Qantas Airways has confirmed that data stolen during a major cyber incident in July has been released by cybercriminals, marking another blow to the Australian consumers as the country continues efforts to contain the data breach impact. The airline said the Qantas Airways cyberattack stemmed from unauthorized access show more ...
to a third-party customer service platform used by one of its contact centers. While flight operations and safety systems were unaffected, personal data belonging to millions of customers was compromised. Stolen Data Under Court Protection Qantas Airways obtained a court order from the New South Wales Supreme Court to stop anyone from viewing, sharing, or publishing the stolen data. The injunction applies to all parties, including third-party platforms, and aims to prevent any further spread of the information. “With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” Qantas said in a statement. The company added that it continues to work closely with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) as investigations progress. The Qantas Airways airline has strengthened its internal systems by implementing additional security measures, expanding team training, and enhancing network monitoring and threat detection capabilities. 5.7 Mn Customers Impacted During Qantas Airways Cyberattack The cyberattack exposed personal data belonging to an estimated 5.7 million Qantas customers. In response, the airline promptly notified all affected individuals about the nature of the compromised information. According to Qantas, there have been no further changes to the scope of impacted data since the initial disclosure. To support affected customers, Qantas has established a 24/7 support line and continues to offer access to identity protection services. Customers can reach the dedicated helpline via 1800 971 541 or +61 2 8028 0534 and find updates on qantas.com. Leadership Pay Cut Reflects Accountability In its annual report released in September, Qantas announced a 15-percentage-point reduction in short-term bonuses for its Group CEO Vanessa Hudson and senior executives. The board said the decision was made to acknowledge the impact of the cyberattack on customers and to reinforce accountability at the highest level. “Despite the strong performance, the Board decided to reduce annual bonuses by 15 percentage points as a result of the impact the cyber incident had on our customers,” said Qantas Group Chairman John Mullen. “This reflects their shared accountability, while acknowledging the ongoing efforts to support customers and put in place additional protections.” For Hudson, the cut translates to a reduction of approximately AUD $250,000 in her overall pay package. Advisory for Customers Qantas Airways has urged customers to remain cautious of potential scams or phishing attempts. The airline advised travelers to: Stay alert to suspicious emails, messages, or calls claiming to be from Qantas. Use two-factor authentication wherever possible. Keep updated with the latest online threats through the Australian Cyber Security Centre and Scamwatch. Never share passwords, financial details, or booking references with unsolicited contacts. Customers who believe they have been targeted by scammers are encouraged to report incidents to Scamwatch or seek guidance through IDCARE and the Office of the Australian Information Commissioner.
Kearney Public Schools (KPS) is fighting with a cybersecurity incident that has disrupted its entire technology network, affecting phones, computers, and other digital systems across the district. The KPS cyberattack, which occurred last Friday, has left the district’s communication channels offline as students and show more ...
