As cyberattacks grow more aggressive and widespread, cybersecurity professionals are raising red flags about what they call a “treacherous” new landscape.
Airlines, insurance firms, and other industries are finding themselves in the crosshairs of increasingly sophisticated hackers, and experts say both businesses and individuals must act now to avoid falling victim.
In recent weeks, major companies including Hawaiian Airlines, Qantas, Aflac, AT&T, The North Face, and Cartier have suffered serious cyber incidents. These attacks are part of a growing trend that experts say is being fueled by the rise of artificial intelligence and increasingly advanced hacker tactics.
Doug Merritt, CEO of cloud security firm Aviatrix, warned that many companies are still unprepared for the threats posed by today’s cybercriminals.
“Organizations that don’t adapt to the ‘treacherous’ cybersecurity landscape will be ambushed by blind spots all over their network,” Merritt told Fox Business.
Airlines become top targets
Airlines are now a prime focus for cybercrime groups. Within just one week, Hawaiian Airlines and Australian carrier Qantas were both hit with attacks. The FBI recently warned that a notorious hacker collective known as Scattered Spider is “expanding its targeting to include the airline sector.”
Scattered Spider is known for using clever social engineering to trick IT help desks into bypassing security protocols, especially multi-factor authentication (MFA).
According to TechRepublic, the FBI said these hackers have been “convincing help desk staff to bypass multi-factor authentication (MFA) protections by registering rogue MFA devices on compromised accounts.” This tactic gives them high-level access to internal systems, which can be catastrophic for a company’s operations and reputation.
Merritt explained that the shift to cloud computing has made things worse. Unlike in the past, where data was mostly kept inside secure company networks, data today moves across the open internet.
That movement creates more entry points for attackers. “Many organizations are leaving 50% to 80% of their systems exposed,” Merritt said in the Fox Business report, warning that companies are not doing enough to secure cloud communications.
Insurance and payroll firms also breached
Beyond airlines and retailers, insurance and benefits providers are also under siege. In one of the most damaging cases yet, Kelly Benefits — a payroll and benefits administration firm — revealed that over 553,000 people may have had their data stolen during a breach in December 2024.
Initially, the company believed only 32,000 individuals were affected, but new investigations showed that the real number was much higher. According to Tom’s Guide, the compromised information includes full names, Social Security numbers, tax ID numbers, birth dates, financial account details, and even health insurance information.
What this means for you
While companies are the main targets, everyday people are often the ones left most vulnerable after a breach. Amy Bunn, an online safety advocate at McAfee, said the consequences for consumers are severe.
“Cybercriminals can use this treasure trove of sensitive information to impersonate people and commit fraud with stolen identities, or they may package and sell personal data on the dark web to the highest bidder,” Bunn told Fox Business.
She stressed that even if a breach didn’t directly impact you, your information could still be used in phishing scams or identity theft.
What you can do now
While much of the cybersecurity responsibility falls on companies, experts stress that individuals must also take steps to protect themselves.
Bunn advised consumers to use strong, unique passwords, enable two-factor authentication, and be cautious with unexpected emails or texts that request personal data.
For those impacted by a breach, it’s critical to monitor financial accounts for suspicious activity and consider freezing credit to prevent identity fraud. Also, check your mailbox regularly, as many breach notifications still arrive via traditional mail rather than email.
