By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
Dior confirmed unauthorized access to Chinese customer records, while UK’s M&S reported stolen customer details in a ransomware attack. In Asia, Chinese-speaking hackers disrupted drone supply chains in Taiwan via strategic cyber-espionage. Twilio denied involvement in a massive Steam data leak, raising concerns over third-party vulnerabilities. U.S. firm Andy Frain suffered a ransomware attack compromising 100,000+ individuals.
Meanwhile, Australia recorded its highest data breach count in years, driven by ransomware and phishing. These incidents spotlight escalating threats targeting retail, defense, infrastructure, and national cybersecurity frameworks.
Dior Confirms Customer Data Breach in China, Issues Apology
Luxury fashion label Dior has confirmed a data breach involving Chinese customer information, accessed by an unauthorized third party. While no financial data was compromised, personal details like names, contact information, shopping habits, and purchase history were exposed.
Dior discovered the breach on May 7 and informed customers via an internal memo. Authorities are investigating the incident, which highlights rising cybersecurity risks for global retail brands operating in China.
Chinese-Speaking Hackers Target Taiwan’s Drone Supply Chains
Cybersecurity researchers have linked a Chinese-speaking espionage group, dubbed Earth Ammit, to coordinated supply chain cyberattacks in Taiwan and South Korea. Active between 2023 and 2024, the group infiltrated sectors including defense, satellites, software, healthcare, and media. Their goal: infiltrate trusted software providers to access high-value targets.
Trend Micro’s analysis reveals a sophisticated operation aimed at long-term surveillance and strategic disruption across Asia-Pacific’s military and industrial ecosystems.
Marks & Spencer Confirms Customer Data Theft in Cyber Incident
UK retail giant Marks & Spencer has confirmed that customer data was stolen in an April ransomware attack. CEO Stuart Machin announced the breach on Instagram, noting no payment or password data was exposed.
However, affected information may include names, birth dates, addresses, phone numbers, emails, and order histories. While the stolen data hasn’t surfaced publicly, the incident raises concerns over cybersecurity resilience in major consumer brands.
Twilio Denies Breach After Alleged Steam User Data Leak
Twilio has refuted claims that it was hacked, following a threat actor’s offer to sell data allegedly containing over 89 million Steam user records. The attacker, known as Machine1337, leaked 3,000 SMS records with Steam access codes and phone numbers.
Although Twilio denied any breach, BleepingComputer’s analysis of sample data has raised questions about potential third-party exposure involving Steam’s multi-factor authentication systems.
Security Firm Andy Frain Hit by Major Black Basta Ransomware Attack
Andy Frain Services, a U.S.-based physical security provider, suffered a data breach affecting over 100,000 individuals. The Black Basta ransomware group claimed responsibility for exfiltrating 750 GB of sensitive data from legal, HR, and accounting departments.
While the company hasn’t detailed what was compromised, it offered free credit monitoring for affected users. The firm provides security for airports, stadiums, and public venues—underscoring risks even in physical security sectors.
Australia Sees Record Data Breaches, Driven by Ransomware and Phishing
Australia recorded 527 data breaches in the second half of 2024, the highest figure since 2020, per the OAIC. The surge—up 9% from earlier in the year—exposes major gaps in the country’s digital defenses. Health, finance, government, and supply chain sectors were hit hardest. Ransomware attacks spiked 24%, and credential-based phishing continues to dominate. The findings reflect growing urgency for cybersecurity reform and threat mitigation across Australian enterprises.