staff prepare to return to classrooms on Monday. In a public update, school confirmed that its technology network was “compromised by a cybersecurity attack,” prompting an ongoing investigation and recovery effort in collaboration with external cybersecurity experts. Despite the disruption due to Kearney Public Schools cyberattack, the district emphasized that classes will resume as scheduled. Kearney Public Schools Cyberattack Cripples Network “Phones and email will not be operational,” the district’s statement read. “If you need to contact the school, please do so in person. Instruction will continue, though digital tools cannot be used until the network is fully restored.” The district reassured the community that the safety of students, staff, and data remains its highest priority. While details about the type or source of the cyberattack have not yet been disclosed, recovery efforts are expected to take several more days. [caption id="attachment_105920" align="aligncenter" width="800"] Sourse Kearney Public Schools website[/caption] The KPS cyberattack incident is part of a pattern of cyberattacks targeting the education sector globally. According to a UK government survey, educational institutions are now more likely to face cyberattacks or data breaches than private businesses. The report revealed that six out of ten secondary schools have suffered an attack in the past year, a figure that rises to eight out of ten for further education colleges and nine out of ten for universities. By comparison, only four in ten businesses experienced similar breaches during the same period. Even primary schools are facing comparable risks, highlighting how education has become a primary target for cybercriminals. Adding to the concern, insider threats are also emerging as a major challenge for schools. Another report revealed that more than half of cyber incidents in the education sector stem from insider actions, with students being responsible for 57% of these attacks. Nearly a third of such cases were caused by students guessing weak passwords or finding login credentials written down. “Teen hackers are not breaking in — they’re logging in,” the report warned, suggesting that curiosity and accessibility are fueling the problem. The National Crime Agency (NCA) has also raised alarms, noting that one in five children between the ages of 10 and 16 has engaged in illegal online activity. The youngest referral to the NCA’s Cyber Choices program — designed to guide young people toward ethical cyber skills — was just seven years old. Schools Increasingly Targeted by Cybercriminals The Kearney Public Schools cyberatatck incident follows several other high-profile cyberattacks on educational institutions in North America this year. In July 2025, the Toronto District School Board (TDSB) disclosed an extortion attempt following a major data breach involving education software provider PowerSchool. Similarly, in January, the Harrison County Board of Education in the U.S. suffered a cybersecurity incident involving unauthorized access to its systems, forcing a temporary network shutdown. As KPS works to restore normal operations, experts are once again highlighting the importance of cybersecurity awareness and strong password hygiene within schools. The incident serves as a reminder that, in today’s digital classrooms, even young students can unintentionally — or deliberately — open the door to major cyber risks. Kearney Public Schools has promised to keep the community updated as more information becomes available and systems are brought back online.
It’s frankly concerning just how much online services — and people we’ve never met — know about us. In fact, most of this data lands online because of us: the average internet user has dozens of accounts — if not hundreds. That’s why doing a vanity search on yourself is so useful and eye-opening. Think show more ...
about it: your digital footprint has been building up for years. Social media, message boards, old marketplace listings — everything you’ve ever typed is just sitting there, waiting to go off like a ticking time bomb. Carelessly posted photos, videos, or even old comments have been known to go viral years later, causing serious retroactive problems for the poster. You might be thinking, “Who’d even care about me?” Well, trust us, plenty of folks would. This ranges from angry exes, advertisers, and scammers, all the way to potential employers and government agencies. HR departments routinely deep-dive into candidates’ histories before hiring. Furthermore, data found by using shadowy services that search for information leaked in data breaches is frequently used for doxing and harassment. So, if you don’t manage it, your digital footprint can unexpectedly come back to bite you. Sure, it’s impossible to erase it completely, but you can certainly try to minimize the amount of information available to everyone. Today, we talk about how to scrub your digital footprint without sliding into full-blown paranoia. (Actually, we’ve got a few extra tips tucked away for the truly paranoid among you too!) Start by googling yourself regularly First things first: enter your first name and surname, email address, and main usernames into a search engine and see what pops up. Beyond doing manual searches, there are several useful tools that can help you find your account details across dozens, if not hundreds, of services and sites — most of which you’ve probably forgotten about. Some examples: Namechk is a service designed to check the availability of usernames across more than 90 social networks. Web Cleaner lets you search for yourself across dozens of search engines without having to manually enter the query into each one. What doesn’t show up in Google might