Data security breaches
- May 29, 2020
Threat actors exploited critical SaltStack flaws, which were disclosed and patched last month, in a Cisco product to breach several of the networking company's salt-master servers.
- May 19, 2020
The 2020 Verizon Data Breach Investigations Report showed the number of confirmed breaches last year nearly doubled, but it also highlighted some positive trends.
- May 12, 2020
Threat intelligence firm Risk Based Security released its 2020 Q1 Report, which shows a 273 percent increase in exposed records and 42 percent decrease in publicly reported breaches.
- May 07, 2020
Researchers at cybersecurity vendor TurgenSec discovered an exposed database owned by Advanced Computer Software that contained legal documents with data from 190 law firms.
- May 05, 2020
SaltStack patched two critical vulnerabilities in its software last week, but hackers used the flaws over the weekend to breach several unpatched networks and systems.
- March 24, 2020
Canon Business Process Services was breached last month, according to an announcement by General Electric, which used Canon for employee document processing.
- March 09, 2020
Security researchers behind the Meltdown and Spectre flaws discovered new side channel attacks on AMD processors, but the chipmaker has opted not to patch them.
- February 10, 2020
Four members of China's military have been charged for hacking Equifax following a 2017 breach that compromised nearly 150 million Americans' personal information.
- January 30, 2020
Payment card information from customers of the convenience store chain Wawa has reportedly gone up for sale on the dark web, though questions about the breach remain.
- January 21, 2020
Here is a list of 10 of the largest data breaches (mostly) from the second half of 2019, including DoorDash, T-Mobile, Capital One and more.
- December 05, 2019
A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack and earned a bug bounty for their efforts.
- November 14, 2019
InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program.
- November 12, 2019
For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements.
- November 04, 2019
Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation.
- October 03, 2019
Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details.
- September 27, 2019
The New York attorney general filed a lawsuit against Dunkin' Brands regarding attacks dating back to 2015 and alleges the company failed to respond or notify victims properly.
- August 29, 2019
The alleged Capital One hacker, Paige Thompson, was charged with additional counts of fraud and abuse for stealing data from more than 30 other organizations.
- August 05, 2019
Infosec pros warn of server-side request forgery vulnerabilities in AWS following the Capital One data breach, which may have revealed an issue regarding the AWS metadata service.
- August 02, 2019
History from a Slack channel run by the Capital One data breach suspect points to data stolen from more organizations, but no evidence of other attacks has been found yet.
- July 30, 2019
The FBI arrested a former AWS engineer who allegedly stole data for more than 100 million Capital One customers and credit card applications, thanks to a misconfigured firewall.
- July 30, 2019
Enterprises have disclosed a number of significant data breaches in the first half of 2019. Here's a look at some of the biggest and most notable breaches so far this year.
- July 24, 2019
An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen.
- July 22, 2019
Under the settlement with the FTC and state attorneys general, Equifax will fork over at least $575 million in civil penalties and provide credit monitoring services to consumers.
- July 16, 2019
Facebook will reportedly be hit with a $5 billion fine by the FTC following an investigation into multiple privacy issues, and experts said other enterprises should take note.
- March 25, 2019
FEMA's data exposure is another high-profile example of accidental data disclosures -- a trend that has some security experts calling for more focus on failed security controls.
- January 29, 2019
A security researcher found more than 2,000 exposed MongoDB databases that revealed a backdoor-access account operated by the Russian government, according to a report from ZDNet.
- January 10, 2019
This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients.
- January 08, 2019
Marriott's data breach affected fewer customers than the hotel giant originally estimated, but the breach exposed millions of unencrypted passport numbers.
- January 04, 2019
News roundup: Data Resolution claimed the Ryuk ransomware attack on its systems originated from North Korea. Plus, the EU is set to launch 14 open source bug bounties, and more.
- December 19, 2018
This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it.
- December 17, 2018
The Marriott Starwood data breach exposed half a billion customers' data, but the hospitality giant seems to have learned from recent megabreaches that the standard response to a breach can be the ...
- November 30, 2018
Marriott International admitted to a Starwood data breach that began in 2014 and affects about 500 million customers. Experts are unsure about the GDPR implications.
- November 30, 2018
A new study from the Ponemon Institute shows enterprises are underestimating the value of their data, including critical and confidential information assets.
- November 29, 2018
Dell provided some information about a "potential cybersecurity incident" earlier this month, but it's unclear how the company and customers should be reacting.
