Qantas confirmed that the personal information of 5.7 million customers was compromised in a cyberattack last week. In an update Wednesday, the Australian airline said its investigation showed roughly 1.7 million had more than their name, email address and frequent-flyer details exposed.

It's likely that an unauthorized party stole data during a June 24 tech outage that disrupted some of Columbia University's IT systems, the school said in an update Wednesday.

The Dutch conglomerate behind Giant and several other American supermarket brands on Thursday notified consumers of a November data breach, when an unauthorized party accessed its network. Ahold Delhaize USA Services said the breach potentially exposed the personal information of more than two million people. Maine's attorney general office also reported the breach, saying that 95,463 state residents were affected.

AT&T's proposed $177 million settlement stemming from 2019 and 2024 data breaches shows that multifactor authentication isn't optional, cybersecurity expert Joe Vadakkan wrote last week. In the 2024 incident, hackers penetrated AT&T's Snowflake cloud system using credentials that didn't have MFA and made off with customers' call and text metadata, he said. "Weak credential protections" made the hack possible, he added. "Supply chain vigilance is critical," as the Snowflake breach came via "internal compromises." The settlement received preliminary approval in U.S. District Court earlier this month.

McLaren Health Care on Friday notified customers of a data breach in its computer systems last summer that may have exposed the personal data of 743,131 people.

Remote patient monitoring company Smart Meter warned the public of the privacy and security risks associated with connected medical devices, whose sensitive personal data could be routed to China and other adversarial countries.

Aflac disclosed Friday a data breach in its network that may have exposed customers' personal information.

SANTA CLARA, Calif. -- LinkedIn recently completed a project to deidentify advertising activity data to ensure user information is protected while still allowing data processing to generate valuable analytics for advertisers, engineers from the Microsoft-owned social network said Monday at the USENIX Privacy Engineering Practice and Respect (PEPR) conference.

SANTA CLARA, Calif. -- Companies’ processes for responding to law enforcement requests could constitute a security vulnerability with privacy implications, Lukas Bundonis, a senior privacy engineer at Netflix, said at the USENIX Privacy Engineering Practice and Respect (PEPR) conference Monday.

A coalition of organizations and privacy experts raised concerns about a new feature of digital identity systems that allows the government to track individuals through documents such as driver’s licenses. The “phone home” functionality is built into identity systems and allows “authorities to track when or where identity is used” when the identity issuer or third party interacts with the user’s app, said a Monday statement by the coalition, which included the American Civil Liberties Union.