easily be discovered on Bing, Yahoo, and others. Why egosurf? By searching for yourself, you’ll first see exactly where you once registered (and perhaps forgot about), and second, you’ll be able to check for any fake or impersonating accounts using your name. If you do find an imposter account, contact the website’s support team and demand they remove the fake profiles. Be prepared to verify your identity to the support agent, but remain vigilant: there’s a risk of phishing scams that exploit the KYC (Know Your Customer) verification process. Get rid of old accounts and posts Once you’ve dealt with the fake accounts and compiled a list of your genuine ones, it’s time to delete the superfluous and outdated ones. The fewer dead accounts online holding your personal data, the better. Don’t rely entirely on the initial search or your own memory. Dig deep into your email archives to see which sites and services message you as their user. You can also review the list of saved passwords in your browsers or password managers. I once discovered an account I made — on a gun forum, of all things — which I’d used only once to message another member. While those specific details might not have made me easier to hack, an attacker could easily have extracted the password from that old, likely vulnerable message board platform. If I had reused that password elsewhere, I’d be in trouble. This is exactly why you should set up a unique password for every new account and store it securely in a reliable app. To quickly tackle old accounts, check out the open-source service Just Delete Me. It even has browser extensions for Chrome and Firefox. This tool shows how easy or difficult it is to delete your information on specific websites, helping you decide if the effort is worth the reward. Dealing with shadow profiles Unfortunately, the accounts you’ve registered are only half the battle. Sometimes social media sites generate shadow profiles containing data on you that may persist even after you delete your account. These profiles can include information you never directly shared with the service. For example, you might have granted the Facebook app access to your phone contacts without ever importing them into your account. All the data from your address book could end up in that shadow profile. Even more unsettling, sometimes these accounts get created for users who’ve never even registered with the service, by gathering data from other platforms and open sources. While it’s nearly impossible to completely prevent shadow profiles from being created, you can definitely minimize the damage. Go through your old apps, and revoke their access to your sensitive data — things like your camera, photos, contacts, location, and so on. Going forward, meticulously monitor which permissions you grant to each new app. If you discover that your Google, Apple or social media accounts are still linked to a third-party service you haven’t used in ages, go ahead and unlink them. These old connections always increase your risk of a data breach or leak. Invoke your right to be forgotten If your searches turn up links to compromising or false information about you, you can utilize your right to be forgotten. This right was established in Europe in 2014 with the introduction of the GDPR, and similar concepts exist in other countries. Submit a request using the dedicated forms provided by search engines. Google, Bing, and others have these available online. Some search engines lack a transparent mechanism for removing personal data, so for those, you can try reaching out through their customer support chat. While this cleanup of search results won’t actually remove the data from the original website, it will make the information significantly harder for the average person to find. If you need the actual data deleted, you must contact the owners of the websites where the information is posted. The service who.is can help here: it will show you whose name the domain is registered to. From there, it’s old-school OSINT: search for the site creator on social media, reach out privately, and try to negotiate a removal. If a friendly approach fails, you may need to use your country’s legal system as leverage. Set up data breach notifications Data leaks happen online virtually every day, exposing massive amounts of personal data: IP addresses, names, phone numbers, email addresses, payment info, and much more. Websites like Have I Been Pwned allow you to enter your email and get alerts if it shows up in a new leaked database. However, for a comprehensive approach and greater convenience, it’s best to monitor leaks through Kaspersky Premium — we search for breaches using both email addresses and phone numbers. You can add all your email addresses and phone numbers (for yourself and your family) and be confident that we’ll warn you about a breach almost immediately, thanks to the Kaspersky Security Network (KSN) — our global threat intelligence infrastructure. Unfortunately, preventing leaks single-handedly is an impossible task for the average user. So, the best defense is to limit how much personal data you share when registering new accounts. Check internet archive services Perhaps the most popular of these services is archive.org. Information you’ve deleted from other places might still be stored here, as the service takes snapshots of web pages and keeps them even after the original site is taken down. Send an email to info@archive.org. Include the specific URL you want removed and specify the time period you wish to exclude from the archive. To ensure the data is deleted, explain your situation in detail. Clearly state that your personal data was posted without your consent. Clean up your inbox An email inbox overflowing with old