Marriott International has revealed that its Starwood Hotel reservation database has been hacked. An investigation carried out by the company revealed that hackers have had unauthorized access to the Starwood network since 2014.

The astonishing revelation means that information of half a billion guests could have been exposed -- including sensitive personal data such as home address and passport number -- and Marriott says there is evidence that data has been copied from its network.

Continue reading →

If you're an Amazon customer you may have received a rather strange email this morning. It states that the company has, "...inadvertently disclosed your name and email address due to a technical error."

It then goes on to say, "The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action."

Continue reading →

If a website suffers a security breach you may well decide that you want to give it a wide berth. The problem is that it is impossible for individuals to keep track of all of the breaches that take place, and Mozilla wants to help out.

After teaming up with Have I Been Pwned recently, Mozilla created Firefox Monitor to help inform people about breaches, and this is now expanding to more languages. On top of this, the organization has also now launched Firefox Monitor Notifications that will issue a warning if you visit a site that has been breached.

Continue reading →

In the final quarter of 2018, the number of reported breaches is down by eight percent and the number of exposed records is down around 49 percent, from seven billion in 2017.

The latest Data Breach QuickView report from Risk Based Security shows that seven breaches exposed 100 million or more records with the 10 largest breaches accounting for 84.5 percent of the records exposed this year to date.

Continue reading →

"Data breaches have become the leading risk to data and privacy in the last ten years, and there’s no sign of an end." States the Avast Business Threat Landscape Report for 2018, and isn’t hard to believe. Over the course of 2017 there were more than 2.6 billion instances of records and data being compromised or stolen online, but in the first half of 2018 alone, data breaches exposed over 4.5 billion records.

Clearly, this is a very real threat. But while many businesses are increasing their preventative measures, the important step of creating an incident response plan is often overlooked. While any business can hope that their cyber security is enough to keep company and client data safe, it’s important not to simply assume that this will be the case.

Continue reading →

We are living in the data age. Organizations are grappling with a seemingly unending barrage of data and are challenged by how best to use it, store it and secure it. Yet data breaches and leaks continue to happen, despite security regulations becoming stricter in an attempt to help control it.

With that in mind, it’s easy to see why data protection remains a top concern for all organizations. This is especially true for government agencies, which handle some of the most sensitive information in the country. Take the Census Bureau, for example -- public concerns about the security of census data is one of the Bureau’s top issues as it prepares for the 2020 census. Lawmakers have warned that if there were a breach of census data, it could permanently damage public trust and affect the capability of this country to gather essential data in the future.

Continue reading →

Stolen login details are highly prized by cybercriminals, whether they are used to penetrate corporate networks or to make extortion emails look more convincing.

But often breached companies are slow to let users know their credentials have been stolen. This has begun to change in Europe thanks to GDPR, but in the US there is, as yet, no federal law regulating what companies must do if their users' information is stolen or compromised.

Continue reading →

Over the last few weeks you may well have received an email that quotes an old password you once used. It tells you that your account has been hacked, that malware has been placed on your machine to capture data and that you’ve been recorded watching porn.

It then demands that you cough up some Bitcoin -- amounts vary -- to prevent this webcam video from being made public on your social networks.

Continue reading →

The British Airways breach earlier this year affected around 380,000 customers and resulted in the theft of data including personal and financial details.

The threat research team at Securonix has taken an in-depth look at the breach and the Magecart threat actor behind it, to uncover how it was carried out and offer tips to mitigate and prevent future attacks.

Continue reading →

New research finds that that 83 percent of consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack.

More than a fifth (21 percent) will never return to a brand or a business post-breach, representing a significant loss of revenue, according to the study from secure payments provider PCI Pal.

Continue reading →

The first half of 2018 saw 945 data breaches which led to 4.5 billion data records being compromised worldwide, according to a new report.

The latest Breach Level Index from digital security company Gemalto shows that compared to the same period in 2017, the number of lost, stolen or compromised records increased by a massive 133 percent, though the total number of breaches slightly decreased, suggesting attacks are getting more severe.

Continue reading →

The private data of nearly half a million Google+ users was exposed to third-party developers, and Google failed to notify anyone. A bug in Google+ APIs meant that users' names, email addresses, occupations, gender and age were accessible from 2015 until Google discovered and patched the problem in March this year.

Despite the data possibly having been accessed by 438 apps, Google chose not to go public about the security breach until now. And in a dramatic move, the company has announced that it is shutting down Google+ for consumers. Google has also revealed details of Project Strobe, an audit program through which it discovered the problem.

Continue reading →

Most companies consider hacker attacks to be the most dangerous threat, but according to a new report, insiders cause the majority of security incidents by either malicious or accidental actions.

The study from threat detection specialist Netwrix looks at the experiences and plans over 1500 organizations have in addressing IT risks. The insider threat is underlined by the fact that 44 percent of respondents either don't know or are unsure what their employees are doing with sensitive data.

Continue reading →

Mozilla has partnered with Troy Hunt -- the brain behind data compromise checking service Have I Been Pwned -- to create its own data breach notification service. Called Firefox Monitor, the free service lets users check if any of their email accounts or personal data have been involved in data breaches.

More than this, Firefox Monitor can also keep an eye out for future data breaches and notify those who have signed up whether their data has been affected.

Continue reading →

A new report from cloud delivery company Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets.

Between May and June 2018, Akamai detected more than 8.3 billion malicious login attempts. However, many botnets attempt to remain in stealth mode for as long as possible.

Continue reading →