Provider Reports June Cyber Breach

 


Philadelphia Indemnity Insurance Company has confirmed that customer information was exposed during a cyber incident that occurred in June. The company shared the update through a recent filing with California’s Attorney General, marking the latest in a growing number of attacks targeting the insurance sector.

The breach was traced back to a period between June 9 and June 10, when an unauthorized individual gained access to parts of the company’s systems. Although the incident was initially referred to as a network outage, a closer look revealed that certain personal details belonging to customers had been accessed and stolen.

According to the company’s investigation, which concluded about a month later on July 9, the compromised information included customers’ full names, birth dates, and driver’s license numbers. So far, the company has not revealed how many individuals were affected or who might be responsible for the breach.

Philadelphia Indemnity stated that no ransomware was used, and no files were encrypted during the incident. However, to better understand what happened and assess the damage, the company hired independent cybersecurity experts and reported the situation to law enforcement.

This breach comes at a time when cyberattacks targeting insurance companies appear to be on the rise. Security researchers have recently linked several similar incidents to a known hacking group called "Scattered Spider," although Philadelphia Indemnity has not confirmed any connection to that group in this case.

Other companies in the industry, including Aflac and Erie Insurance, also reported data breaches in June, suggesting a broader trend of insurance providers being targeted.

As of now, Philadelphia Indemnity has not issued a public statement beyond the regulatory filing and did not respond to requests for further comment.

The incident is a wake up call regarding the growing risks in the digital ecosystem and the importance of strong cybersecurity, especially for organizations that manage sensitive personal data. Customers are advised to monitor their accounts for unusual activity and consider taking precautionary steps like credit monitoring or identity theft protection.

Read more »
Technology
AI Cryptography Encryption Identity Theft Policy Quantum computing Technology

Why Policy-Driven Cryptography Matters in the AI Era

 



In this modern-day digital world, companies are under constant pressure to keep their networks secure. Traditionally, encryption systems were deeply built into applications and devices, making them hard to change or update. When a flaw was found, either in the encryption method itself or because hackers became smarter, fixing it took time, effort, and risk. Most companies chose to live with the risk because they didn’t have an easy way to fix the problem or even fully understand where it existed.

Now, with data moving across various platforms, for instance cloud servers, edge devices, and personal gadgets — it’s no longer practical to depend on rigid security setups. Businesses need flexible systems that can quickly respond to new threats, government rules, and technological changes.

According to the IBM X‑Force 2025 Threat Intelligence Index, nearly one-third (30 %) of all intrusions in 2024 began with valid account credential abuse, making identity theft a top pathway for attackers.

This is where policy-driven cryptography comes in.


What Is Policy-Driven Crypto Agility?

It means building systems where encryption tools and rules can be easily updated or swapped out based on pre-defined policies, rather than making changes manually in every application or device. Think of it like setting rules in a central dashboard: when updates are needed, the changes apply across the network with a few clicks.

This method helps businesses react quickly to new security threats without affecting ongoing services. It also supports easier compliance with laws like GDPR, HIPAA, or PCI DSS, as rules can be built directly into the system and leave behind an audit trail for review.


Why Is This Important Today?

Artificial intelligence is making cyber threats more powerful. AI tools can now scan massive amounts of encrypted data, detect patterns, and even speed up the process of cracking codes. At the same time, quantum computing; a new kind of computing still in development, may soon be able to break the encryption methods we rely on today.

If organizations start preparing now by using policy-based encryption systems, they’ll be better positioned to add future-proof encryption methods like post-quantum cryptography without having to rebuild everything from scratch.


How Can Organizations Start?

To make this work, businesses need a strong key management system: one that handles the creation, rotation, and deactivation of encryption keys. On top of that, there must be a smart control layer that reads the rules (policies) and makes changes across the network automatically.

Policies should reflect real needs, such as what kind of data is being protected, where it’s going, and what device is using it. Teams across IT, security, and compliance must work together to keep these rules updated. Developers and staff should also be trained to understand how the system works.