- November 27, 2018
The U.S. Postal Service inadvertently exposed the data of 60 million users and has only just fixed the underlying website flaw, despite being notified of the issue one year ago.
- November 20, 2018
Researchers at Recorded Future identified the individual behind the notorious Tessa88 hacker handle, but it's unclear what role he played in the LinkedIn and Myspace breaches.
- November 16, 2018
News roundup: Three years after the OPM data breach, the agency still hasn't implemented basic security. Plus, seven new Meltdown, Spectre attacks were uncovered, and more.
- October 26, 2018
News roundup: The Yahoo data breach will cost the company another $50 million in a settlement deal. Plus, Check Point acquired cloud security company Dome9, and more.
- October 25, 2018
This week's Risk & Repeat podcast discusses new developments regarding Facebook's recent data breach, as well as the social networking giant's response to the incident.
- October 19, 2018
News roundup: The Facebook hack was the work of spammers, according to The Wall Street Journal. Plus, 35 million voter records are for sale on the dark web, and more.
- October 02, 2018
Facebook's GDPR consequences are still up in the air following a data breach, as Irish regulators are waiting on more information before determining if the social network will face a fine.
- September 21, 2018
A State Department data breach involving the agency's unclassified email system may have been due to a lack of multi-factor authentication, according to one expert.
- September 20, 2018
Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years.
- September 14, 2018
The Government Accountability Office investigated the Equifax data breach, but the GAO's report leaves out several important points about the infamous incident.
- September 14, 2018
News roundup: The British Airways data breach may be the handiwork of hacking group Magecart, according to researchers. Plus, hacker Guccifer will be extradited to U.S., and more.
- September 12, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office's report on the Equifax breach and the questions it raises.
- August 31, 2018
News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more.
- July 31, 2018
A Yale University data breach from 2008 was only just discovered, and the school has released details on the compromised information, including Social Security numbers.
- July 27, 2018
News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more.
- July 26, 2018
The Ponemon Institute's '2018 Cost of a Data Breach Study' details a rise in data breaches with a look at mega breaches and why U.S. companies experience the greatest loss.
- May 17, 2018
Following news that it provides near real-time location data to law enforcement without warrants, a Securus hack exposed information on those law enforcement customers.
- April 20, 2018
News roundup: A misconfigured Amazon S3 bucket led to the exposure of 48 million records collected by a private data analytics firm. Plus, PCI SSC updated its cloud guidelines, and more.
- April 17, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more.
- March 16, 2018
News roundup: A CIO has been charged with insider trading after the Equifax data breach. Plus, Trump blocked Broadcom's acquisition of Qualcomm, and more.
- March 06, 2018
The massive Equifax data breach affected even more people. The startling total is now 147.9 million U.S. consumers who had their information stolen by hackers.
- February 21, 2018
Cloud security vendor RedLock discovered threat actors had gained access to several enterprise cloud environments, including Tesla's, and used them for cryptojacking schemes.
- February 14, 2018
The Equifax breach compromised even more consumer data, including tax identification numbers, than originally reported. But the credit rating agency didn't disclose the update.
- January 12, 2018
News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again. Plus, a former NSA contractor pleads guilty to stealing government data, and more.
- January 05, 2018
News roundup: A DHS data breach exposed PII of 250,000 federal employees, as well as investigative data from 2002 to 2014. Plus, a new bill aims to nix paperless voting, and more.
- December 28, 2017
Data breach fatigue should be put on hold after the Equifax data breach and Uber hack taught us painful lessons about enterprise security shortcomings.
- December 22, 2017
News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more.
- December 15, 2017
News roundup: Data breach information is kept from customers 50% of the time, according to a report. Plus, the FBI director continues to preach against encryption, and more.
- December 12, 2017
A massive repository containing more than 1.4 billion stolen credentials was found on the dark web with special features for malicious actors.
- December 08, 2017
News roundup: The man responsible for the 2016 Uber data breach is a 20-year-old from Florida. Plus, Ethiopia reportedly targeted dissidents with Israeli spyware, and more.
- December 07, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.
- December 01, 2017
Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers.
- November 30, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure.
- November 22, 2017
The Uber data breach episode is another black eye for the ride sharing company, but the cover up raises troubling implications for the infosec community.
- November 10, 2017
News roundup: Following the massive Equifax breach, the CEO said he doesn't know if customer data is encrypted or not. Plus, flaws were found in IEEE's P1735 standard, and more.
