Cyber Security Headlines - July 3, 2025

Hosted by Rich Stofalino, CISO Series

1. Columbia University Data Breach

Overview: Columbia University, a prestigious educational institution, fell victim to a significant cyberattack in June 2025. The breach resulted in the exfiltration of sensitive student application data spanning from 2019 onwards.

Details: According to Bloomberg sources, the attack compromised over 2.5 million student applications, which included personal information such as names, student ID numbers, citizenship details, and application decisions. The threat actors, purportedly politically motivated, contacted Bloomberg asserting they had obtained approximately 460 gigabytes of data. This included financial aid packages and an alarming 1.8 million Social Security numbers.

Motivation: The attackers claimed their intent was to uncover evidence that Columbia maintained admission practices prohibited by the 2023 Supreme Court ruling. This allegation points towards a possible political agenda underpinning the breach.

Notable Quote: Rich Stofalino highlighted the severity of the breach, stating:

"The alleged threat actor contacted Bloomberg, claiming they obtained roughly 460 gigabytes of data, including financial aid packages and 1.8 million Social Security numbers." ([02:15])

2. Ransomware Attack on German Hunger Relief Charity

Overview: One of Germany's largest hunger relief organizations, Welthungerhilfe (WHH), faced a crippling ransomware attack orchestrated by the Rezaida ransomware group. The attackers demanded over $2 million, threatening the charity's operations.

Impact: In a bold move, WHH refused to succumb to the ransom demands. Instead, they promptly shut down the affected systems and enlisted cybersecurity experts to manage the recovery process. Impressively, the organization ensured that their operations continued uninterrupted, and there was no immediate evidence suggesting that donor data was compromised.

Pattern of Attacks: This incident is part of a broader trend where the Rezaida group targets organizations that serve vulnerable populations. Their previous attacks on hospitals and disability nonprofits reveal a deliberate strategy to exploit entities that provide essential services.

Notable Quote: Rich emphasized the group's malicious focus, noting:

"The same group has previously attacked hospitals and disability nonprofits, continuing a deliberate pattern of exploiting those who serve the most vulnerable." ([03:40])

3. Qantas Contact Center Breach

Overview: Australian airline giant Qantas disclosed a breach affecting its contact center operations. The incident was first identified on June 30, 2025, when unusual network activity was detected within their systems.

Details: Initial investigations revealed that the breach originated from a third-party customer service platform. As a result, the attackers accessed sensitive customer information, including names, email addresses, and frequent flyer numbers. While Qantas did not specify the total number of impacted customers, local media reports estimate the figure could be as high as 6 million individuals.

Operational Impact: Despite the breach's scale, Qantas assured stakeholders that their operations remained unaffected. Importantly, they confirmed that no financial or passport information was accessed during the incident.

Notable Quote: Highlighting the containment measures, Rich stated:

"Qantas didn't specify the number of impacted customers, but local media reports that the figure could be as high as 6 million people. The airline has said the attack did not impact operations and that no financial or passport information was accessed." ([05:10])

Additional Security Concerns Highlighted

While the episode primarily focused on the aforementioned breaches, several other notable security issues were briefly discussed:

• WordPress Plugin Vulnerability: A flaw in the Forminator Forms plugin, used by over 600,000 WordPress sites, allows potential site takeovers. Despite a patch released on June 30, only about a third of installations have updated, leaving numerous sites at risk.

• Spanish Data Leak Arrests: Spanish authorities detained two individuals in Las Palmas for a data leak involving high-ranking officials and journalists. The suspects attempted to sell the data online, posing a significant national security threat.

• Android SMS Stealer in Uzbekistan: A novel malware dubbed Quiz Serial infected nearly 100,000 devices, targeting users through Telegram channels and harvesting sensitive information like SMS-based authentications.

• French Government Ivanti Hacks: Exploiting vulnerabilities in Ivanti cloud services, the threat actor group Hokan (UNC5174) targeted various French sectors, aiming to exfiltrate data for sale to state intelligence agencies.

• Clone Crypto Wallet Extensions: Over 40 cloned crypto wallet extensions mimicking trusted tools like Metamask were uploaded to the Firefox Add-on store, compromising user funds through stolen recovery phrases.

Notable Insight: Rich underscored the challenges organizations face in vetting third-party vendors, emphasizing the reliance on security rating vendors and questioning their efficacy in genuinely mitigating third-party risks.

Concluding Remarks

The episode provided a comprehensive overview of the current cybersecurity landscape, highlighting the persistent threats faced by educational institutions, non-profits, and large corporations alike. Rich Stofalino emphasized the importance of proactive measures and the need for organizations to stay vigilant against evolving cyber threats.

Final Quote: Wrapping up the discussion, Rich encouraged feedback and continued engagement:

"If you have some thoughts on the news from today or just about the show in general, reach out to us. Feedback@cisoseries.com we would love to hear from you." ([06:55])

For more detailed stories and in-depth analysis, visit CISOseries.com.