As more companies shift toward cloud-based networks and edge computing, policy-driven cryptography offers a smarter, faster, and safer way to manage security. It reduces the chance of human error, keeps up with fast-moving threats, and ensures compliance with strict data regulations.

In a time when hackers use AI and quantum computing is fast approaching, flexible and policy-based encryption may be the key to keeping tomorrow’s networks safe.

Read more »
malware download
Bitdefender scam counterfeit website Identity Theft malware malware download

Fake Bitdefender Site Distributes Malware: Cybercriminals Exploit Trusted Brands to Steal Sensitive Data

 

Bitdefender, a well-known and reputable cybersecurity and antivirus software provider, has become the latest target of cybercriminals. In a deeply troubling incident, scammers created a fake Bitdefender website, tricking users into downloading malware under the guise of legitimate antivirus software. Instead of safeguarding their devices, unsuspecting users ended up installing malicious software capable of stealing sensitive data, including passwords and personal information—potentially leading to identity theft and unauthorized access to online accounts, such as banking platforms.

Adding to the severity of the situation is the fact that the malware used in this scam is easily accessible for purchase on the Dark Web—a hidden layer of the internet known for illicit trade. The internet is divided into three main layers:

The Surface Web, used for regular browsing via search engines like Google. The Deep Web, which includes content behind logins, like banking or health portals.

The Dark Web, accessible only through specific browsers such as Tor, which anonymize user activity.

The scam reflects the growing threat of Cybercrime-as-a-Service (CaaS), a criminal business model that enables even low-skill actors to rent or buy pre-built hacking tools, counterfeit websites, and malware kits. These Dark Web marketplaces often resemble legitimate e-commerce platforms, offering customer support, product reviews, subscription models, and even money laundering options.

Designing a counterfeit website is just the beginning. The real deception lies in driving traffic to these fake pages. Cybercriminals frequently manipulate search engine algorithms using keyword stuffing or even purchase sponsored listings, boosting the visibility of their fake websites to unsuspecting users.

So, how can users defend themselves in an age where AI-generated content makes fake websites look almost indistinguishable from the real ones?

“Trust me, you can't trust anyone,” the article notes. “It is more important than ever when you go online to make sure that you are on the legitimate websites you seek rather than a criminal's counterfeit website.”

To protect yourself:
  • Enable two-factor authentication (2FA) on all major accounts, adding a crucial layer of security.
  • Manually type URLs instead of clicking on unfamiliar links.
  • Use WHOIS.com to verify domain ownership and registration history.
  • Check suspicious links with VirusTotal.com, a free tool that runs URL scans through multiple antivirus engines, including Bitdefender.
  • Rely on tools like Google Transparency Report and Chrome’s AI-powered Enhanced Safe Browsing, which help flag malicious websites.
This incident serves as a stark reminder of how quickly cybercriminals can weaponize trust in established brands—turning cybersecurity tools into tools of attack. Staying vigilant and using available resources is essential in navigating today’s online landscape safely.
Read more »
Mobile Virus
Android Antivirus Apps Antivirus Detection data security Data Theft Identity Theft iPhone Mobile Malwares Mobile Security Mobile Virus

Signs Your Phone Has a Virus and How to Remove It Safely

 

In today’s world, our phones are more than just communication devices — they’re essential for work, banking, shopping, and staying connected. That makes it all the more alarming when a device begins to behave strangely. 

One possible cause? A virus. Mobile malware can sneak into your phone through suspicious links, shady apps, or compromised websites, and can create problems ranging from poor performance to data theft and financial loss. There are several red flags that suggest your phone might be infected. A rapidly draining battery could mean malicious software is operating in the background. Overheating, sluggish performance, frequent app crashes, or screen freezes may also be signs of trouble. You might notice strange new apps that you don’t remember installing or unexpected spikes in mobile data usage. 
In some cases, your contacts could receive strange messages from you, or you might find purchases on your accounts that you never made. If your phone shows any of these symptoms, quick action is essential. 

