Articles about Data Breach

Email is now the preferred communication method for businesses, but this brings with it greater risk of employees leaking data due to errors or deliberate activity.

A survey from data security company Egress shows that of employees who had accidentally shared data almost half (48 percent) say they had been rushing, 30 percent blamed a high-pressure working environment and 29 percent said it happened because they were tired.

Continue reading →

New research from Kaspersky finds that the cost of enterprise data breaches has risen from $1.23 million last year to $1.41 million in 2019.

At the same time enterprise organizations have invested more in cybersecurity, with IT security budgets averaging $18.9 million compared to $8.9 million in 2018.

Continue reading →

Around two thirds of businesses have experienced a data breach in the last year and seemingly innocent workplace mistakes could be one of the main causes.

A new report produced by the Ponemon Institute for document security specialist Shred-it reveals that 71 percent of managers have seen or picked up confidential documents left on a printer.

Continue reading →

One year ago this week Facebook suffered a massive data breach that prompted the company to reset access for around 90 million accounts.

A year on from this event what has been done to make users' data more secure and are people becoming more aware of the risks to their privacy from using social networks and other sites? We spoke to Fouad Khalil VP of compliance at SecurityScorecard to discuss these things and more.

Continue reading →

A new study from Optiv Security shows that 58 percent of CISOs think experiencing a data breach makes them more attractive to potential employers.

The survey results show a fundamental change in how senior executives and board members perceive cybersecurity, with 96 percent agreeing that senior executives have a better understanding than they did five years ago.

Continue reading →

Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.

A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.

Continue reading →

It seems like every day we hear of a new, high-profile data breach. No longer are we shocked when some major brand is exposed for having lost data at the hands of external bad actors or unwitting internal parties. The question has switched from 'will I be breached?' to 'when will I be breached?'

In football, there’s an adage that the best offense is a good defense. In the battle against cyber attacks, it’s all about choosing the right defense to combat the ever-changing tactics used by bad actors both outside and inside your organization. In order for a team to succeed, it must find and exploit weaknesses in the opposing team’s defense. Cybersecurity is no different.

Continue reading →

Recent studies show that third-party data breaches are the most expensive cyber incidents for businesses today. The rise in associated costs has prompted not only security leadership but also executives and boards to pay close attention to the cyber risk that comes with doing business with their biggest vendors and partners. But what many business leaders don’t realize is that the biggest third-party cyber risks can come from the smallest, most seemingly innocuous places.

Take, for example, the Docker Hub cyberattack that took place this past May. While in the grand scheme a given business ecosystem, Docker Hub’s role -- a container used by developers to store image files -- is small, the extent of the damage to its customers was not.

Continue reading →

Foxit Software has revealed that it "recently" suffered a security breach in which private user data was exposed to unnamed third parties. Those whose account have been affected are being contacted and "encouraged to change their passwords".

The company -- famed for PDF applications such as Foxit Reader and PhantomPDF -- does not say when the incident took place, nor how many users are affected, but it explains that "My Account" section of user accounts was exposed. This includes data such as email addresses, passwords, users' names, phone numbers, company names and IP addresses, but not payment information.

Continue reading →

The Magecart JavaScript attack that captures online payment information has been around since 2016. A new study for Arxan Technologies produced by Aite Group takes a detailed look at the attack.

This research follows the trail of servers compromised by Magecart groups, as well as the collection servers to which the sites were actively sending stolen credit card data, in an effort to examine commonalities between victim websites and the tactics, techniques, and procedures used to compromise the servers.

Continue reading →

Hosting company Hostinger has reset passwords for all of its customers after a data breach in which a database containing information about 14 million users was accessed "by an unauthorized third party".

Hostinger says that the password reset is a "precautionary measure" and explains that the security incident occurred when hackers used an authorization token found on one of the company's servers to access an internal system API. While no financial data is thought to have been accessed, hackers were able to access "client usernames, emails, hashed passwords, first names and IP addresses".

Continue reading →

2019 is on track to be another 'worst on record' year for data breaches according to a new report from Risk Based Security which finds the number of reported breaches has gone up by 54 percent and the number of exposed records by 52 percent compared to the first six months of 2018.

It shows 3,813 breaches have been reported in the first six months of 2019, exposing more than 4.1 billion records. Eight breaches alone have exposed over 3.2 billion records, 78.6 percent of the total, between them.

Continue reading →

Are you killing your numbers? Crushing your targets? Growing your team? Leading with authenticity and building a loyal following? What a shame it is that your tenure may already be over.

While you were busy winning and shredding the competition, a cybercriminal breached your network. Don’t be too embarrassed, it happens to almost everyone these days. The average "dwell time" of an intruder is more than 100 days, so it’s hard to know exactly when that bucket of ice water was tossed on your dreams. Unfortunately, even if you’re doing everything right, recent examples illustrate that our jobs are on the line when hackers come a knockin’.

Continue reading →

A security flaw in the F5 Networks’ BIG-IP load balancer, which is popular among governments, banks, and other large corporations, could be exploited to allow network access.

F-Secure senior security consultant Christoffer Jerkeby has discovered the issue in the Tcl programming language that BIG-IP's iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script.

Continue reading →

A hacker has been arrested following a massive data breach at Capital One. The attacker -- Paige A Thompson, also known as "erratic" -- was able to access the credit applications of 100 million Americans and 6 million Canadians after exploiting a "configuration vulnerability".

In most cases, personal details such as name, date of birth, address and phone number were exposed by Thompson, but for tens of thousands of individuals, she also gained access to credit scores, Social Security numbers and account balances.

Continue reading →