Articles about Data Breach

While the world of cybersecurity has always been fairly unpredictable, what’s certain is that data breaches are on the rise. But what’s driving this trend, how long will it continue, and what can organizations do about it?

According to the 2023 Annual Data Breach Report by the Identity Theft Resource Center (ITRC), a non-profit organization, data compromises have leapt up in the past two years. From the previous record of 1,860 in 2021 they dropped slightly to 1,801 in 2022 but rebounded to reach a new high of 3,205 last year. That’s an increase of 72 percent over just two years.

Continue reading →

The exposure of an organization's sensitive data or personal customer records can be detrimental to a company’s reputation. It may also result in severe financial implications due to regulatory fines and associated legal fees. Therefore, organizations must enhance their cybersecurity landscape as cybercrime and ransomware attacks increase exponentially.

This is supported by findings from the recent UK Cyber Security Breach Survey 2024, which states that 50 percent of UK businesses reported to have suffered a cyber-attack or breach in the last 12 months. Equally concerning is the global average cost of a breach which reached up to $4.45 million in 2023 according to Statista.

Continue reading →

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences. New research from SecurityScorecard and The Cyentia Institute identified 99 percent of Global 2000 companies are directly connected to vendors that have had recent breaches.

The study shows that 20 percent of these large enterprises use a thousand or more products. Supply chain incidents cost 17 times more to remediate and manage than first-party breaches.

Continue reading →

Details are continuing to emerge daily on the hacking of Snowflake customers who have had their data stolen in what is shaping up to be one of the most significant attacks in years. So far, at least 165 of Snowflake’s customers, including household names like Ticketmaster, Santander Bank, and Advanced Auto Parts, have been identified as having their data impacted in this incident. 

While initial reports indicated that Snowflake itself had been hacked, with some evidence pointing to a former employee’s demo account having been compromised, this attack was actually far more interesting because of what it tells us about the current state of security in the cloud.

Continue reading →

Half of IT professionals believe there are devices connected to their network that they're unaware of, despite nearly 60 percent admitting that insecure devices pose a 'very high' or 'high' risk to their organization.

This is among the findings of a survey of 250 IT professionals by Advanced Cyber Defence Systems (ACDS) which also finds over two-thirds of organizations have experienced three or more data breaches in the past 24 months.

Continue reading →

Over 58,000 unique websites from around the world are vulnerable to data breaches and even complete takeovers according to new research.

The Cybernews research team has investigated publicly exposed environment files (.env) that should be kept private and protected at all costs. These files hold passwords, API keys, and other secrets that websites need to access databases, mail servers, payment processors, content management systems, and various other services.

Continue reading →

Think you’ve been hit by a cyber-attack? You need to move fast, but what immediate actions should you take, or should you not take?  Here’s a Cyber Incident Responder’s guide to steer you through the turmoil. The actions your team takes -- or doesn’t take -- can greatly impact the overall duration of recovery, cost, and the potential to uncover vital evidence left by threat actors within your infrastructure.

Identifying a cyber security incident can be challenging. Many threat actors have mastered the art of quietly infiltrating IT systems and hiding their digital footprints. Not all cyber-attacks are as overt as encryption-based ransomware or mandate fraud. The rise of encryption-less ransomware and corporate and state-level espionage is concerning. These silent intruders can lead to data and intellectual property (IP) loss, diminished competitive edge or market share, potential regulatory fines, and reputational damage.  All of which can be just as devastating, if not more so, to an organization, its employees, and investors, than a single ransomware incident.

Continue reading →

New research from Tenable reveals that 95 percent of 600 organizations surveyed suffered a cloud-related breach in the previous 18 months.

An additional 29 percent reported the breach caused 'significant' harm, which is defined as any adverse consequences to someone or an organization if the confidentiality of PII were breached.

Continue reading →

A new study from Prevalent shows third-party Breaches have risen 49 percent year-on-year, increasing threefold since 2021.

The survey of IT professionals conducted in February and March this year shows 61 percent of companies experienced a third-party data breach or cybersecurity incident last year.

Continue reading →

A new report based on data gathered from over 40 million exposures presenting high-impact risks to millions of critical business entities, finds that identity and credential misconfigurations represent 80 percent of security exposures across organizations.

The report, from exposure management specialist XM Cyber based on data analyzed by the Cyentia Institute, shows a third of these exposures put critical assets at direct risk of breach -- an attack vector actively being exploited by adversaries.

Continue reading →

According to a new report, 80 percent of insured companies that have suffered a data breach didn't have sufficient coverage for the incident.

The study, from cybersecurity optimization platform CYE, finds the average coverage gap is 350 percent, which means that more than 75 percent of the incident was not covered.

Continue reading →

With so many data breaches having taken place it's almost inevitable that at least some of your personal information has been exposed online. But finding out exactly what can be tricky.

Malwarebytes is launching a new web portal that gives individuals deep visibility into their exposed personal information, so anyone can easily see where and when a breach compromised their data, types of data exposed, and specific personal data for sale on the dark web.

Continue reading →

According to the latest threat research from SecurityScorecard, 21 percent of S&P 500 companies experienced breaches in 2023.

The report shows that 25 percent of these breaches impacted financial services and insurance companies. Financial institutions have some of the most robust security programs because they have substantial money and assets. But the interconnected nature of the financial sector means that compromising one institution or commonly used product can lead to broader impacts across the entire industry.

Continue reading →

Last year saw a 34.5 percent year-on-year increase in reported data breach incidents, with over 17 billion records compromised according to a new report from Flashpoint.

This trend looks set to continue as the first two months of 2024 alone saw a massive 429 percent spike in stolen or leaked personal data compared to the same period in the previous year.

Continue reading →

A rise in identity-based attacks can be laid at the door of a rapid increase in malware, according to a new report. Analysis by SpyCloud finds that 61 percent of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related.

Researchers also report that the average identity had a one in five chance of already being the victim of an infostealer infection. Infostealer malware enables criminals to collect vast amounts of information about the user and the device, including a user's session cookies, API keys and webhooks, crypto wallet addresses, and more.

Continue reading →