The first step is to scan your device using a trusted antivirus app to locate and remove threats. Check your device for unfamiliar apps and uninstall anything suspicious. You should also notify your contacts that your device may have been compromised to prevent the spread of malware through messaging apps. Updating your passwords should be your next priority. Make sure each password is strong, unique, and ideally protected with two-factor authentication. After that, review your online accounts and connected devices for signs of unauthorized activity. Remove unknown devices from your phone account settings and confirm your personal and security information hasn’t been altered. 

Depending on your phone’s operating system, the process of virus removal can vary slightly. iPhone users can try updating to the latest iOS version and removing suspicious apps. If the problem persists, a factory reset might be necessary, though it will erase all stored data unless a backup is available. While iPhones don’t include a built-in virus scanner, some reliable third-party tools can help detect infections. For Android users, antivirus apps often offer both detection and removal features. Rebooting the device in safe mode can temporarily disable harmful third-party apps and make removal easier. Clearing the browser cache and cookies is another useful step to eliminate web-based threats. 

If all else fails, a factory reset can clear everything, but users should back up their data beforehand. Preventing future infections comes down to a few key practices. Always download apps from official stores, keep your operating system and apps updated, and limit app permissions. Avoid clicking on links from unknown sources, and monitor your phone’s performance regularly for anything out of the ordinary. 

Whether you use Android or iPhone, dealing with a virus can be stressful — but with the right steps, it’s usually possible to remove the threat and get your phone back to normal. By staying alert and adopting good digital hygiene, you can also reduce your chances of being targeted again in the future.
Read more »
Scams
Cyber Security data security Fake messages Fradulent Transactions Frauds Identity Theft Scammers Scams

DVLA Scams Target Thousands of UK Drivers with Fake Fines, Car Deals, and Fraudulent Fees

 

A surge in vehicle-related scams across the UK has left thousands of drivers out of pocket, with fraudulent activity disguised as legitimate DVLA communications. In 2023 alone, nearly 20,000 motorists were tricked by fake car tax messages, insurance schemes, and misleading parking fines, according to recent findings. These scams, often presented with a false sense of urgency, have affected drivers of all ages. 

Young drivers between 25 and 34 years old have been found to be prime targets for these scams, particularly for fraudulent vehicle listings and bogus insurance offers. Older motorists, meanwhile, are increasingly falling victim to fake parking fine notices designed to appear official and urgent. 

The scammers’ tactics often involve pressuring the recipient to pay immediately to avoid penalties, leading many to act before verifying the source. John Wilmot, CEO of car leasing comparison platform LeaseLoco, warned that this psychological pressure is what makes these scams so effective. Many people, he explained, rush to settle fines or fees without confirming whether the request is genuine. 

He stressed that official agencies like the DVLA never ask for payments or personal data through text messages or emails. To avoid becoming a victim, Wilmot recommends ignoring any suspicious digital messages and visiting the DVLA’s website only through the official GOV.UK portal. This small precaution could save drivers from significant financial losses and identity theft. 

One notable scam gaining traction involves tampered QR code stickers placed on parking meters, leading users to counterfeit payment websites. Drivers are urged to use only trusted mobile apps like PayByPhone or RingGo for transactions. In most UK cities, councils do not use QR codes for parking payments, further raising suspicion when encountered. 

Online used car scams have also seen a sharp rise. Fraudsters post listings with unrealistically low prices, request payments up front, and then vanish. Victims are lured in by deals that seem too good to be true. Authorities advise never transferring money before viewing a vehicle in person and checking the car’s history via government platforms. 

Scammers have also taken advantage of electronic tolling systems by sending drivers fake notifications for unpaid toll or congestion charges. These messages often include phishing links disguised as urgent payment portals, which can steal both money and sensitive information. 

