Latest news with #CyberX
RNZ News
4 days ago
- Business
- RNZ News
Qantas cyber attack victims say airline is failing to protect data
Ebe Ganon says she's disappointed but not surprised by the Qantas cyber attack. Photo: ABC News / Luke Stephenson Qantas customers say they feel vulnerable, angry and unsupported following last week's major cybersecurity breach, and are now questioning whether the airline is doing enough to protect Australians' personal data. On Monday night, Qantas quietly updated its website to confirm the airline had been contacted by "a potential cybercriminal" less than a week after the data of up to 6 million of its customers was accessed in an online attack. The airline said it was still working to verify the legitimacy of the contact and has engaged the Australian Federal Police to investigate. But Qantas is yet to officially confirm the name of the group that has been able to access passenger names, email addresses, phone numbers, dates of birth and Frequent Flyer numbers. The airline is also still working to determine exactly what data was stolen for each affected customer. What we do know is that last week, Cyber X, which is the company called in by the airline to investigate the massive cyber attack, said the incident had all the hallmarks of international group Scattered Spider. We also know that just days before Qantas says it had detected "unusual activity" on a third-party platform that holds customer data, the FBI had issued a warning that Scattered Spider was planning to target airlines. Far from a sophisticated attack, cyber experts said one of the hackers likely impersonated an IT or other official, and simply tricked a Qantas call centre worker in Manila to obtain the login details to that third-party platform. Dozens of Qantas customers have contacted the ABC in the wake of the cyber attack to express their frustration with the airline. Some have since been targeted by scammers or received alerts from online accounts including the federal government portal myGov. Canberra-based disability advocate Ebe Ganon said she received a scam call from someone pretending to be from Qantas Money the same day the company confirmed the breach. "He was purporting to be alerting me of three suspected fraudulent transactions, and those transactions were really tailored to my shopping and purchasing habits." Qantas is yet to officially confirm the name of the group that has been able to access passenger data. Photo: AFP / Saeed Khan NO USE AFTER JULY 12, 2025 02:26:23 GMT Ganon said the scam caller also referenced a range of different personal information, including her full name, date of birth, the last four digits of her credit card, which suggested he had access to her Qantas customer profile. "I'm a pretty savvy, you know, technologically savvy person, and it still even took me a couple of minutes to sort of ask him enough questions to be satisfied that it wasn't a legit call." On Monday, Qantas again stated no credit card details, personal financial information or passport details were stored in this system accessed by the cybercriminals. However, after also being caught up in the Medibank and Optus data breaches, Ganon is sceptical of Qantas's claim that no financial data was compromised. "But even if that has come from another source, it points to a much scarier reality. "I think that many of these scammers are creating composite profiles of people using information from a range of different data breaches and creating profiles where they can then speak to you in a way that's really, really convincing." Indeed, cyber experts have told the ABC the type of data stolen in the Qantas attack could be very valuable to cybercriminals. "With this particular matter, the biggest risk coming out of this will not be access to Qantas data specifically, but moreover that those 6 million people will be targeted in related type scams," Stan Gallo, Forensic Services partner with BDO Australia, told ABC News. "So whether it's myGov, or people contacting individuals claiming they're from Qantas, or from a bank, or from some other institution." Indeed, the ABC has been contacted by several people caught up in the Qantas cyber attack whose federal government online myGov accounts have been targeted by suspected hackers. A spokesperson for Services Australia, which manages myGov, was unable to confirm if there had been a spike in fraudulent attempts to access accounts, but said it was not uncommon after a data breach. The spokesperson said there were ways for users to protect their personal information. Adelaide-based customer Jack Allison said he received an alert from myGov at 6:30pm - right about the time Qantas emailed him to confirm his personal data had been caught up in the breach. "They guessed five passwords before being locked out," Allison told ABC News. "Once they're inside myGov, they'd be able to access people's tax records, their medical history, it's not good." He said he's disturbed by Qantas's offshore handling of sensitive data. "I deeply dislike that personal information is being handed across the globe without my knowledge and consent. I want stronger safeguards for my personal information and the personal information of my family. "I can't go and change my name or my date of birth or my address, and I think it's they're just not treating this with the level of respect that it deserves." It took Qantas CEO Vanessa Hudson until Thursday night to give an interview following the cyber attack. She spoke to one media outlet from her holiday in Europe. Other media, including the ABC, were not given advance warning of the