Articles about Data Breach

Two AI companion apps leaked millions of private conversations, more than 600,000 images and videos, and detailed usage data from over 400,000 users.

The exposed information included in-app transactions showing that some users spent thousands of dollars on their virtual partners, raising serious questions about data privacy in AI relationship platforms.

Continue reading →

The personal data of Discord users has been exposed after a third-party customer service provider suffered a data breach.

Hackers were able to obtain support tickets from an unnamed company used by Discord to provide support. From this, they were then able to gain access to data including names and government-issued IDs.

Continue reading →

A group of hackers calling itself the Crimson Collective says that it has compromised GitLab instances belonging to Red Hat and stolen hundreds of gigabytes of data.

Red Hat has confirmed that it has suffered a data breach, but is yet to provide much in the way of details. The hacking group says that it managed to access 28,000 internal development repositories, and has stolen almost 570GB of compressed data.

Continue reading →

Cyber security has been big news in the UK this year, with businesses from retail to automotive facing attempted breaches and service disruption. Experts warn that attacks are becoming ever more sophisticated and damaging.

In recent months, high-profile incidents have included the ongoing disruption to Jaguar Land Rover’s global production lines, and well published breaches of Marks & Spencer and the Co-op in the summer. Now luxury department store Harrods has confirmed that customer data had been exposed through a third-party service provider.

Continue reading →

History appears to be repeating. Plex has announced that it has suffered a security breach, exposing user data. The last time this happened was in 2022, and users are being advised to change passwords as soon as possible.

The company is referring to it as a “security incident that may potentially involve your Plex account information”. While Plex tries to downplay the severity of the breach, the fact that “an unauthorized third party accessed a limited subset of customer data from one of our databases” is concerning – especially when you consider that this is not the first time.

Continue reading →

A new study sponsored by OPSWAT, a specialist in critical infrastructure protection, reveals that organizations face escalating risks from insider activity, legacy tools, and the growing complexity of artificial intelligence (AI).

Based on research carried out by the Ponemon Institute, the report finds that in the past two years, 61 percent of organizations have suffered file-related breaches caused by negligent or malicious insiders, at an average cost of $2.7 million per incident.

Continue reading →

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Continue reading →

Traditional runtime security solutions have tended to focus on detection and as a result generate thousands of low-fidelity alerts. Edera is launching what it says is a new software security category aimed at ending the era of 'move fast and break things'.

Edera's ‘hardened runtime’ provides production-grade sandboxing that assumes a breach before it occurs. This architectural approach eliminates the root causes of privilege escalation, lateral movement, and data exfiltration while dramatically reducing operational overhead for security teams.

Continue reading →

New research from Specops has analyzed 10 million random passwords from the billion+ breached password list used by Specops Password Auditor and finds that a startling 98.5 percent are weak.

The research defines a ‘strong’ password as having at least 15 characters in length and at least two different character classes. A long password of 15 identical-class characters (for example all lowercase) is easier to crack than one that mixes in digits or symbols.

Continue reading →

There’s a famous quote by Einstein which reads: “Insanity is doing the same thing over and over again and expecting different results.”

In cybersecurity, this saying has never been more fitting. We’ve seen years of increased investment, a figure Gartner estimates will reach $212 billion this year, yet the cost of breaches continues to rise, reaching $4.8 million in 2024. That’s 10 percent higher than 2023, according to IBM.

Continue reading →

The latest Global Threat Intelligence Report (GTIR) from Flashpoint finds that threat actors compromised over 3.2 billion credentials in 2024, a 33 percent increase from the year before.

Of these 75 percent or 2.1 billion, were sourced from information stealing malware, a dangerous new twist on an older threat that has infected over 23 million devices worldwide.

Continue reading →

New research finds that 47 percent of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network.

The study, carried out by the Ponemon Institute for Imprivata, also shows 64 percent of respondents believe these types of third-party data breaches will either increase or remain at alarmingly high levels over the next 12-24 months.

Continue reading →

Fears of a data breach dominate consumer concerns, with 64 percent naming breaches as their top privacy worry.

A new report, based on responses from almost 2,500 people around the world, released by Acronis to mark this year's Data Privacy Day, shows that in spite of heightened awareness 25 percent of respondents have experienced data theft or loss and 12 percent remain unsure if they've been breached, underlining the hidden nature of many cyberattacks.

Continue reading →

New analysis released by SecurityScorecard reveals that 97 percent of the top 100 US banks have experienced a third-party data breach in the past year.

As banks increasingly rely on third-party vendors for core functions, their exposure to supply chain vulnerabilities increases. Using the largest proprietary risk and threat intelligence dataset, SecurityScorecard's experts analyzed how third-party breaches impact the banking sector.

Continue reading →

A new survey, from infrastructure management provider Pulumi, reveals that 58 percent of organizations feel their cloud security is inadequate, underscoring the critical need for enhanced security measures in cloud environments.

This echoes research from other sources which show a 75 percent increase in cloud intrusions from 2022 to 2023, and 44 percent of organizations having faced a cloud data breach -- 14 percent reporting one in the past year.

Continue reading →