As digital communication becomes a common part of motoring administration, drivers must stay alert. Verifying the source of any unexpected payment request is essential in avoiding fraud and safeguarding personal data.
Read more »
phishing
Coinbase credit freeze Crypto Wallet cryptocurrency Cybersecurity Data Breach Identity Theft phishing

Coinbase Confirms Data Breach Impacting Over 69,000 Users, Refuses $20M Extortion Demand

 

Coinbase, the leading cryptocurrency exchange in the United States, disclosed a recent cybersecurity breach affecting 69,461 users, according to a notification submitted to the Maine attorney general’s office. Although the hackers failed to access individual accounts or sensitive login details such as two-factor authentication codes, private keys, or crypto wallets, they were able to obtain a wide array of personal data.

The compromised information includes:
  • Full names
  • Residential addresses
  • Phone numbers
  • Email addresses
  • Partial Social Security numbers
  • Masked bank account details
  • Government-issued ID images (e.g., driver’s licenses, passports)
  • Account-related data such as transaction history and snapshots
In an SEC filing, Coinbase revealed that the attackers paid offshore contractors to gain access to internal systems. This information was weaponized to launch a social engineering scam. The perpetrators demanded $20 million in exchange for not leaking the stolen data—an offer Coinbase declined.

"Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident," the company said in its statement.

Coinbase is currently collaborating with law enforcement and has established a $20 million reward fund to incentivize tips that could lead to the identification and capture of the individuals responsible.

Meanwhile, reports on Reddit suggest that some users received unsolicited password reset notifications as early as last week. It is still unclear whether these incidents are directly connected to the breach. CNET contacted Coinbase for a response, but no comment was issued at the time.

Steps to Protect Your Crypto and Data
Although Coinbase has confirmed that seed phrases and investor accounts remain secure, the exposure of personal data is significant. Here’s what you should do now to safeguard your information:

1. Use a Cold Wallet
security, coldwallet, hardwarewallet, cryptoassets
For regular crypto investors, shifting funds to a cold wallet—a device not connected to the internet—can provide an extra layer of security in case of future breaches

2. Freeze Your Credit Reports
creditfreeze, SSN, financialsecurity
Freeze your credit reports with all three major bureaus and consider placing a lock on your Social Security number to prevent identity misuse. Be cautious of phishing attempts that may exploit this situation.

"It's worth the hassle of setting up accounts with all three major credit bureaus. I get peace of mind at zero cost to me," said Danni Santana, CNET’s identity theft editor.

3. Notify Your Bank
banking, accountsecurity, financialfraud
Even if only partial account information was exposed, contact your bank to report the incident. You may want to open new checking or savings accounts as a precaution.

4. Enroll in Identity Monitoring Services
identitytheft, monitoring, datasecurity, insurance
Opt into a free credit and identity monitoring service. While these platforms don’t take direct action, they provide alerts if your data appears on the dark web. Paid services like Aura go further, offering identity restoration support and up to $1 million in identity theft insurance.
Read more »
personal data security
AI Deepfakes AI technology AI tools Child Identity Theft Cyber Security Deepfake Deepfake Images deepfake videos Identity Theft personal data security

AI Can Create Deepfake Videos of Children Using Just 20 Images, Expert Warns

 

Parents are being urged to rethink how much they share about their children online, as experts warn that criminals can now generate realistic deepfake videos using as few as 20 images. This alarming development highlights the growing risks of digital identity theft and fraud facing children due to oversharing on social media platforms.  

According to Professor Carsten Maple of the University of Warwick and the Alan Turing Institute, modern AI tools can construct highly realistic digital profiles, including 30-second deepfake videos, from a small number of publicly available photos. These images can be used not only by criminal networks to commit identity theft, open fraudulent accounts, or claim government benefits in a child’s name but also by large tech companies to train their algorithms, often without the user’s full awareness or consent. 

