Data security breaches
- September 23, 2016
Yahoo confirmed it was the victim of one of the largest breaches in history two years ago, when information on at least 500 million user accounts was stolen.
- August 17, 2016
A PGP short ID collision attack on the creator of Linux brings to light a flaw that experts have known about for years with short ID keys.
- August 15, 2016
Following an embarrassing data breach, the Democratic National Committee has formed a cybersecurity advisory board, but experts have questioned the pedigree of board members.
- August 09, 2016
Oracle's MICROS PoS systems breached, possibly by Carbanak cybergang; Oracle issues mandatory password reset for customers.
- July 15, 2016
The EU-U.S. Privacy Shield framework takes effect, replacing Safe Harbor for transatlantic data flows; U.S. beefs up Cyber Command.
- June 29, 2016
Nearly 10 million patient records have been posted for sale on a dark web market, putting the personally identifiable information of many at risk for abuse.
- June 21, 2016
Computer maker Acer was hit by a customer data breach of its e-commerce website, leaving approximately 34,500 customers' contact and payment information exposed for about a year.
- June 09, 2016
A rash of TeamViewer hacks has led to confusion concerning what the issues are and who is responsible for user security in this case.
- May 13, 2016
Roundup: Google experiences an insider data breach, but the data leakage is cleaned up by a conscientious benefits manager. Plus, the FDIC reports five 'major' incidents, and more.
- May 12, 2016
The new Privacy Shield framework for transatlantic data flows faces challenges from Article 29 Working Party criticism, as well as U.S. changes to Rule 41 for computer searches.
- May 11, 2016
Representatives in Congress have received a ransomware warning following an increased number of attacks perpetrated via phishing schemes.
- April 26, 2016
The 2016 Verizon DBIR skimps on data breach analysis and instead focuses on common issues, such as phishing, vulnerability management and access controls, which are still befuddling IT pros.
- March 29, 2016
Krebs on Security reports 1.5 million customer contact records were swiped from Verizon Enterprise Solutions and offered for sale on Dark Web; customers are at risk for phishing attacks.
- March 11, 2016
News roundup: DROWN attack affects millions of servers with an SSLv2 vulnerability; the Home Depot breach lawsuit settlement is pending; and Chinese smartphone-maker ZTE is sanctioned.
- February 05, 2016
Roundup: A new report may explain China's cyber targeting of health insurers. Plus, malware activity shows a big rise at year-end; more software vulnerabilities were reported.
- December 29, 2015
A mysterious voter database containing 191 million voter registration records found last week was online for over a week, with few clues as to who is responsible.
- December 04, 2015
News roundup: Chinese hacking activity drops in advance of US-China cyber talks, Australia blames China for major breach, mature malware, National Security Letter unveiled, and more.
- December 04, 2015
Hackers arrested by the Chinese government are allegedly the criminals behind the OPM breach, but experts want more evidence before trusting China.
- October 09, 2015
News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.
- September 25, 2015
News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.
- September 22, 2015
An internal report on Target's breach, obtained by security reporter Brian Krebs, shows the retailer suffered from major security flaws.
- September 17, 2015
There is a growing concern for cyberespionage in U.S. after a financially motivated hacker group stole inside information to make millions from insider trading schemes.
- September 11, 2015
The U.S. Department of Energy became the latest government cyberattack victim after a report disclosed the agency had suffered more than 1,000 cyberattacks in a four-year span.
- September 03, 2015
The contract for identity theft and credit protection services for OPM breach victims has been awarded, but protection notifications will not be going out to OPM victims until later this month.
- September 01, 2015
Why no one should have been surprised by the massive government Office of Personnel Management data hack.
- August 13, 2015
Bitdefender suffered a data breach in which a hacker stole a small number of unencrypted usernames and passwords for active customers. The hacker then demanded $15,000 in ransom.
- August 12, 2015
The Darkhotel advanced persistent threat group used an Adobe Flash zero-day vulnerability from the Hacking Team data leak, according to Kaspersky research.
- August 07, 2015
News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.
- July 29, 2015
Sources claim the same Chinese hackers are behind the attacks on United Airlines, Anthem Health Services and the U.S. Office of Personnel Management.
- July 27, 2015
The U.S. Census Bureau admits that it was attacked and had data exfiltrated from its systems. One expert says this latest government data breach is another example that federal systems are not safe from attack.
