Articles about Data Breach

Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.

A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.

Continue reading →

It seems like every day we hear of a new, high-profile data breach. No longer are we shocked when some major brand is exposed for having lost data at the hands of external bad actors or unwitting internal parties. The question has switched from 'will I be breached?' to 'when will I be breached?'

In football, there’s an adage that the best offense is a good defense. In the battle against cyber attacks, it’s all about choosing the right defense to combat the ever-changing tactics used by bad actors both outside and inside your organization. In order for a team to succeed, it must find and exploit weaknesses in the opposing team’s defense. Cybersecurity is no different.

Continue reading →

Recent studies show that third-party data breaches are the most expensive cyber incidents for businesses today. The rise in associated costs has prompted not only security leadership but also executives and boards to pay close attention to the cyber risk that comes with doing business with their biggest vendors and partners. But what many business leaders don’t realize is that the biggest third-party cyber risks can come from the smallest, most seemingly innocuous places.

Take, for example, the Docker Hub cyberattack that took place this past May. While in the grand scheme a given business ecosystem, Docker Hub’s role -- a container used by developers to store image files -- is small, the extent of the damage to its customers was not.

Continue reading →

Foxit Software has revealed that it "recently" suffered a security breach in which private user data was exposed to unnamed third parties. Those whose account have been affected are being contacted and "encouraged to change their passwords".

The company -- famed for PDF applications such as Foxit Reader and PhantomPDF -- does not say when the incident took place, nor how many users are affected, but it explains that "My Account" section of user accounts was exposed. This includes data such as email addresses, passwords, users' names, phone numbers, company names and IP addresses, but not payment information.

Continue reading →

The Magecart JavaScript attack that captures online payment information has been around since 2016. A new study for Arxan Technologies produced by Aite Group takes a detailed look at the attack.

This research follows the trail of servers compromised by Magecart groups, as well as the collection servers to which the sites were actively sending stolen credit card data, in an effort to examine commonalities between victim websites and the tactics, techniques, and procedures used to compromise the servers.

Continue reading →

Hosting company Hostinger has reset passwords for all of its customers after a data breach in which a database containing information about 14 million users was accessed "by an unauthorized third party".

Hostinger says that the password reset is a "precautionary measure" and explains that the security incident occurred when hackers used an authorization token found on one of the company's servers to access an internal system API. While no financial data is thought to have been accessed, hackers were able to access "client usernames, emails, hashed passwords, first names and IP addresses".

Continue reading →

2019 is on track to be another 'worst on record' year for data breaches according to a new report from Risk Based Security which finds the number of reported breaches has gone up by 54 percent and the number of exposed records by 52 percent compared to the first six months of 2018.

It shows 3,813 breaches have been reported in the first six months of 2019, exposing more than 4.1 billion records. Eight breaches alone have exposed over 3.2 billion records, 78.6 percent of the total, between them.

Continue reading →

Are you killing your numbers? Crushing your targets? Growing your team? Leading with authenticity and building a loyal following? What a shame it is that your tenure may already be over.

While you were busy winning and shredding the competition, a cybercriminal breached your network. Don’t be too embarrassed, it happens to almost everyone these days. The average "dwell time" of an intruder is more than 100 days, so it’s hard to know exactly when that bucket of ice water was tossed on your dreams. Unfortunately, even if you’re doing everything right, recent examples illustrate that our jobs are on the line when hackers come a knockin’.

Continue reading →

A security flaw in the F5 Networks’ BIG-IP load balancer, which is popular among governments, banks, and other large corporations, could be exploited to allow network access.

F-Secure senior security consultant Christoffer Jerkeby has discovered the issue in the Tcl programming language that BIG-IP's iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script.

Continue reading →

A hacker has been arrested following a massive data breach at Capital One. The attacker -- Paige A Thompson, also known as "erratic" -- was able to access the credit applications of 100 million Americans and 6 million Canadians after exploiting a "configuration vulnerability".

In most cases, personal details such as name, date of birth, address and phone number were exposed by Thompson, but for tens of thousands of individuals, she also gained access to credit scores, Social Security numbers and account balances.

Continue reading →

We've become pretty well accustomed to large scale data breaches over recent years. But that doesn’t mean that the numbers involved aren't still significant.

Web hosting comparison site HostingTribunal has put together an infographic looking at the 15 biggest breaches of the last 15 years.

Continue reading →

According to a new report, more than half of all C-suite executives (53 percent) and 28 percent of small business owners who suffered a data breach say that human error or accidental loss by an external vendor/source was the cause.

The annual data protection report from information security service Shred-It also finds 21 percent of executives and 28 percent of small business owners admit deliberate theft or sabotage by an employee/insider was the cause of the data breach.

Continue reading →

Hackers have stolen the photographs of travellers entering and leaving the US, as well as photos of their license plates, US Customs and Border Protection (CBP) has said.

The cyberattack was carried out on the network of a federal subcontractor, and the images were taken as part of a "malicious cyberattack". Although the hack attack has only just been revealed publicly, CBP first learned of it on May 31.

Continue reading →

A global survey of over 1,000 IT security decision makers by privileged access management specialist BeyondTrust reveals that 64 percent believe they've had either a direct or indirect breach due to employee access in the last year, and 62 percent believe they've had a breach due to vendor access.

Employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, is cited as a problem by 60 percent of organizations, while colleagues telling each other passwords was also an issue for 58 percent of organizations in 2019.

Continue reading →

Medical testing firm and clinical laboratory Quest Diagnostics has revealed that a data breach has led to the records of nearly 12 million of its customers being exposed. The data includes financial data, Social Security numbers and medical information.

Quest Diagnostics was itself not the target of hackers, but the American Medical Collection Agency (AMCA) was. The company is used by Optum360 for billing collections services, and Optum360 is used by Quest Diagnostics.

Continue reading →