Articles about Data Breach

Systems at the Electoral Commission, the body which oversees elections in the UK, have suffered a breach exposing electoral registers which hold the data of anyone registered to vote between 2014 and 2022. The Commission’s email system was also exposed in the breach.

In a statement on its website the Commission says it identified the incident in October last year but that systems were accessed as long ago as August 2021.

Continue reading →

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

Continue reading →

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

This marks a major shift in how data breaches are disclosed and industry figures have been quick to give their views on the effect the new rules will have.

Continue reading →

A new survey of over 2,000 IT security analysts finds that 71 percent admit their organization may have been compromised and they don't know about it yet.

The study, from Vectra AI, details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can't cope with 67 percent of them. This leads 97 percent to worry that they'll miss important security events.

Continue reading →

Stolen identities continue to cause massive breaches, exposing 1.5 billion user records and costing businesses an average of $9.4 million per breach in 2022, according to a new report.

The ForgeRock 2023 Identity Breach Report shows that attackers continue to target credentials and use them as a stepping stone to infiltrate an organization across industries and geographies. What’s more and AI is making it more difficult for the average human to identify threats.

Continue reading →

The latest Security Maturity Report, published today by ClubCISO, shows 76 percent of CISOs reported no material breaches over the past year, up from 68 percent in 2022.

Despite the difficult economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 60 percent of those surveyed say that no material cyber security incident had occurred in their organization over the past 12 months.

Continue reading →

New survey findings from Lookout show that 70 percent of IT leaders in the financial services sector report a significant increase in data breaches compared to previous years.

Nearly half of organizations (47 percent) are struggling with the heightened difficulty of detecting and mitigating threats, while about a fifth (18 percent) face a significant lack of control over their applications and data.

Continue reading →

A breach of the Kodi user forum has exposed the personal data of over 400,000 users. The web-based MyBB admin console was accessed -- on February 16 and February 21 2023 -- and the team says it first became aware of this when a dump of the forum's database was found for sale on an internet forum.

The database dump contains a wide range of user data, including names, email addresses, IP addresses, and passwords. The data was accessed using the account of a trusted but currently inactive member of the forum admin team.

Continue reading →

Over half of organizations say they have suffered a data breach in the past two years, an increase from 49 percent in 2022 and 39 percent in 2021.

In addition, a new report from Splunk shows 62 percent of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54 percent in 2022.

Continue reading →

Last year Toyota suffered a data breach due to accidentally exposing a credential allowing access to customer data in a public GitHub repository.

This type of breach could be avoided if organizations turned their focus on credentials that are exposed within SaaS applications. We spoke to Corey O'Connor, director of product at SaaS security platform DoControl, about why he believes identity security needs to go beyond just protecting the keys.

Continue reading →

Yesterday PayPal began sending out data breach notifications to thousands of its users who have had their accounts accessed via credential stuffing attacks which exposed some personal data.

BleepingComputer reports that almost 35,000 accounts were compromised in the attack which took place between December 6 and December 8, 2022.

Continue reading →

The company behind NortonLifeLock, Gen Digital, has issued a warning to customers about a security breach that took place in December. Hackers used a credential-stuff attack to gain access to hundreds of thousands of Norton Password Manager accounts.

Gen Digital says that its own systems were not compromised, but warns affected customers that "we strongly believe that an unauthorized third party knows and has utilized your username and password for your account".

Continue reading →

Health care data breaches affected almost 250 million people from 2005 to 2019. But there are ways your medical practice can prevent these breaches and protect your patients’ private health information. Access monitoring is one such way.

As its name indicates, access monitoring occurs when a person or system’s use (access) of a computer system is evaluated (monitored). It’s a process that observes and analyzes what happened when a user accessed a system during a session.

Continue reading →

Despite the endless amount of information that is available on cyber security and ransomware, alongside technology providers waxing lyrical about breach prevention, the view that "it’ll never happen to us" is still prevalent -- not just among smaller businesses, but surprisingly in bigger organizations too.

So, when the breach actually happens, and the bad actors demand a ransom, frequently, organizations’ reflex reaction is to make the ransom payment as a way of "making it go away".

Continue reading →

September this year marked five years since the notorious Equifax data breach which exposed the social security numbers, birthdates, credit card details, and more of millions of customers.

But how much has the industry learned from this breach? And what measures can be used to help avoid similar issues in the future? We spoke to Ian Coe, co-founder at Tonic.ai to find out why fake data might be the answer.

Continue reading →