messages that contain private information is also part of your digital footprint. Go through your mail using keywords like “password”, “SSN”, or “account”, and delete any emails containing this sensitive data. Unsubscribe from old mailing lists. This lowers the chance that your email address will leak from a marketer’s database. To safeguard the emails you need and to spot phishing attempts in time, use Kaspersky Premium. Erase local traces Don’t forget to regularly — at least once a month — clear your browser history, cookies, and cache on all your devices. Alternatively, set up your browser to clear this data automatically when you close it. This lessens the chance of an outsider collecting information from your device if they gain access to it. On smartphones, you should disable or periodically reset your advertising identifier. Both Android and iOS privacy settings have options for this, which we discussed in detail in our post How smartphones build a dossier on you. Review your privacy settings If we were to break down all the privacy settings for every popular service, we’d need an entirely separate blog for that. Wait a second… we have one! The easiest way to check and adjust your privacy and security settings is through our free service, Privacy Checker. It will guide you on how to configure popular social platforms, services, and even operating systems to your desired level of privacy — ranging from the “Who cares about me?” mindset to the “Everyone is watching me” level. Erase your nudes If you find your intimate photos circulating online, or if an extortionist is threatening to share them with your contacts, don’t panic. Immediately reach out to StopNCII.org. And next time, only send intimate content to people you absolutely trust. Use secure messaging apps that offer an auto-delete feature for messages. When taking intimate photos, do so in a way that makes it impossible to identify you. The “paranoid mode” bonus for the truly anxious If you want to leave no trace on the internet whatsoever, be ready to go fully offline, or at least severely restrict your digital life. This means no social media under your real name, and an absolute minimum of online services — only the essentials. For details on how to safely restrict your gadget usage, check out our post Digital detox: How to take a safe break from screens. Use messaging apps that feature end-to-end encryption and self-destructing messages. For search, use DuckDuckGo or Tor: that way your queries aren’t tied back to you. Ditch Gmail for encrypted email services that don’t require a phone number, like Temp Mail or Proton Mail. For smartphones, use a completely open OS that isn’t tied to Google/Apple (like GrapheneOS). To leave minimal digital tracks, rely on virtual machines running Whonix or Tails OS. If you know how to work with scripts, you can use them to fully purge your comments from social networks. Open-source scripts exist for platforms like Discord, Reddit, and Telegram. If you aren’t satisfied with half-measures, you can declare war on data brokers. These firms collect all available data about you to create a digital dossier, which they then sell. We detail who these brokers are and how to fight them in our post Why data brokers build dossiers on you, and how to stop them doing so. Finally, create multiple online personas: this is a radical but effective way to confuse data collectors. Use different names, birth dates and emails for different spheres of your life. Invent a separate alter ego for professional activity (with a clean résumé and neutral posts), and another for personal communication. The less the internet can tie your various activities together, the better for your privacy. Ready for a safer digital life? We have a few more useful tips for you: How to shrink your digital footprint Geolocation data brokers: What they do and what happens when they leak Digital detox: How to take a safe break from screens Messengers 101: safety and privacy advice How to track anyone via the Find My network
With artificial intelligence supplanting entry-level security jobs, new cyber professionals will have to up their game to stay competitive in the industry.
OT and ICS systems indeed hold the crown jewels of critical infrastructure organizations, but unmonitored data sprawl is proving to be pure gold for increasingly brazen nation-state threat actors like Volt Typhoon, Pearce argues.
Harvard University said a recent incident that is impacting Oracle E-Business Suite customers impacted a "limited number of parties associated with a small administrative unit."
Ukraine lawmakers are considering uniting the country's offensive and defensive military cyber capabilities under a single command within the Armed Forces.
The Dutch ministry of economic affairs said it was making the “highly exceptional” move “following recent and acute signals of serious governance shortcomings” at Nexperia.
Britain's communications regulator took another step in a process that could lead to internet service providers being required to block access to 4chan.
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. "Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, 'serviceaccount,'" eSentire said in a technical report published
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware
Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the complete Holiday Season Security Playbook here. Bottom Line Up Front The 2024 holiday season saw major
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and
Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users' devices. "Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer's JavaScript
Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it.
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
