It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
I’m Evan Summers, the newest trainer on the Digital Security Training team, parachuting in this week (flight-related pun fully intended) for the latest edition of the newsletter.
Data breaches take flight
A massive data breach of Qantas Airlines recently exposed the personal information of at least 6 million of the airline’s customers. Apparently caused by a hack of a customer database at one of Qantas’ contact centers, the stolen information includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. While Qantas announced that the specific exposed system thankfully did not include passwords or credit card information, that is unfortunately not always the case when it comes to these types of corporate data breaches.
As if news of this breach online isn’t enough, it comes on the heels of a spate of recent cyberattacks against the aviation industry. The attackers believed to be behind these attacks have employed sophisticated phishing tactics, such as the impersonation of company employees contacting help desks, and reportedly exploited insecure self-service password reset services in order to gain access to employee accounts and sensitive internal systems.
What you can do
- Check for your own exposure to data breaches! You can regularly search the website Have I Been Pwned to see if any accounts associated with your email addresses have been included in public data breaches.
- While not all data breaches include account credentials, many do. To mitigate the impact when such breaches occur, be sure to follow good password hygiene and use a trusted password manager to create and safely store strong passwords. Depending upon your risk model, you might even want to consider using passkeys.
- Use two-factor authentication, a secondary layer of defense for your accounts, wherever you can!
- Think critically before sharing certain data. When you share information with a business or other service (including your favorite airline), there’s always a risk of a data breach. We often can’t avoid sharing some data with these services, but keep your risk assessment in mind when deciding which information (e.g., addresses, phone numbers, email accounts) to associate with your name or other identifiers on a given platform.
Updates from our team
- We’ve extended the deadline for our in-person US/Mexico Border journalist safety training in Albuquerque, New Mexico, Aug. 15, and El Paso, Texas, Aug. 18-19! Applicants are being accepted on a rolling basis until spots are full; those interested must submit by July 11 at 11:59 p.m. EDT. Limited travel assistance may be available.
- Are you at NAHJ 2025 in Chicago this week? Our trainers, David Huerta and Martin Shelton, will be talking about digital security, getting ahead of doxxing, and AI safety. Come say hi! These upcoming talks can be found here.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Evan
-
Evan Summers
Senior Digital Security Trainer
Freedom of the Press Foundation