Articles about Data Breach

The infamous Equifax data breach dominated headlines in 2017. The social security numbers, driver's license numbers, names, dates of birth, addresses -- and in some cases credit card numbers -- of 148 million individuals were exposed. With over half of the U.S. population affected, the credit reporting giant spent $1.4 billion in damage control, including paying customers out up to $20,000 and providing them with ongoing fraud assistance and monitoring.

This wasn’t the first breach of its kind to occur, and it certainly won’t be the last: Uber, Facebook, and Google have also been hit, to name a few. But perhaps the most alarming part about attacks like the Equifax breach is that -- at just over four years post-breach -- we’re still not out of the woods yet. And we might never be full. Major breaches leave us vulnerable long after the dust has settled. With more people’s personal identifiable information now readily available to be exploited, it’s only a matter of time.

Continue reading →

Three out of five organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months, according to a new study.

Research from email security company Tessian and the Ponemon Institute shows 65 percent of over 600 IT security practitioners surveyed see email as the riskiest channel, followed by 62 percent for cloud file sharing and 57 percent for instant messaging.

Continue reading →

In early March 2022, authentication security company Okta reported that there had been an attempt to compromise the account of a third-party customer support engineer from Sitel in January. The organization released a statement claiming that the matter had been investigated and contained.

Okta CSO David Bradbury later admitted that up to 366 customers may have been breached, apologizing for not notifying customers earlier. In the weeks since the attack, Okta has released a conflicting statement arguing that the attack affected just two customers, although this is perhaps naïve and hard to prove. Okta has said it recognizes the broad toll this kind of compromise can have on customers, but there is little to suggest that the attackers aren’t already lying dormant inside the networks of further customers.

Continue reading →

I reuse passwords regularly. But, here’s the thing -- I only do so on websites where that doesn’t matter. Sites that I don’t need to revisit regularly, or at all, and which don’t hold any personal information on me. Those passwords tend to be short and easy to guess, and get leaked in breaches all the time. It’s no big deal.

What is a big deal, however, is when one of my carefully curated, long, complicated and never reused passwords gets leaked. And that can, and does, happen. There are a number of ways to find out if your passwords have been compromised, including using HaveIBeenPwned. But for this article I’m going to show you the best and easiest ways to find out what passwords have been leaked. I will warn you now, you may be in for a very nasty surprise.

Continue reading →

It's hard not to feel just a little bit sorry for the Russians at the moment. First the Ukrainians keep blowing up their tanks, and now it seems the country has topped the charts in terms of breached accounts from January to March this year.

A study by Surfshark shows that since the start of the invasion of Ukraine in March, 136 percent more Russian accounts have been breached than in February. Ukraine meanwhile appeared in 67 percent fewer breaches than in the quarter before the war.

Continue reading →

A new survey of more than 1,200 security leaders reveals they've seen an increase in cyberattacks while their teams are facing widening talent gaps.

According to the latest State of Security report from Splunk 65 percent of respondents say they have seen an increase in attempted cyberattacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.

Continue reading →

A new study from Israel-based XM Cyber, based on findings from nearly two million endpoints, files, folders and cloud resources throughout 2021, shows 94 percent of critical assets can be compromised within just four steps of the initial breach point.

The research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premise, multi-cloud and hybrid environments, and developed tips for thwarting them.

Continue reading →

In the light of President Biden's new legislation requiring critical infrastructure organizations to disclose cyber incidents to the government within 72 hours, new research from BitSight shows how unprepared many are to meet the strict disclosure requirements.

Based on analysis of more than 12,000 publicly disclosed cyber incidents between 2019 and 2022, the research finds it takes the average organization 105 days to discover and disclose an incident from the date it occurred.

Continue reading →

Samsung appears to have fallen victim to a serious security breach if the leaks from data extortion group Lapsus$ are anything to go by.

Amounting to a colossal 190GB of data, the group says it has in its possession Samsung source code and other confidential company data. It is just days since the Lapsus$ claimed responsibility for a hack that resulted in data being stolen and leaked from data stolen from GPU chipmaker NVIDIA.

Continue reading →

According to a new report from SpyCloud, 70 percent of breached passwords are still in use and 64 percent of consumers repeat passwords across multiple accounts.

Researchers identified 1.7 billion exposed credentials, a 15 percent increase from 2020, and 13.8 billion recaptured personal identifiable information (PII) records obtained from breaches in 2021.

Continue reading →

Ransomware itself is bad enough, but 83 percent of successful ransomware attacks now include alternative extortion methods according to a survey by machine identity company Venafi.

Popular techniques include using the stolen data to extort customers (38 percent), exposing data on the dark web (35 percent), and informing customers that their data has been stolen (32 percent).

Continue reading →

The number of major data leak incidents as a result of exposed credentials rose by 50 percent in 2021 according to a new report.

The 2021 industry report from CybelAngel finds data leaks are the most common digital risk faced by enterprise customers, with leaks overall showing a 63 percent year-on-year growth.

Continue reading →

Data breaches not only lead to a loss of reputation and drive customers elsewhere, they also have a significant financial cost.

A new study from Surfshark applies IBM's 'Cost of a Data Breach' calculations to the largest data breaches of the last two years in order to find the estimated cost of some of the biggest data breaches.

Continue reading →

Digital supply chain breaches are becoming more common, as supply chains increase in complexity so the attack surface grows and even smaller businesses can have complex webs of connections.

But how do supply chain breaches impact businesses? And what can they do to cut the risk? We spoke to Jeremy Hendy, CEO of digital risk protection specialist Skurio, to find out.

Continue reading →

The Internet Society (ISOC) is one of the oldest and most important international non-profit organizations related to the internet, but that doesn't make it immune to problems and it's revealed today that ISOC members' details have been exposed in a data security breach

Independent cybersecurity researcher Bob Diachenko, in collaboration with cybersecurity company Clario, discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details of ISOC members.

Continue reading →