interview so were unable to put questions to the airline's boss. While customers are calling for stronger protections, lawyers said current privacy laws offered limited paths to justice - and were badly in need of reform. Lizzie O'Shea says Qantas could face legal action from customers affected by the cyber attack. Photo: ABC News / Billy Draper Lizzie O'Shea, principal lawyer at Maurice Blackburn, said affected individuals can currently make a complaint to the Office of the Australian Information Commissioner, but that process is slow and often overwhelmed. "There is a process that they go through to determine whether you've experienced any harm and you can be awarded compensation," O'Shea said. "One of the problems with that scheme is that the commissioner's office is overwhelmed by complaints of this nature." O'Shea said one key solution is introducing a "direct right of action" - so individuals can take companies like Qantas straight to court. "That means that instead of going to the commissioner, where the process can be slow, you have a direct right of action to go to court. That means you can sue companies that have mishandled your information and obtain compensation." She said there was an urgent need to reform the Privacy Act. "Because at the moment companies can have these data breaches occur and there may not be a clear remedy or a pathway to getting the result for people who are harmed, and I think most Australians think that's not good enough." She said this type of large-scale breach is exactly the kind of case that could justify a class action - if the law made it easier. "In this kind of circumstance, where there's 6 million people potentially affected, it is a vehicle for a class action if you have a direct right to go to court. "That would get the kinds of results that I think people expect in these circumstances and it would also act as a deterrent to make sure companies treat information really carefully, with the risk that they might be having to face court if they don't." Until that happens, Qantas customer Ebe Ganon said large corporations would continue letting customers down - without consequence. "So I think my expectations are low. I'm disappointed but not surprised." - ABC
ABC News
4 days ago
- ABC News
Qantas cyber attack victims say the airline is failing to protect data
Qantas customers say they feel vulnerable, angry and unsupported following last week's major cybersecurity breach, and are now questioning whether the airline is doing enough to protect Australians' personal data. On Monday night, Qantas quietly updated its website to confirm the airline had been contacted by "a potential cybercriminal" less than a week after the data of up to 6 million of its customers was accessed in an online attack. The airline said it was still working to verify the legitimacy of the contact and has engaged the Australian Federal Police to investigate. But Qantas is yet to officially confirm the name of the group that has been able to access passenger names, email addresses, phone numbers, dates of birth and Frequent Flyer numbers. The airline is also still working to determine exactly what data was stolen for each affected customer. What we do know is that last week, Cyber X, which is the company called in by the airline to investigate the massive cyber attack, said the incident had all the hallmarks of international group Scattered Spider. We also know that just days before Qantas says it had detected "unusual activity" on a third-party platform that holds customer data, the FBI had issued a warning that Scattered Spider was planning to target airlines. Far from a sophisticated attack, cyber experts said one of the hackers likely impersonated an IT or other official, and simply tricked a Qantas call centre worker in Manila to obtain the login details to that third-party platform. Dozens of Qantas customers have contacted the ABC in the wake of the cyber attack to express their frustration with the airline. Some have since been targeted by scammers or received alerts from online accounts including the federal government portal myGov. Canberra-based disability advocate Ebe Ganon said she received a scam call from someone pretending to be from Qantas Money the same day the company confirmed the breach. "He was purporting to be alerting me of three suspected fraudulent transactions, and those transactions were really tailored to my shopping and purchasing habits." Ms Ganon said the scam caller also referenced a range of different personal information, including her full name, date of birth, the last four digits of her credit card, which suggested he had access to her Qantas customer profile. "I'm a pretty savvy, you know, technologically savvy person, and it still even took me a couple of minutes to sort of ask him enough questions to be satisfied that it wasn't a legit call." On Monday, Qantas again stated no credit card details, personal financial information or passport details were stored in this system accessed by the cybercriminals. However, after also being caught up in the Medibank and Optus data breaches, Ms Ganon is sceptical of Qantas's claim that no financial data was compromised. "But even if that has come from another source, it points to a much scarier reality. "I think that many of these scammers are creating composite profiles of people using information from a range of different data breaches and creating profiles where they can then speak to you in a way that's really, really convincing." Indeed, cyber experts have told the ABC the type of data stolen in the Qantas attack could be very valuable to cybercriminals. "With