Data Breach

It’s no secret that cybersecurity has a significant skills shortage. According to ISC2 research, the worldwide shortage is as high as 3.4 million cybersecurity workers. As a result, security professionals’ skills are in very high demand, making finding and retaining talent challenging. Swimlane’s own research shows that 82 percent of organizations report it takes three months or longer to fill a cybersecurity role, with 34 percent reporting it takes seven months or more.

The situation isn’t improving either. Some 70 percent of companies also report that it takes longer to fill a cybersecurity role now than it did two years ago. The challenge has led one-third (33 percent) of organizations to believe they will never have a fully-staffed security team with the proper skills, according to Swimlane’s survey

Swap-unwanted-stuff-for-free site Freecycle has acknowledged a security breach that took place at the end of last month. Hackers were able to access a wealth of data including usernames, User IDs, email addresses and passwords.

The organization says that it has notified the "appropriate US authorities" of the incident, as well as the Information Commissioner's Offier (ICO) in the UK. Few details of what happened have been revealed, but Freecycle is advising all members to change their account passwords as a security measure.  

Among organizations that have suffered data breaches, 58 percent were caused by avoidable issues related to digital certificates.

New research conducted by Forrester for AppViewX also shows that as a result of service outages 57 percent say their organizations have incurred costs upwards of $100,000 per outage.

Systems at the Electoral Commission, the body which oversees elections in the UK, have suffered a breach exposing electoral registers which hold the data of anyone registered to vote between 2014 and 2022. The Commission’s email system was also exposed in the breach.

In a statement on its website the Commission says it identified the incident in October last year but that systems were accessed as long ago as August 2021.

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

This marks a major shift in how data breaches are disclosed and industry figures have been quick to give their views on the effect the new rules will have.

A new survey of over 2,000 IT security analysts finds that 71 percent admit their organization may have been compromised and they don't know about it yet.

The study, from Vectra AI, details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can't cope with 67 percent of them. This leads 97 percent to worry that they'll miss important security events.

Stolen identities continue to cause massive breaches, exposing 1.5 billion user records and costing businesses an average of $9.4 million per breach in 2022, according to a new report.

The ForgeRock 2023 Identity Breach Report shows that attackers continue to target credentials and use them as a stepping stone to infiltrate an organization across industries and geographies. What’s more and AI is making it more difficult for the average human to identify threats.

The latest Security Maturity Report, published today by ClubCISO, shows 76 percent of CISOs reported no material breaches over the past year, up from 68 percent in 2022.

Despite the difficult economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 60 percent of those surveyed say that no material cyber security incident had occurred in their organization over the past 12 months.

New survey findings from Lookout show that 70 percent of IT leaders in the financial services sector report a significant increase in data breaches compared to previous years.

Nearly half of organizations (47 percent) are struggling with the heightened difficulty of detecting and mitigating threats, while about a fifth (18 percent) face a significant lack of control over their applications and data.

A breach of the Kodi user forum has exposed the personal data of over 400,000 users. The web-based MyBB admin console was accessed -- on February 16 and February 21 2023 -- and the team says it first became aware of this when a dump of the forum's database was found for sale on an internet forum.

The database dump contains a wide range of user data, including names, email addresses, IP addresses, and passwords. The data was accessed using the account of a trusted but currently inactive member of the forum admin team.

Over half of organizations say they have suffered a data breach in the past two years, an increase from 49 percent in 2022 and 39 percent in 2021.

In addition, a new report from Splunk shows 62 percent of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54 percent in 2022.

Last year Toyota suffered a data breach due to accidentally exposing a credential allowing access to customer data in a public GitHub repository.

This type of breach could be avoided if organizations turned their focus on credentials that are exposed within SaaS applications. We spoke to Corey O'Connor, director of product at SaaS security platform DoControl, about why he believes identity security needs to go beyond just protecting the keys.

Yesterday PayPal began sending out data breach notifications to thousands of its users who have had their accounts accessed via credential stuffing attacks which exposed some personal data.

BleepingComputer reports that almost 35,000 accounts were compromised in the attack which took place between December 6 and December 8, 2022.

The company behind NortonLifeLock, Gen Digital, has issued a warning to customers about a security breach that took place in December. Hackers used a credential-stuff attack to gain access to hundreds of thousands of Norton Password Manager accounts.

Gen Digital says that its own systems were not compromised, but warns affected customers that "we strongly believe that an unauthorized third party knows and has utilized your username and password for your account".