Timehop admits its security breach was worse than first thought

Timehop on mobile

The security breach suffered by Timehop on July 4 was much more serious than the company first thought. In an update to its original announcement, the company has revealed that while the number of account affected by the breach -- 21 million -- has not changed, the range of personal data accessed by hackers is much broader.

Timehop has released an updated timeline of events, having initially felt forced by new GDPR rules to publish some details of the breach before all information had been gathered. The company says that it is also unsure of where it stands with GDPR, and is working with specialists and EU authorities to ensure compliance.

Continue reading

Adidas data breach may have exposed personal data of American customers

Adidas shopping bag

Sportswear company Adidas has warned US customers about a security breach that took place earlier this week.

The firm says that on Tuesday it was made aware that "an unauthorized party claims to have acquired limited data associated with certain Adidas consumers". Two days later, the company started to notify its customers that personal data -- including contact information and usernames -- may have been compromised.

Continue reading

Three steps to avoid being the next victim of an insider data breach

insider threat

You may be wondering why I’ve chosen to specifically focus on "insider" breaches. The answer is simple, virtually every breach of any consequence has been the result of abuse, misuse, or hijacking of legitimate user credentials. More often than not the credential in question is an administrative login such as root (aka Superuser), database administrator, system administrator, or any of the myriad of admin accounts that proliferate every business system that processes and stores sensitive data.

Let me start by providing you with some background.

Continue reading