New research conducted by Perspectus Global and commissioned by Proton surveyed 2,000 UK parents of children under 16. The findings show that on average, parents upload 63 images to social media every month, with 59% of those being family-related. A significant proportion of parents—21%—share these photos multiple times a week, while 38% post several times a month. These frequent posts not only showcase images but also often contain sensitive data like location tags and key life events, making it easier for bad actors to build a detailed online profile of the child. Professor Maple warned that such oversharing can lead to long-term consequences. 

Aside from potential identity theft, children could face mental distress or reputational harm later in life from having a permanent digital footprint that they never consented to create. The problem is exacerbated by the fact that many parents are unaware of how their data is being used. For instance, 48% of survey respondents did not realize that cloud storage providers can access the data stored on their platforms. In fact, more than half of the surveyed parents (56%) store family images on cloud services such as Google Drive or Apple iCloud. On average, each parent had 185 photos of their children stored digitally—images that may be accessed or analyzed under vaguely worded terms and conditions.  

Recent changes to Instagram’s user agreement, which now allows the platform to use uploaded images to train its AI systems, have further heightened privacy concerns. Additionally, experts have warned about the use of personal images by other Big Tech firms to enhance facial recognition algorithms and advertising models. To protect their children, parents are advised to implement a range of safety measures. These include using secure and private cloud storage, adjusting privacy settings on social platforms, avoiding public Wi-Fi when sharing or uploading data, and staying vigilant against phishing scams. 

Furthermore, experts recommend setting boundaries with children regarding online activity, using parental controls, antivirus tools, and search filters, and modeling responsible digital behavior. The growing accessibility of AI-based image manipulation tools underscores the urgent need for greater awareness and proactive digital hygiene. What may seem like harmless sharing today could expose children to significant risks in the future.
Read more »
secure VPN
Customer Data customer data privacy Cyber Security Identity Fraud Identity Theft identity theft protection NordVPN secure VPN

NordVPN Introduces £5,000 ID Theft Recovery Coverage for UK Users on Ultimate Plan

 

NordVPN has launched a new identity theft recovery benefit for its UK subscribers, offering up to £5,000 in reimbursement to help users recover from the financial and emotional toll of identity fraud. This latest addition to its cybersecurity toolkit is exclusively available to customers subscribed to the NordVPN Ultimate plan, priced at £5.09 per month, paid annually at £137.43. 

This move comes amid growing concerns over online threats, especially following recent data breaches involving major UK retailers like Marks & Spencer, Harrods, and Co-op. In these incidents, attackers managed to access sensitive customer data, highlighting the increasing risk faced by consumers today. NordVPN’s ID theft recovery feature complements its existing scam loss protection and is designed to ease the burden of recovering one’s identity after it has been compromised. 

Covered expenses include restoring credit ratings, resolving issues with bank accounts or loans, and even reclaiming lost wages if a victim had to take time off work to deal with the aftermath of identity theft. Additionally, this protection can help victims clear their names in cases where their identities are used for malicious purposes. For those who fall prey to scams—whether through phishing, AI-driven deepfake schemes, or romance fraud—NordVPN offers up to 12 months to file a claim if their bank or financial institution cannot provide assistance. 

These benefits are not limited to the UK alone. NordVPN’s coverage also extends to users in countries like France, Germany, Italy, Sweden, and the Netherlands, with 24/7 access to support services. While NordVPN Basic remains the more affordable option at £2.39 per month, the Ultimate plan’s added layer of financial security could be a worthwhile upgrade for users seeking peace of mind. In comparison, NordVPN users in the United States receive broader coverage through the NordProtect service, which includes cyber extortion and fraud protection with coverage up to $1 million—either through NordVPN Prime or as a standalone service.  

Although the UK plan doesn’t offer the same level of compensation as its U.S. counterpart, the £5,000 coverage still represents a meaningful step toward consumer protection. In an age where cyberattacks are common and even large companies struggle to safeguard data, investing in robust protection is becoming increasingly important. Whether or not users choose to upgrade, staying informed about digital security best practices remains the first line of defence.
Read more »
Subscribe to: Comments (Atom)