this particular matter, the biggest risk coming out of this will not be access to Qantas data specifically, but moreover that those 6 million people will be targeted in related type scams," Stan Gallo, Forensic Services partner with BDO Australia, told ABC News. "So whether it's myGov, or people contacting individuals claiming they're from Qantas, or from a bank, or from some other institution." Indeed, the ABC has been contacted by several people caught up in the Qantas cyber attack whose federal government online myGov accounts have been targeted by suspected hackers. A spokesperson for Services Australia, which manages myGov, was unable to confirm if there had been a spike in fraudulent attempts to access accounts, but said it was not uncommon after a data breach. The spokesperson said there were ways for users to protect their personal information. Adelaide-based customer Jack Allison said he received an alert from myGov at 6:30pm — right about the time Qantas emailed him to confirm his personal data had been caught up in the breach. "They guessed five passwords before being locked out," Mr Allison told ABC News. "Once they're inside myGov, they'd be able to access people's tax records, their medical history, it's not good." He said he's disturbed by Qantas's offshore handling of sensitive data. "I deeply dislike that personal information is being handed across the globe without my knowledge and consent. I want stronger safeguards for my personal information and the personal information of my family. "I can't go and change my name or my date of birth or my address, and I think it's they're just not treating this with the level of respect that it deserves." It took Qantas CEO Vanessa Hudson until Thursday night to give an interview following the cyber attack. She spoke to one media outlet from her holiday in Europe. Other media, including the ABC, were not given advance warning of the interview so were unable to put questions to the airline's boss. While customers are calling for stronger protections, lawyers said current privacy laws offered limited paths to justice — and were badly in need of reform. Lizzie O'Shea, principal lawyer at Maurice Blackburn, said affected individuals can currently make a complaint to the Office of the Australian Information Commissioner, but that process is slow and often overwhelmed. "There is a process that they go through to determine whether you've experienced any harm and you can be awarded compensation," Ms O'Shea said. "One of the problems with that scheme is that the commissioner's office is overwhelmed by complaints of this nature." Ms O'Shea said one key solution is introducing a "direct right of action" — so individuals can take companies like Qantas straight to court. "That means that instead of going to the commissioner, where the process can be slow, you have a direct right of action to go to court. That means you can sue companies that have mishandled your information and obtain compensation." She said there was an urgent need to reform the Privacy Act. "Because at the moment companies can have these data breaches occur and there may not be a clear remedy or a pathway to getting the result for people who are harmed, and I think most Australians think that's not good enough." She said this type of large-scale breach is exactly the kind of case that could justify a class action — if the law made it easier. "In this kind of circumstance, where there's 6 million people potentially affected, it is a vehicle for a class action if you have a direct right to go to court. "That would get the kinds of results that I think people expect in these circumstances and it would also act as a deterrent to make sure companies treat information really carefully, with the risk that they might be having to face court if they don't." Until that happens, Qantas customer Ms Ganon said large corporations would continue letting customers down — without consequence. "So I think my expectations are low. I'm disappointed but not surprised."
NDTV
26-06-2025
- Automotive
- NDTV
MG To Showcase Model Y Rival, Cyber X, And More At Goodwood Festival
MG is preparing to introduce two new electric vehicles alongside the Cyberster Black, EX4, and Cyber X concept at the 2025 Goodwood Festival of Speed (scheduled from 10th July to 13th July). The British car maker has not yet specified any details about the other two cars to be introduced at the event. Also Read: Toyota Partners With Ohmium To Develop Green Hydrogen Energy Solutions In India MG recently teased the soon-to-be-unveiled car on its social media, and it seems like the IM6 crossover. This also hints that probably IM (a joint venture of MG, Alibaba, Zhangjiang Hi-Tech, and SAIC) may launch the IM6 in the UK, as it is already up for sale in the Australian market. In the teaser, MG has also hinted that it may showcase the performance of the IM6 at the Goodwood Hillclub. The IM6 SUV gets a 75 kWh and a 100 kWh battery pack option in the Australian and Thai markets. The AWD version of the electric SUV gives a combined power output of 778 hp and 802 Nm of torque. The IM6 Performance (top-spec) variant can achieve 0 to 100 km/h in just 3.4 seconds. MG Cyber X Concept Apart from the two electric cars, MG is also gearing up to put the Cyberster Black and the Cyber X up for display. Though the MG Cyberster has already been revealed and is also going to be launched in India soon, it now gets a new paint for the Goodwill show. Also, the MG Cyber X will be showcased at the 2025 Goodwood Festival of Speed. The MG Cyber X is characterized by a boxy appeal with pop-up headlights.
