A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Australian Clinical Labs (ACL) has agreed to a $5.8 million penalty following a 2022 data breach at its subsidiary, Medlab Pathology. The breach, orchestrated by the Quantum ransomware group, exposed the sensitive data of 223,000 Australians, prompting regulatory action from the OAIC.
WestJet has issued a further notice on its June cyber incident, confirming passenger data was exposed though payment details remain secure. The update comes amid rising aviation cyberattacks, including a recent Collins Aerospace breach that disrupted major European airports.
WestJet has issued a further notice on its June cyber incident, confirming passenger data was exposed though payment details remain secure. The update comes amid rising aviation cyberattacks, including a recent Collins Aerospace breach that disrupted major European airports.
Cyber News Centre's cyber update for 30th September 2025: WestJet yesterday issued a further notice on the June cybersecurity incident, providing more detail on the scope of the data breach and its impact on passengers.
WestJet is Canada’s second-largest airline, headquartered in Calgary, Alberta. Founded in 1994, the carrier operates a fleet of more than 190 aircraft and serves over 100 destinations across North and Central America, the Caribbean, and Europe.
Update: WestJet had previously disclosed in June that a sophisticated criminal third party had gained unauthorised access to its systems. The airline confirmed at the time that no credit or debit card details or passwords were taken. In yesterday's notice, WestJet said that while payment details remain secure, other information was illegally obtained, including passenger names, contact details, travel information, and documents linked to reservations. For some individuals, the compromised data could be misused for identity theft or fraud, though the airline stressed it has not seen evidence of such misuse.
The airline emphasised that the safety and integrity of its flight operations were never in question. WestJet has since contained the incident, introduced additional cyber protections, and continues to work with law enforcement, the Canadian Centre for Cyber Security, and regulators including Transport Canada and the Office of the Privacy Commissioner of Canada. Affected customers are being contacted directly, and identity theft protection services are being offered where appropriate.
Why it Matters: This incident underscores the aviation industry’s vulnerability to sophisticated cyber threats. With a 600% year-on-year increase in cyberattacks, the sector has become a prime target for financially and geopolitically motivated actors. The breach highlights the significant risks tied to the vast amounts of personal data airlines manage, from passport details to travel itineraries.
The WestJet breach is the latest in a string of cyber incidents hitting the aviation sector in rapid succession. On 19th September 2025, a cyberattack on Collins Aerospace’s MUSE check-in and boarding software caused widespread disruption across Europe, forcing major airports such as Heathrow, Brussels, Berlin, and Dublin to revert to manual check-in. The incident has drawn scrutiny from the UK’s National Cyber Security Centre and the European Commission, underscoring how single points of failure in aviation supply chains can paralyse global travel.
As Ivan Fontarensky, CTO of Cyber Detection and Response at Thales, stated, “The aviation industry has become a digital battlefield with significant economic and geopolitical interests at stake.”
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Australian Clinical Labs (ACL) has agreed to a $5.8 million penalty following a 2022 data breach at its subsidiary, Medlab Pathology. The breach, orchestrated by the Quantum ransomware group, exposed the sensitive data of 223,000 Australians, prompting regulatory action from the OAIC.
Volvo Group North America has disclosed a data breach exposing employee data after a ransomware attack on its HR supplier, Miljdata. The incident highlights the growing threat of supply chain attacks and their far-reaching consequences.
Perth-based operational technology firm Intellect Systems has been targeted by the Akira ransomware group, which claims to have stolen 10GB of sensitive corporate and personal data. The attack highlights the growing threat to the critical infrastructure sector through vulnerable network devices.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
