Data Breach

A new report reveals that 92 percent of organizations that experienced a security incident in the past year believe stronger cyber hygiene could have prevented it, underscoring how persistent execution gaps continue to leave organizations exposed to preventable risk.

The study by Sapio Research for Swimlane shows that despite unprecedented spending on cybersecurity tools and services, foundational security practices remain inconsistent and often overlooked.

A new report, based on a global survey of 250 decision makers at large financial services organizations of over 5,000 employees, shows that 82 percent have suffered a data breach via cyberattack, or a data leak, an unintentional exposure of sensitive data, in the past year.

The report from Blancco Technology Group finds 43 percent of breaches or leaks were attributed to stolen devices and drives.

Date breaches affecting businesses and online services are ever more frequent and can affect anyone who is unfortunate enough to be a customer or supplier.

Finding out the facts about a breach can be tricky, however, as information is heavily reliant on self-disclosure. Proton is launching its Data Breach Observatory, which delivers a truer picture of the risks by monitoring and reporting cyberattacks and data breaches based on data sourced directly from the dark web.

Two AI companion apps leaked millions of private conversations, more than 600,000 images and videos, and detailed usage data from over 400,000 users.

The exposed information included in-app transactions showing that some users spent thousands of dollars on their virtual partners, raising serious questions about data privacy in AI relationship platforms.

The personal data of Discord users has been exposed after a third-party customer service provider suffered a data breach.

Hackers were able to obtain support tickets from an unnamed company used by Discord to provide support. From this, they were then able to gain access to data including names and government-issued IDs.

A group of hackers calling itself the Crimson Collective says that it has compromised GitLab instances belonging to Red Hat and stolen hundreds of gigabytes of data.

Red Hat has confirmed that it has suffered a data breach, but is yet to provide much in the way of details. The hacking group says that it managed to access 28,000 internal development repositories, and has stolen almost 570GB of compressed data.

Cyber security has been big news in the UK this year, with businesses from retail to automotive facing attempted breaches and service disruption. Experts warn that attacks are becoming ever more sophisticated and damaging.

In recent months, high-profile incidents have included the ongoing disruption to Jaguar Land Rover’s global production lines, and well published breaches of Marks & Spencer and the Co-op in the summer. Now luxury department store Harrods has confirmed that customer data had been exposed through a third-party service provider.

History appears to be repeating. Plex has announced that it has suffered a security breach, exposing user data. The last time this happened was in 2022, and users are being advised to change passwords as soon as possible.

The company is referring to it as a “security incident that may potentially involve your Plex account information”. While Plex tries to downplay the severity of the breach, the fact that “an unauthorized third party accessed a limited subset of customer data from one of our databases” is concerning – especially when you consider that this is not the first time.

A new study sponsored by OPSWAT, a specialist in critical infrastructure protection, reveals that organizations face escalating risks from insider activity, legacy tools, and the growing complexity of artificial intelligence (AI).

Based on research carried out by the Ponemon Institute, the report finds that in the past two years, 61 percent of organizations have suffered file-related breaches caused by negligent or malicious insiders, at an average cost of $2.7 million per incident.

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Traditional runtime security solutions have tended to focus on detection and as a result generate thousands of low-fidelity alerts. Edera is launching what it says is a new software security category aimed at ending the era of 'move fast and break things'.

Edera's ‘hardened runtime’ provides production-grade sandboxing that assumes a breach before it occurs. This architectural approach eliminates the root causes of privilege escalation, lateral movement, and data exfiltration while dramatically reducing operational overhead for security teams.

New research from Specops has analyzed 10 million random passwords from the billion+ breached password list used by Specops Password Auditor and finds that a startling 98.5 percent are weak.

The research defines a ‘strong’ password as having at least 15 characters in length and at least two different character classes. A long password of 15 identical-class characters (for example all lowercase) is easier to crack than one that mixes in digits or symbols.

There’s a famous quote by Einstein which reads: “Insanity is doing the same thing over and over again and expecting different results.”

In cybersecurity, this saying has never been more fitting. We’ve seen years of increased investment, a figure Gartner estimates will reach $212 billion this year, yet the cost of breaches continues to rise, reaching $4.8 million in 2024. That’s 10 percent higher than 2023, according to IBM.

The latest Global Threat Intelligence Report (GTIR) from Flashpoint finds that threat actors compromised over 3.2 billion credentials in 2024, a 33 percent increase from the year before.

Of these 75 percent or 2.1 billion, were sourced from information stealing malware, a dangerous new twist on an older threat that has infected over 23 million devices worldwide.

New research finds that 47 percent of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network.

The study, carried out by the Ponemon Institute for Imprivata, also shows 64 percent of respondents believe these types of third-party data breaches will either increase or remain at alarmingly high levels over the next 12-24 months.