Hindustan Times
25-04-2025
- Automotive
- Hindustan Times
2026 MG Cyberster, Cyber X and Cyberster Black showcased at Shanghai Auto Show
2026 MG Cyberster gets new colour schemes and a wind deflector. At the 2025 Shanghai Auto Show, MG Motor showcased three electric vehicles. There is the Cyber X 'Box' concept, Cyberster MY 2026 and the new Cyberster Black 101st Anniversary Edition. As of now, it is not known when these vehicles will go on sale, but as expected, they will first hit the global market. MG Cyberster MG says that the Cyberster is the spiritual successor to the MG B. For 2026, the Cyberster will come with two new exterior hues—Iris Blue and Andes Gray—and dual-tone Red/Black or Gray/White interiors. The interior gets body-color matched trim panels and a wind deflector that MG claims reduces cabin turbulence by up to 90 per cent. MG Cyberster Black comes with cosmetic changes only. The brand also introduced a new black edition of the Cyberster, which comes with high-gloss black paint and chrome accents. Apart from this, there is also a new Cyberster GTS on offer now that comes with a hardtop. In the international market, the brand offers a rear-wheel drive variant of the electric convertible, featuring a 64 kWh battery pack that is said to provide a range of up to 519 kilometers. The electric motor is designed to deliver a peak power output of 295 bhp. Furthermore, the electric sports car, touted as the most powerful MG model to date, is equipped with a 77 kWh battery pack that enables the Cyberster to achieve a distance of up to 510 kilometers on a single charge. The MG Cyberster is powered by dual electric motors, which collectively generate a peak power of 510 bhp and an impressive maximum torque of 725 Nm. The manufacturer asserts that the MG Cyberster can accelerate from a complete stop to 100 km/h in merely 3.2 seconds. Also Read : 2025 MG Hector launched at ₹ 13.99 lakh, is now E20 compliant MG Cyber X For the Cyber X, MG has brought back pop up headlights. The Cyber X is created by Joseph Kaban, the designer of the Bugatti Veyron supercar. It has a tall and compact design with extremely short front and rear overhangs. The surface of the car is sprayed with the color of 'Stardust Gray', presenting a matte sandstone texture. MG has brought back pop-up headlights with the Cyber X which were popular back in 1970s and 80s. As of now, the specifications of the Cyber X are not yet revealed. Check out Upcoming EV Cars in India, Upcoming EV Bikes in India. First Published Date: 25 Apr 2025, 10:59 AM IST
West Australian
24-04-2025
- Automotive
- West Australian
MG Cyber X concept unveiled with pop-up headlights
The MG Cyber X concept was revealed at the 2025 Shanghai motor show, and likely previews a production model for next year. Although the boxy Land Rover-inspired concept shares little externally with the slinky Cyberster , it will likely be the second production model in MG's 'Cyber' line of vehicles aimed at enthusiasts. Hundreds of new car deals are available through CarExpert right now. Get the experts on your side and score a great deal. Browse now . Jozef Kaban, head of design for parent company SAIC, told Autocar 'MG is the brand which is able to handle two characters, because they will have one thing in common: the joy in connecting people and in being fun to have'. Instead of the relatively generic shapes of the brand's existing crossovers – such as the ZS and HS – the Cyber X has a squared-off design seemingly inspired by the likes of the Toyota LandCruiser Prado and Land Rover Defender . Reportedly measuring 4.3 metres long, the Cyber X is about the same size as the ZS, but shorter than the 4.5m than the S5 that will replace it. It is also more compact than the 4.5m three-door Defender 90, 5m five-door Defender 110, and 4.9m LandCruiser Prado. It's unclear what level of off-road capability the Cyber X will have, but the car is thought to ride on MG's new E3 plug-in hybrid and EV platform that incorporates cell-to-body design, where the battery pack is a structural member of the body. This, in theory, leads to better rigidity and space utilisation. Mr Kaban said the Cyber X, if it went into production, wouldn't replace any of MG's other crossover offerings, but rather stand alongside them. He went on to say the speed of car development in China means the Cyber X could quickly be turned into a production-ready vehicle in short order. SAIC's chief designer, who previously held similar titles at Volkswagen and BMW, said the new 'digital world' meant some distinctive automotive design elements have been lost. The Cyber X concept is partially a design exercise to bring some of those styling tropes back, and he likened the Cyber X's pop-up lights to those of the Ferrari Testarossa. Given pedestrian impact regulations played a large role in killing off pop-up headlights, it will be interesting to see if they are retained for the production car. While the concept car on display at the Shanghai motor show has a blacked out windows obscuring the interior, MG says the cabin technology were developed by mobile phone make Oppo. Car News China understands the production version of the Cyber X will be launched in 2026. MORE: Everything MG