- October 20, 2017
The Kaspersky controversy continued this week as the antivirus company responded to several explosive news stories about its relationship with the Russian government.
- October 20, 2017
News roundup: Former employees reveal a 2013 database breach exposed Microsoft's bug tracking system, DHS sets new rules for federal agencies on web, email security, and more.
- October 11, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the expanding scope of the Equifax and Yahoo breaches and the long-term effects of these major security incidents.
- October 07, 2017
An NSA contractor became the target of a cyberattack after storing agency spying software on a personal device, and this NSA breach has caused a rise in fears regarding Russia.
- September 29, 2017
News roundup: During the Deloitte hack, attackers had access to client data and internal email servers. Plus, the U.S. asks China not to enforce its Cybersecurity Law, and more.
- September 21, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors continue discussing the Equifax data breach and examine new details about an Apache Struts flaw tied to the attack.
- September 13, 2017
Experts criticized the Equifax breach response as insufficient, given the size and scope of the data loss, and they said the company was likely not prepared for such an incident.
- September 13, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors tackle the massive Equifax data breach and how the credit bureau's response to the security incident is creating more problems.
- September 08, 2017
A massive Equifax breach, which was discovered in July, exposed the personal information, including names, birth dates and Social Security numbers, of 143 million Americans.
- August 17, 2017
Danish shipping giant A.P. Moller-Maersk said the NotPetya ransomware attacks severely damaged business processes and the impact has been estimated at as much as $300 million in lost revenue.
- July 28, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them.
- July 18, 2017
Dow Jones becomes the latest organization to be affected by an AWS cloud data leakage due to misconfiguration and user error.
- May 26, 2017
News roundup: The Target settlement following the 2013 data beach requires the company to adopt a stronger security program. Plus, experts knock the FCC's DDoS claim, and more.
- March 21, 2017
FBI Director James Comey confirmed the bureau is investigating the Trump campaign's ties to the Russian government and election cyberattacks such as the DNC breach.
- March 03, 2017
Cloudflare security researchers continue investigations as CEO calms fears over potential exposure of sensitive personal data by the Cloudbleed bug, though doubts remain.
- March 02, 2017
A new SEC filing details who knew about the major Yahoo security breach in 2014, but experts are confused by the repercussions of the announcement.
- February 24, 2017
The Cloudflare bug in CDN is fixed after causing sensitive customer data to leak. Google Project Zero discovered the flaw, and users were warned to change passwords.
- December 22, 2016
Yahoo breach data from 1 billion users was sold to multiple groups on the deep web and questionable breach reporting kept Yahoo from informing users for months.
- December 15, 2016
A second Yahoo breach was disclosed, with more than 1 billion accounts compromised and users left at risk of further attacks for three years.
- November 21, 2016
In its first move following the Blue Coat Systems merger, Symantec agreed to acquire identity protection firm LifeLock for $2.3 billion to bolster its consumer security business.
- November 15, 2016
Experts debated various aspects of password security in the aftermath of the FriendFinder Network breach, which left 400 million user accounts exposed.
- November 11, 2016
Adobe agreed to pay several states a total of $1 million and agreed to new compliance measures as part of a settlement over the company's 2013 data breach.
- September 29, 2016
The Yahoo breach was the largest in history and the fallout is widespread, including a lawsuit, possible SEC investigation and questions about Yahoo's breach detection and response.
- September 23, 2016
Yahoo confirmed it was the victim of one of the largest breaches in history two years ago, when information on at least 500 million user accounts was stolen.
- August 17, 2016
A PGP short ID collision attack on the creator of Linux brings to light a flaw that experts have known about for years with short ID keys.
- August 15, 2016
Following an embarrassing data breach, the Democratic National Committee has formed a cybersecurity advisory board, but experts have questioned the pedigree of board members.
- August 09, 2016
Oracle's MICROS PoS systems breached, possibly by Carbanak cybergang; Oracle issues mandatory password reset for customers.
- July 15, 2016
The EU-U.S. Privacy Shield framework takes effect, replacing Safe Harbor for transatlantic data flows; U.S. beefs up Cyber Command.
- June 29, 2016
Nearly 10 million patient records have been posted for sale on a dark web market, putting the personally identifiable information of many at risk for abuse.
- June 21, 2016
Computer maker Acer was hit by a customer data breach of its e-commerce website, leaving approximately 34,500 customers' contact and payment information exposed for about a year.
- June 09, 2016
A rash of TeamViewer hacks has led to confusion concerning what the issues are and who is responsible for user security in this case.