Perth-based operational technology firm Intellect Systems has been targeted by the Akira ransomware group, which claims to have stolen 10GB of sensitive corporate and personal data. The attack highlights the growing threat to the critical infrastructure sector through vulnerable network devices.
US casino operator Boyd Gaming has confirmed a cyberattack that resulted in the theft of employee data and information from a limited number of other individuals. The company is investigating the incident and has notified relevant authorities.
Instagram has launched an AI-driven age verification tool in Australia ahead of the December 10 ban on under-16s using social media. The move aims to boost child safety but raises major privacy concerns, with experts warning of risks tied to surveillance, data misuse and unreliable accuracy.
Automotive giant Stellantis has confirmed a major data breach affecting its North American customers after the ShinyHunters group compromised a third-party Salesforce platform, allegedly stealing contact information for up to 18 million individuals.
Cyber News Centre's cyber update for 24th September 2025: Automotive giant Stellantis has confirmed a significant data breach after a third-party service provider was compromised, exposing the contact information of its North American customers.
Stellantis is the world’s fifth-largest carmaker, created in 2021 through the merger of Fiat Chrysler Automobiles and PSA Group. Its brand portfolio includes Jeep, Dodge, Ram, Chrysler, Fiat, Peugeot, and Alfa Romeo, with operations spanning more than 130 countries.
The Update: Stellantis confirmed over the weekend that it detected unauthorised access to a third-party service provider’s platform supporting its North American customer service operations. The cybercriminal group known as ShinyHunters has claimed responsibility, alleging it stole 18 million customer records from the company’s Salesforce system.
The compromised data is limited to contact information, such as names, email addresses, and phone numbers. The company said no financial or other sensitive personal data was accessed. In a statement, Stellantis confirmed,
"Upon discovery, we immediately activated our incident response protocols ... and are directly informing affected customers. The incident, which is under investigation, exposed only basic contact information and did not involve financial details or sensitive personal data."
The attack is part of a broader campaign by ShinyHunters targeting organisations that use Salesforce, relying on voice phishing tactics to gain initial access by impersonating IT support staff and tricking employees into granting malicious OAuth application access.
Why it matters: This breach highlights the serious and ongoing risk of supply chain attacks, where a weakness in a single vendor can compromise the data of a global corporation. The incident at Stellantis is not isolated but part of a growing pattern of attacks against enterprise SaaS platforms, as security experts have noted.
It is a stark reminder of how interconnected global data systems are, information held by international companies can be compromised anywhere in the world. The Australian Cyber Security Centre (ACSC) has specifically warned about rising risks linked to connected vehicles. This breach reinforces the threat of customer data exposure, raising the likelihood of targeted phishing and social engineering campaigns aimed at vehicle owners.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Perth-based operational technology firm Intellect Systems has been targeted by the Akira ransomware group, which claims to have stolen 10GB of sensitive corporate and personal data. The attack highlights the growing threat to the critical infrastructure sector through vulnerable network devices.
US casino operator Boyd Gaming has confirmed a cyberattack that resulted in the theft of employee data and information from a limited number of other individuals. The company is investigating the incident and has notified relevant authorities.
Australia's top cyber agency warns of escalating attacks on code repositories, where threat actors use stolen credentials and infected packages to compromise software supply chains. The alert follows a major npm worm attack, highlighting significant risks for Australian organisations.
A cyberattack on Collins Aerospace's check-in systems has caused widespread disruption at major European airports. The incident exposes the vulnerability of critical aviation infrastructure to supply chain attacks and has sparked renewed calls for stronger digital resilience.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