- July 10, 2015
Investigators for the OPM data breach find that 21.5 million personal records were stolen in the attack, including 1.1 million fingerprints. The White House is still considering its response.
- July 06, 2015
Controversial Italian surveillance software firm, Hacking Team, was attacked, resulting in a 400 GB leak of sensitive data. The response from the Hacking Team was threatening, but may have been part of the attack.
- June 25, 2015
The OPM director told a Senate hearing that passwords stolen from a contractor led to the OPM breach. Now, her job is on the line and the number of breached records could be on the rise.
- June 15, 2015
As the estimated number of current and former federal employees affected by the OPM data breach triples, the White House pushes new government cybersecurity changes to avoid another breach.
- June 11, 2015
As the focus of security moves to detection and response, a new product aims to find stolen corporate data within seconds or minutes of a data breach occurring by crawling the dark Web, but one expert questions the need for such a product.
- June 05, 2015
The FBI is investigating a government data breach in which up to 4 million records may have been stolen and China-based hackers are the prime suspects, but the efficacy of the DHS EINSTEIN defense system has been put under question.
- June 05, 2015
News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?
- May 29, 2015
A breach of the IRS' Internet tax form service "Get Transcript" exposed the personal information and tax filings of thousands of people.
- May 29, 2015
News roundup: Cybersecurity is finally garnering attention at the boardroom table, but not necessarily for the right reasons. Plus: Ponemon's "Cost of Data Breach"; D-Link vulnerabilities; NitlovePOS; bad bots.
- April 24, 2015
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.
- April 23, 2015
Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered.
- April 14, 2015
A '60 Minutes' interview Sunday revealed that not only did Sony Pictures fall victim to well-known, off-the-shelf malware, but that the attackers also destroyed thousands of computers and servers after stealing the data.
- April 14, 2015
In its 2015 Data Breach Investigations Report, Verizon debuts data breach cost estimates based on newly available data, and also advocates for better threat intelligence sharing among different industries facing common threats.
- April 10, 2015
News roundup: Technology and security acquisitions have seen some healthy activity in 2015, driven by two key trends. Plus: 75% of users aren't vulnerable to Heartbleed?; White House hack tied to phishing; first state digital ID law.
- March 20, 2015
News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.
- March 02, 2015
Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.
- February 27, 2015
News roundup: Data breaches aren't associated with soaring stock prices, but recent examples show breaches may boost stocks. Plus: Gemalto confirms possibility of GHCQ/NSA hack; Target breach costs company $162 million; Superfish swims on.
- January 21, 2015
The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.
- January 16, 2015
News roundup: Recently discovered firmware flaws highlight the challenges posed by hardware security. Plus: Heartland's breach warranty; RSA's overhaul; and Download.com's app (in)security.
- January 09, 2015
News roundup: The FBI maintains North Korea was behind the Sony Pictures hack, in spite of naysayers. Plus: Malware campaign attributed to Russia; new Mac OS X bootkit; cyberattack causes physical damage.
- January 06, 2015
Research from IBM indicates cyberattackers are going after retailers with surgical precision, using fewer attack attempts yet frequently compromising vulnerable databases.
- September 19, 2014
Home Depot said late Thursday that its recent breach involving 56 million payment cards was the result of custom-built malware, and that the company has since rolled out new POS encryption technology.
- September 05, 2014
News roundup: The recent Goodwill security breach has been blamed on a third-party service provider, highlighting the need for due diligence. Plus: Mobile device theft; Android app vulnerabilities and a 12-year-long cyber-espionage network.
- September 03, 2014
Apple's decision to not extend its two-factor authentication security mechanism to all iCloud services may leave users more vulnerable to attacks
- January 28, 2014
The Online Trust Alliance marks Data Privacy Day with events to help enterprises plan for inevitable data protection and privacy incidents.
- January 10, 2014
Updated details on the Target breach show a much greater scope than originally announced, and reveal its Q4 finances were hurt by related charges.
- October 28, 2013
The fifth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
- September 10, 2013
Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
- November 21, 2012
A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.
- June 24, 2009
The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states.
- March 19, 2008
Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.
- March 19, 2008
The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.
- March 18, 2008
The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.
- May 07, 2007
The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.
- January 18, 2007
Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner.
- November 28, 2005
A trial attorney with the Department of Justice offers an inside look at Operation Firewall, the 18-month investigation that nabbed a network of thieves responsible for 1.7 million credit card thefts.
- August 31, 2005
LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks.