News

Data security breaches

• September 23, 2016 23 Sep'16

  Yahoo breach leaves 500 million accounts compromised

  Yahoo confirmed it was the victim of one of the largest breaches in history two years ago, when information on at least 500 million user accounts was stolen.

• August 17, 2016 17 Aug'16

  PGP collision attack on Linux creator highlights flaws with short IDs

  A PGP short ID collision attack on the creator of Linux brings to light a flaw that experts have known about for years with short ID keys.

• August 15, 2016 15 Aug'16

  DNC forms cybersecurity advisory board after breach

  Following an embarrassing data breach, the Democratic National Committee has formed a cybersecurity advisory board, but experts have questioned the pedigree of board members.

• August 09, 2016 09 Aug'16

  Oracle MICROS breached, password reset recommended

  Oracle's MICROS PoS systems breached, possibly by Carbanak cybergang; Oracle issues mandatory password reset for customers.

• July 15, 2016 15 Jul'16

  EU member states approve EU-U.S. Privacy Shield data flow framework

  The EU-U.S. Privacy Shield framework takes effect, replacing Safe Harbor for transatlantic data flows; U.S. beefs up Cyber Command.

• June 29, 2016 29 Jun'16

  Nearly 10 million hospital patient records for sale on dark web market

  Nearly 10 million patient records have been posted for sale on a dark web market, putting the personally identifiable information of many at risk for abuse.

• June 21, 2016 21 Jun'16

  Acer's e-commerce website hit by a customer data breach

  Computer maker Acer was hit by a customer data breach of its e-commerce website, leaving approximately 34,500 customers' contact and payment information exposed for about a year.

• June 09, 2016 09 Jun'16

  TeamViewer hacks have everyone placing blame

  A rash of TeamViewer hacks has led to confusion concerning what the issues are and who is responsible for user security in this case.

• May 13, 2016 13 May'16

  Google insider data breach exposed employee personal info

  Roundup: Google experiences an insider data breach, but the data leakage is cleaned up by a conscientious benefits manager. Plus, the FDIC reports five 'major' incidents, and more.

• May 12, 2016 12 May'16

  EU regulatory critics, Rule 41 pose threat to Privacy Shield

  The new Privacy Shield framework for transatlantic data flows faces challenges from Article 29 Working Party criticism, as well as U.S. changes to Rule 41 for computer searches.

• May 11, 2016 11 May'16

  Ransomware warning issued to Congress following attack

  Representatives in Congress have received a ransomware warning following an increased number of attacks perpetrated via phishing schemes.

• April 26, 2016 26 Apr'16

  Verizon DBIR 2016 shows we haven't learned how to improve security

  The 2016 Verizon DBIR skimps on data breach analysis and instead focuses on common issues, such as phishing, vulnerability management and access controls, which are still befuddling IT pros.

• March 29, 2016 29 Mar'16

  Report: 1.5 million Verizon Enterprise customer records stolen

  Krebs on Security reports 1.5 million customer contact records were swiped from Verizon Enterprise Solutions and offered for sale on Dark Web; customers are at risk for phishing attacks.

• March 11, 2016 11 Mar'16

  DROWN attack: TLS under fire again

  News roundup: DROWN attack affects millions of servers with an SSLv2 vulnerability; the Home Depot breach lawsuit settlement is pending; and Chinese smartphone-maker ZTE is sanctioned.

• February 05, 2016 05 Feb'16

  Researchers offer motive behind China cyberattacks

  Roundup: A new report may explain China's cyber targeting of health insurers. Plus, malware activity shows a big rise at year-end; more software vulnerabilities were reported.

• December 29, 2015 29 Dec'15

  Open database exposes 191 million voter registration records

  A mysterious voter database containing 191 million voter registration records found last week was online for over a week, with few clues as to who is responsible.

• December 04, 2015 04 Dec'15

  First-ever high-level talks on US-China cyber issues

  News roundup: Chinese hacking activity drops in advance of US-China cyber talks, Australia blames China for major breach, mature malware, National Security Letter unveiled, and more.

• December 04, 2015 04 Dec'15

  Alleged OPM breach hackers arrested by Chinese government

  Hackers arrested by the Chinese government are allegedly the criminals behind the OPM breach, but experts want more evidence before trusting China.

• October 09, 2015 09 Oct'15

  Safe Harbor agreement invalid: Privacy win or enterprise woe?

  News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.

• September 25, 2015 25 Sep'15

  OPM breach widens to 5.6 million fingerprint records

  News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.

• September 22, 2015 22 Sep'15

  Internal report on Target data breach reveals glaring security holes

  An internal report on Target's breach, obtained by security reporter Brian Krebs, shows the retailer suffered from major security flaws.

• September 17, 2015 17 Sep'15

  Hacker groups shifting to corporate cyberespionage schemes

  There is a growing concern for cyberespionage in U.S. after a financially motivated hacker group stole inside information to make millions from insider trading schemes.

• September 11, 2015 11 Sep'15

  Department of Energy latest victim of a government data breach

  The U.S. Department of Energy became the latest government cyberattack victim after a report disclosed the agency had suffered more than 1,000 cyberattacks in a four-year span.

• September 03, 2015 03 Sep'15

  OPM breach protection services on the way for 21.5M victims

  The contract for identity theft and credit protection services for OPM breach victims has been awarded, but protection notifications will not be going out to OPM victims until later this month.

• September 01, 2015 01 Sep'15

  Warnings, neglect and a massive OPM data breach

  Why no one should have been surprised by the massive government Office of Personnel Management data hack.

• August 13, 2015 13 Aug'15

  Bitdefender hack the latest cyberattack on security vendors

  Bitdefender suffered a data breach in which a hacker stole a small number of unencrypted usernames and passwords for active customers. The hacker then demanded $15,000 in ransom.

• August 12, 2015 12 Aug'15

  Darkhotel APT found using Hacking Team Flash zero-day in exploits

  The Darkhotel advanced persistent threat group used an Adobe Flash zero-day vulnerability from the Hacking Team data leak, according to Kaspersky research.

• August 07, 2015 07 Aug'15

  ICANN breached, members' encrypted passwords stolen

  News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.

• July 29, 2015 29 Jul'15

  The same Chinese hackers linked to United, Anthem and OPM breaches

  Sources claim the same Chinese hackers are behind the attacks on United Airlines, Anthem Health Services and the U.S. Office of Personnel Management.

• July 27, 2015 27 Jul'15

  Another government data breach: U.S. Census Bureau admits to hack

  The U.S. Census Bureau admits that it was attacked and had data exfiltrated from its systems. One expert says this latest government data breach is another example that federal systems are not safe from attack.

• July 10, 2015 10 Jul'15

  OPM hackers stole 21.5 million records, 1.1 million fingerprints

  Investigators for the OPM data breach find that 21.5 million personal records were stolen in the attack, including 1.1 million fingerprints. The White House is still considering its response.

• July 06, 2015 06 Jul'15

  Hacking Team internal documents released after massive data breach

  Controversial Italian surveillance software firm, Hacking Team, was attacked, resulting in a 400 GB leak of sensitive data. The response from the Hacking Team was threatening, but may have been part of the attack.

• June 25, 2015 25 Jun'15

  Stolen passwords to blame for OPM breach; director may take the fall

  The OPM director told a Senate hearing that passwords stolen from a contractor led to the OPM breach. Now, her job is on the line and the number of breached records could be on the rise.

• June 15, 2015 15 Jun'15

  White House pushes government cybersecurity changes

  As the estimated number of current and former federal employees affected by the OPM data breach triples, the White House pushes new government cybersecurity changes to avoid another breach.

• June 11, 2015 11 Jun'15

  Dark Web scanner promises to cut data breach detection time to seconds

  As the focus of security moves to detection and response, a new product aims to find stolen corporate data within seconds or minutes of a data breach occurring by crawling the dark Web, but one expert questions the need for such a product.

• June 05, 2015 05 Jun'15

  Government data breach puts EINSTEIN defense system under question

  The FBI is investigating a government data breach in which up to 4 million records may have been stolen and China-based hackers are the prime suspects, but the efficacy of the DHS EINSTEIN defense system has been put under question.

• June 05, 2015 05 Jun'15

  Facebook, Google, Mozilla raise the bar with new user privacy controls

  News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?

• May 29, 2015 29 May'15

  IRS breach shows the importance of PII security

  A breach of the IRS' Internet tax form service "Get Transcript" exposed the personal information and tax filings of thousands of people.

• May 29, 2015 29 May'15

  Cybersecurity threat discussion (finally) in boardroom

  News roundup: Cybersecurity is finally garnering attention at the boardroom table, but not necessarily for the right reasons. Plus: Ponemon's "Cost of Data Breach"; D-Link vulnerabilities; NitlovePOS; bad bots.

• April 24, 2015 24 Apr'15

  NIST wants help building the one ID proofing system to rule them all

  The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.

• April 23, 2015 23 Apr'15

  Effective data breach response plans hinge on human preparedness

  Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered.

• April 14, 2015 14 Apr'15

  Sony Pictures hack used easily available malware, destroyed computers

  A '60 Minutes' interview Sunday revealed that not only did Sony Pictures fall victim to well-known, off-the-shelf malware, but that the attackers also destroyed thousands of computers and servers after stealing the data.

• April 14, 2015 14 Apr'15

  Verizon DBIR 2015 tackles data breach cost predictions

  In its 2015 Data Breach Investigations Report, Verizon debuts data breach cost estimates based on newly available data, and also advocates for better threat intelligence sharing among different industries facing common threats.

• April 10, 2015 10 Apr'15

  Tech, security M&A activity booms thanks to mobile, cloud

  News roundup: Technology and security acquisitions have seen some healthy activity in 2015, driven by two key trends. Plus: 75% of users aren't vulnerable to Heartbleed?; White House hack tied to phishing; first state digital ID law.

• March 20, 2015 20 Mar'15

  At 2015 Pwn2Own competition, browser exploits in the spotlight

  News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.

• March 02, 2015 02 Mar'15

  Uber database breach source of stolen driver information

  Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.

• February 27, 2015 27 Feb'15

  Data breach consequences: Get breached, make money?

  News roundup: Data breaches aren't associated with soaring stock prices, but recent examples show breaches may boost stocks. Plus: Gemalto confirms possibility of GHCQ/NSA hack; Target breach costs company $162 million; Superfish swims on.

• January 21, 2015 21 Jan'15

  Report: More than 90% of 2014 data breaches could have been prevented

  The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.

• January 16, 2015 16 Jan'15

  Hardware security issues prove tough to find, harder to fix

  News roundup: Recently discovered firmware flaws highlight the challenges posed by hardware security. Plus: Heartland's breach warranty; RSA's overhaul; and Download.com's app (in)security.

• January 09, 2015 09 Jan'15

  Sony Pictures hack recap: Experts debate North Korea's role

  News roundup: The FBI maintains North Korea was behind the Sony Pictures hack, in spite of naysayers. Plus: Malware campaign attributed to Russia; new Mac OS X bootkit; cyberattack causes physical damage.

• January 06, 2015 06 Jan'15

  IBM: Retail cyberattacks become less frequent, but more effective

  Research from IBM indicates cyberattackers are going after retailers with surgical precision, using fewer attack attempts yet frequently compromising vulnerable databases.

• September 19, 2014 19 Sep'14

  Home Depot data breach update: 56 million cards confirmed stolen

  Home Depot said late Thursday that its recent breach involving 56 million payment cards was the result of custom-built malware, and that the company has since rolled out new POS encryption technology.

• September 05, 2014 05 Sep'14

  Goodwill breach highlights need for service provider due diligence

  News roundup: The recent Goodwill security breach has been blamed on a third-party service provider, highlighting the need for due diligence. Plus: Mobile device theft; Android app vulnerabilities and a 12-year-long cyber-espionage network.

• September 03, 2014 03 Sep'14

  Apple two-factor authentication fail leaves iCloud users vulnerable

  Apple's decision to not extend its two-factor authentication security mechanism to all iCloud services may leave users more vulnerable to attacks

• January 28, 2014 28 Jan'14

  On Data Privacy Day, OTA highlights need for data protection policy

  The Online Trust Alliance marks Data Privacy Day with events to help enterprises plan for inevitable data protection and privacy incidents.

• January 10, 2014 10 Jan'14

  Target breach update: Information on up to 70 million customers stolen

  Updated details on the Target breach show a much greater scope than originally announced, and reveal its Q4 finances were hurt by related charges.

• October 28, 2013 28 Oct'13

  Software [In]security: BSIMM-V does a number on secure software dev

  The fifth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.

• September 10, 2013 10 Sep'13

  Opinion: Software [in]security -- software flaws in application architecture

  Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.

• November 21, 2012 21 Nov'12

  Phishing attack, stolen credentials sparked South Carolina breach

  A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.

• June 24, 2009 24 Jun'09

  TJX to pay $9.75 million for data breach investigations

  The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states.

• March 19, 2008 19 Mar'08

  Misconfiguration issues could have contributed to Hannaford breach

  Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.

• March 19, 2008 19 Mar'08

  The pros and cons of data breach insurance

  The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.

• March 18, 2008 18 Mar'08

  Hannaford breach illustrates need to have a survival plan

  The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.

• May 07, 2007 07 May'07

  TJX breach tied to Wi-Fi exploits

  The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.

• January 18, 2007 18 Jan'07

  Did TJX take the right steps after data breach?

  Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner.

• November 28, 2005 28 Nov'05

  Busted: The inside story of 'Operation Firewall'

  A trial attorney with the Department of Justice offers an inside look at Operation Firewall, the 18-month investigation that nabbed a network of thieves responsible for 1.7 million credit card thefts.

• August 31, 2005 31 Aug'05

  Myfip's Titan Rain connection

  LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks.