Articles about Data Breach

While large healthcare providers have lots of juicy data to tempt cybercriminals, they are also likely to have strong defenses.

It's not too surprising then that a new report from managed detection and response provider Critical Insight shows that in the first half of this year attackers have shifted their attentions to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.

Continue reading →

Plex has emailed its users to warn about a security indecent it has become aware of. While the subject line of the email refers to a "potential data breach", the body goes on to talk about suspicious activity and a third-party gaining access to part of a database.

The company says that the exposed data included emails, usernames and encrypted passwords. Although all passwords were secured and hashed, all Plex users are required to change their security credentials out of an "abundance of caution".

Continue reading →

We all know that stolen information is traded on the dark web, and new research by Trustwave looks at what is available and how much it costs. It also uncovers the additional services that are being offered to make it easier to commit fraud.

Details of a stolen credit card can be bought for as little as $8. Much more valuable though is a card with 'fullz' -- extra information on the victim that makes the card more usable. These can cost up to $70.

Continue reading →

According to a new report 94 percent of companies have experienced security problems in production APIs in the past year, with 20 percent saying the organization suffered a data breach as a result.

The latest State of API Security Report from Salt Security also finds that found that API attack traffic has more than doubled in the past 12 months with a 117 percent increase. In the same period overall API traffic grew 168 percent, highlighting the continued explosion of enterprise API usage.

Continue reading →

A new report released today by ForgeRock shows the average cost of a breach in the US has increased by 16 percent to $9.5m, making the US the costliest place in the world to recover from a breach.

It also reveals a massive 297 percent surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers and representing almost 25 percent of all breaches.

Continue reading →

Popular NFT marketplace OpenSea has started issuing emails to its users warning them of a leak of customer data.

OpenSea says that an employee of its email delivery vendor, Customer.io, abused their position to access and share email addresses with an unauthorized third party. The company has not given an indication of the number of users affected by the data breach, but has warned of an increased risk of phishing attacks. With the number of active users of OpenSea reported to be around 2 million -- and this does not include people who have just signed up for a newsletter -- the potential impact is huge.

Continue reading →

New analysis by CybSafe of data from the UK Information Commissioner's Office shows 80 percent of data breaches reported in 2021 were caused by user error.

A total of 2,692 reports were sent to the ICO last year 80 percent of which could be attributed to actions taken by end-users, though this is down from 90 percent in 2020.

Continue reading →

A security breach can lead to serious reputational and legal issues for enterprises. The speed and effectiveness with which they are able to respond to incidents is therefore crucial.

Larry Gagnon, senior vice president, global incident response at eSentire, believes that the way to address this is by greater automation incident response. We talked to him to find out more.

Continue reading →

A new study shows 47 percent of security leaders do not believe they will be breached despite the increasing sophistication and frequency of attacks.

The survey of 1,000 IT and security professionals across eight countries, conducted by The Enterprise Strategy Group for Illumio finds in the past two years alone 76 percent have been attacked by ransomware and 66 percent have experienced at least one software supply chain attack.

Continue reading →

New analysis of data breaches in the UK legal sector reveals that 68 percent were caused by insiders.

Analysis by secure cloud platform NetDocuments of data from the Information Commissioner's Office (ICO) reveals evidence of a 'Great Exfiltration' where employees are leaving their jobs and taking their company's data with them.

Continue reading →

The infamous Equifax data breach dominated headlines in 2017. The social security numbers, driver's license numbers, names, dates of birth, addresses -- and in some cases credit card numbers -- of 148 million individuals were exposed. With over half of the U.S. population affected, the credit reporting giant spent $1.4 billion in damage control, including paying customers out up to $20,000 and providing them with ongoing fraud assistance and monitoring.

This wasn’t the first breach of its kind to occur, and it certainly won’t be the last: Uber, Facebook, and Google have also been hit, to name a few. But perhaps the most alarming part about attacks like the Equifax breach is that -- at just over four years post-breach -- we’re still not out of the woods yet. And we might never be full. Major breaches leave us vulnerable long after the dust has settled. With more people’s personal identifiable information now readily available to be exploited, it’s only a matter of time.

Continue reading →

Three out of five organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months, according to a new study.

Research from email security company Tessian and the Ponemon Institute shows 65 percent of over 600 IT security practitioners surveyed see email as the riskiest channel, followed by 62 percent for cloud file sharing and 57 percent for instant messaging.

Continue reading →

In early March 2022, authentication security company Okta reported that there had been an attempt to compromise the account of a third-party customer support engineer from Sitel in January. The organization released a statement claiming that the matter had been investigated and contained.

Okta CSO David Bradbury later admitted that up to 366 customers may have been breached, apologizing for not notifying customers earlier. In the weeks since the attack, Okta has released a conflicting statement arguing that the attack affected just two customers, although this is perhaps naïve and hard to prove. Okta has said it recognizes the broad toll this kind of compromise can have on customers, but there is little to suggest that the attackers aren’t already lying dormant inside the networks of further customers.

Continue reading →

I reuse passwords regularly. But, here’s the thing -- I only do so on websites where that doesn’t matter. Sites that I don’t need to revisit regularly, or at all, and which don’t hold any personal information on me. Those passwords tend to be short and easy to guess, and get leaked in breaches all the time. It’s no big deal.

What is a big deal, however, is when one of my carefully curated, long, complicated and never reused passwords gets leaked. And that can, and does, happen. There are a number of ways to find out if your passwords have been compromised, including using HaveIBeenPwned. But for this article I’m going to show you the best and easiest ways to find out what passwords have been leaked. I will warn you now, you may be in for a very nasty surprise.

Continue reading →

It's hard not to feel just a little bit sorry for the Russians at the moment. First the Ukrainians keep blowing up their tanks, and now it seems the country has topped the charts in terms of breached accounts from January to March this year.

A study by Surfshark shows that since the start of the invasion of Ukraine in March, 136 percent more Russian accounts have been breached than in February. Ukraine meanwhile appeared in 67 percent fewer breaches than in the quarter before the war.

Continue reading →