Articles about Data Breach

History appears to be repeating. Plex has announced that it has suffered a security breach, exposing user data. The last time this happened was in 2022, and users are being advised to change passwords as soon as possible.

The company is referring to it as a “security incident that may potentially involve your Plex account information”. While Plex tries to downplay the severity of the breach, the fact that “an unauthorized third party accessed a limited subset of customer data from one of our databases” is concerning – especially when you consider that this is not the first time.

Continue reading →

A new study sponsored by OPSWAT, a specialist in critical infrastructure protection, reveals that organizations face escalating risks from insider activity, legacy tools, and the growing complexity of artificial intelligence (AI).

Based on research carried out by the Ponemon Institute, the report finds that in the past two years, 61 percent of organizations have suffered file-related breaches caused by negligent or malicious insiders, at an average cost of $2.7 million per incident.

Continue reading →

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Continue reading →

Traditional runtime security solutions have tended to focus on detection and as a result generate thousands of low-fidelity alerts. Edera is launching what it says is a new software security category aimed at ending the era of 'move fast and break things'.

Edera's ‘hardened runtime’ provides production-grade sandboxing that assumes a breach before it occurs. This architectural approach eliminates the root causes of privilege escalation, lateral movement, and data exfiltration while dramatically reducing operational overhead for security teams.

Continue reading →

New research from Specops has analyzed 10 million random passwords from the billion+ breached password list used by Specops Password Auditor and finds that a startling 98.5 percent are weak.

The research defines a ‘strong’ password as having at least 15 characters in length and at least two different character classes. A long password of 15 identical-class characters (for example all lowercase) is easier to crack than one that mixes in digits or symbols.

Continue reading →

There’s a famous quote by Einstein which reads: “Insanity is doing the same thing over and over again and expecting different results.”

In cybersecurity, this saying has never been more fitting. We’ve seen years of increased investment, a figure Gartner estimates will reach $212 billion this year, yet the cost of breaches continues to rise, reaching $4.8 million in 2024. That’s 10 percent higher than 2023, according to IBM.

Continue reading →

The latest Global Threat Intelligence Report (GTIR) from Flashpoint finds that threat actors compromised over 3.2 billion credentials in 2024, a 33 percent increase from the year before.

Of these 75 percent or 2.1 billion, were sourced from information stealing malware, a dangerous new twist on an older threat that has infected over 23 million devices worldwide.

Continue reading →

New research finds that 47 percent of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network.

The study, carried out by the Ponemon Institute for Imprivata, also shows 64 percent of respondents believe these types of third-party data breaches will either increase or remain at alarmingly high levels over the next 12-24 months.

Continue reading →

Fears of a data breach dominate consumer concerns, with 64 percent naming breaches as their top privacy worry.

A new report, based on responses from almost 2,500 people around the world, released by Acronis to mark this year's Data Privacy Day, shows that in spite of heightened awareness 25 percent of respondents have experienced data theft or loss and 12 percent remain unsure if they've been breached, underlining the hidden nature of many cyberattacks.

Continue reading →

New analysis released by SecurityScorecard reveals that 97 percent of the top 100 US banks have experienced a third-party data breach in the past year.

As banks increasingly rely on third-party vendors for core functions, their exposure to supply chain vulnerabilities increases. Using the largest proprietary risk and threat intelligence dataset, SecurityScorecard's experts analyzed how third-party breaches impact the banking sector.

Continue reading →

A new survey, from infrastructure management provider Pulumi, reveals that 58 percent of organizations feel their cloud security is inadequate, underscoring the critical need for enhanced security measures in cloud environments.

This echoes research from other sources which show a 75 percent increase in cloud intrusions from 2022 to 2023, and 44 percent of organizations having faced a cloud data breach -- 14 percent reporting one in the past year.

Continue reading →

In 2024, businesses have reported taking an average of 7.3 months to recover from cybersecurity breaches -- 25 percent longer than expected and over a month past the anticipated timeline of 5.9 months.

This is among the findings of the latest Global Security Research Report from Fastly which also shows that recovery times are even worse for companies that planned on cutting back cybersecurity spending. They faced an average of 68 incidents each -- 70 percent above the average -- and their recovery times stretched to 10.9 months.

Continue reading →

Time and time again, organizations face an escalating threat to their data: Third-party breaches. As businesses increasingly rely on external vendors and partners for various services, the security of sensitive information becomes more vulnerable. This poses the question: Are traditional security measures still effective or obsolete in protecting vital information? 

There has been a notable increase in third-party breaches, with headlines featuring Snowflake, Santander and Ticketmaster as recent victims. These incidents highlight that vulnerabilities are inherent in our systems, making no organization immune to such attacks.  

Continue reading →

With a rapidly developing threat landscape, an increase in high-profile data breaches, the introduction of new legislation, and customer tolerance for poor data handling at an all-time low, the stakes are high for companies to have robust cybersecurity in place. However, despite their best efforts, companies are often found to not be doing enough to protect their assets.

Often, this is due to a case of ‘too much, too fast’. As businesses invest in new technologies, their day-to-day operations are being supported by ever more complex and fragmented technology platforms. At the same time, the amount of customer data available to them is growing and constantly streaming in, and bad actors are consistently launching more sophisticated attacks. Meanwhile, leaders are not fully aware of or own responsibility for their cybersecurity plans. As the digital world evolves with new threats and regulations, business leaders must recognize the importance of data protection. If they do not, they cannot adequately protect their customer's data and are in danger of losing their trust and even their continued existence in business.

Continue reading →

Fraudsters have used account takeovers (ATOs) to victimize 29 percent of internet users, resulting in $13 billion in losses in 2023. Over three-quarters of security leaders listed ATOs as one of the most concerning cyber threats, and the danger grows as bad actors leverage AI to launch more potent attacks.

The Snowflake breach demonstrates the devastating consequences of ATOs. Attackers gained access to 165 of the data platform’s customers’ systems, including AT&T and Ticketmaster, and exfiltrated hundreds of millions of records containing sensitive data. The attack wasn’t some brilliant hacking scheme -- the bad actors simply used legitimate credentials to log into the platform.

Continue reading →