Data security breaches
Get the latest information on enterprise security data breaches. Learn about data breach laws and regulations, best practices for data breach notification and response plans, the risks of exposed corporate data and personally identifiable information.
Top Stories
-
Feature
05 Nov 2021
The 10 most common ERP security issues and ways to fix them
Today's ERP systems are exposed like never before. Learn about the most common ERP security issues companies are facing and how IT and security teams can address them. Continue Reading
-
News
28 Oct 2021
Twitter details internal Yubico security key rollout
Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
-
News
03 Oct 2019
Zendesk breach in 2016 affected 10,000 customers
Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details. Continue Reading
-
News
27 Sep 2019
New York files lawsuit over Dunkin' breach response
The New York attorney general filed a lawsuit against Dunkin' Brands regarding attacks dating back to 2015 and alleges the company failed to respond or notify victims properly. Continue Reading
-
Answer
27 Sep 2019
Should I invest in attack simulation tools?
Attack simulation tools -- along with third-party penetration testing -- can help improve an organization's enterprise security. Find out why. Continue Reading
-
Answer
26 Sep 2019
When should I use breach and attack simulation tools?
Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure. Continue Reading
-
News
29 Aug 2019
Suspect in Capital One breach indicted for additional intrusions
The alleged Capital One hacker, Paige Thompson, was charged with additional counts of fraud and abuse for stealing data from more than 30 other organizations. Continue Reading
-
News
05 Aug 2019
Capital One hack highlights SSRF concerns for AWS
Infosec pros warn of server-side request forgery vulnerabilities in AWS following the Capital One data breach, which may have revealed an issue regarding the AWS metadata service. Continue Reading
-
News
02 Aug 2019
Capital One breach suspect may have hit other companies
History from a Slack channel run by the Capital One data breach suspect points to data stolen from more organizations, but no evidence of other attacks has been found yet. Continue Reading
-
News
02 Aug 2019
CloudKnox Security adds privileged access features to platform
CloudKnox Security updated its Cloud Security Platform with features such as Privilege-on-Demand, Auto-Remediation for Machine Identities and Anomaly Detection. Continue Reading
-
News
30 Jul 2019
2019 data breach disclosures: 10 of the biggest -- so far
Enterprises have disclosed a number of significant data breaches in the first half of 2019. Here's a look at some of the biggest and most notable breaches so far this year. Continue Reading
-
News
24 Jul 2019
Citrix breach blamed on poor password security
An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen. Continue Reading
-
News
22 Jul 2019
Equifax to pay up to $700 million in data breach settlement
Under the settlement with the FTC and state attorneys general, Equifax will fork over at least $575 million in civil penalties and provide credit monitoring services to consumers. Continue Reading
-
News
18 Jul 2019
Slack resets passwords possibly compromised in 2015 hack
Slack has reset passwords for 1% of users after uncovering new information regarding a 2015 hack of its systems. Continue Reading
-
News
16 Jul 2019
Experts: Facebook fine by FTC should be wake-up call for all
Facebook will reportedly be hit with a $5 billion fine by the FTC following an investigation into multiple privacy issues, and experts said other enterprises should take note. Continue Reading
-
Tip
28 Jun 2019
How to retool incident response best practices for the digital age
As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible. Continue Reading
-
Tip
28 May 2019
How to find an MSP to protect you from outsourcing IT risks
Check out what questions to ask MSPs to make sure they have the right security systems in place to protect your organization against outsourcing IT risks. Continue Reading
-
News
22 May 2019
Improved HR security may be why W-2 scams are down
HR's focus on better securing employee data may be working. In its annual data breach investigations report, Verizon found a dramatic decrease in the number of W-2 scam reports. Continue Reading
-
Feature
17 May 2019
Patch early, patch often to manage SAP exploit
In this Q&A, Onapsis CEO Mariano Nunez and SAP security head Tim McKnight discuss the recent SAP security system threat and what companies can do to protect systems and data. Continue Reading
-
Opinion
01 May 2019
Putting cybersecurity for healthcare on solid footing
CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
-
Feature
30 Apr 2019
How information sharing can reduce cybersecurity vulnerabilities
Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence. Continue Reading
-
News
08 Apr 2019
Data breach legislation proposes jail time for CIO, HR execs
Sen. Elizabeth Warren takes a swing at corporate negligence in new legislation that may create jail risk for the C-suite. The bill is unlikely to advance, however. Continue Reading
-
News
25 Mar 2019
FEMA data exposure affects 2.3 million disaster victims
FEMA's data exposure is another high-profile example of accidental data disclosures -- a trend that has some security experts calling for more focus on failed security controls. Continue Reading
-
Answer
12 Feb 2019
Should large enterprises add dark web monitoring to their security policies?
Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find. Continue Reading
-
Answer
07 Feb 2019
Is there a viable breach notification tool?
A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked. Continue Reading
-
Infographic
01 Feb 2019
Cutting SecOps breach response time is key to success
A new survey measures the success of security operations breach response by how long it takes to complete a three-step process to detect, understand and contain incidents. Continue Reading
-
News
29 Jan 2019
Insecure MongoDB databases expose Russian backdoor access
A security researcher found more than 2,000 exposed MongoDB databases that revealed a backdoor-access account operated by the Russian government, according to a report from ZDNet. Continue Reading
-
Podcast
10 Jan 2019
Risk & Repeat: What APT10 means for managed service providers
This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients. Continue Reading
-
News
08 Jan 2019
Marriott data breach exposed 5 million unencrypted passport numbers
Marriott's data breach affected fewer customers than the hotel giant originally estimated, but the breach exposed millions of unencrypted passport numbers. Continue Reading
-
News
04 Jan 2019
Cloud provider blames Ryuk ransomware for Christmas Eve attack
News roundup: Data Resolution claimed the Ryuk ransomware attack on its systems originated from North Korea. Plus, the EU is set to launch 14 open source bug bounties, and more. Continue Reading
-
Definition
29 Dec 2018
Peltzman Effect
The Peltzman Effect is the net-zero effect on overall safety between the presence of safety precautions and people’s tendency to be less cautious in their presence. Continue Reading
-
Answer
20 Dec 2018
Ticketmaster breach: How did this card skimming attack work?
The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack worked from Nick Lewis. Continue Reading
-
Podcast
19 Dec 2018
Risk & Repeat: Lessons from the Equifax breach report
This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it. Continue Reading
-
News
30 Nov 2018
Marriott discloses Starwood data breach affecting 500 million guests
Marriott International admitted to a Starwood data breach that began in 2014 and affects about 500 million customers. Experts are unsure about the GDPR implications. Continue Reading
-
News
30 Nov 2018
Ponemon study shows data valuation discrepancies in enterprises
A new study from the Ponemon Institute shows enterprises are underestimating the value of their data, including critical and confidential information assets. Continue Reading
-
News
27 Nov 2018
USPS website flaw exposed data for one year
The U.S. Postal Service inadvertently exposed the data of 60 million users and has only just fixed the underlying website flaw, despite being notified of the issue one year ago. Continue Reading
-
News
21 Nov 2018
Backer says U.S. Internet Bill of Rights will not follow EU model
Rep. Ro Khanna is on a mission to pass regulation that would shore up data privacy rights. But he's not looking to Europe's 'overprescriptive' approach for inspiration. Continue Reading
-
News
20 Nov 2018
Recorded Future names Tessa88 suspect in LinkedIn, Myspace breaches
Researchers at Recorded Future identified the individual behind the notorious Tessa88 hacker handle, but it's unclear what role he played in the LinkedIn and Myspace breaches. Continue Reading
-
News
16 Nov 2018
After 2015 OPM data breach, agency failed to update security
News roundup: Three years after the OPM data breach, the agency still hasn't implemented basic security. Plus, seven new Meltdown, Spectre attacks were uncovered, and more. Continue Reading
-
News
26 Oct 2018
Settlement in Yahoo data breach leaves company to pay $50M
News roundup: The Yahoo data breach will cost the company another $50 million in a settlement deal. Plus, Check Point acquired cloud security company Dome9, and more. Continue Reading
-
Podcast
25 Oct 2018
Risk & Repeat: Facebook breach raises regulatory questions
This week's Risk & Repeat podcast discusses new developments regarding Facebook's recent data breach, as well as the social networking giant's response to the incident. Continue Reading
-
Opinion
25 Oct 2018
Quantum supremacy and the path to encryption chaos
Widespread use of quantum computing isn't as far into the future as some might think. When it arrives, this powerful computing technology could turn IT security upside down. Continue Reading
-
News
19 Oct 2018
Facebook hack the work of spammers, not foreign adversary
News roundup: The Facebook hack was the work of spammers, according to The Wall Street Journal. Plus, 35 million voter records are for sale on the dark web, and more. Continue Reading
-
Answer
09 Oct 2018
How was Google Firebase security bypassed?
Google Firebase's inadequate back-end development led to data leaks and vulnerabilities, including HospitalGown. Learn more about this security flaw from expert Michael Cobb. Continue Reading
-
News
02 Oct 2018
Facebook GDPR fate uncertain following data breach
Facebook's GDPR consequences are still up in the air following a data breach, as Irish regulators are waiting on more information before determining if the social network will face a fine. Continue Reading
-
News
21 Sep 2018
State Department data breach exposes employee info
A State Department data breach involving the agency's unclassified email system may have been due to a lack of multi-factor authentication, according to one expert. Continue Reading
-
News
20 Sep 2018
GovPayNow leak exposes 14 million records dating back six years
Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years. Continue Reading
-
News
14 Sep 2018
British Airways data breach may be the work of Magecart
News roundup: The British Airways data breach may be the handiwork of hacking group Magecart, according to researchers. Plus, hacker Guccifer will be extradited to U.S., and more. Continue Reading
-
News
13 Sep 2018
CEO: Veeam database exposure fixed, investigation launched
Veeam co-CEO Peter McKay said there's 'no excuse' for the exposure of a marketing database and millions of email addresses. He said the company is being proactive in its response. Continue Reading
-
Podcast
12 Sep 2018
Risk & Repeat: Inside the GAO's Equifax breach report
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office's report on the Equifax breach and the questions it raises. Continue Reading
-
News
31 Aug 2018
Another patched Apache Struts vulnerability exploited
News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more. Continue Reading
-
Tip
22 Aug 2018
Find network security vulnerabilities by assessing risk
IT staff needs to regularly review network security vulnerabilities and security gaps to battle rising cybersecurity breaches and keep costs under control through risk assessments. Continue Reading
-
Feature
16 Aug 2018
How to scale security: An inside look at how Facebook does it
Facebook director of security Aanchal Gupta sounds off on how the social media giant uses automation to scale security and highlights its best practices and key focus areas. Continue Reading
-
Answer
10 Aug 2018
Facebook user data: How do malicious apps steal user data?
Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data. Continue Reading
-
Answer
08 Aug 2018
How do SDKs for ad networks cause data leaks?
SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk. Continue Reading
-
News
31 Jul 2018
Yale data breach discovered 10 years too late
A Yale University data breach from 2008 was only just discovered, and the school has released details on the compromised information, including Social Security numbers. Continue Reading
-
News
27 Jul 2018
LifeLock vulnerability exposed user email addresses to public
News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more. Continue Reading
-
Answer
27 Jul 2018
Powerhammering: Can a power cable be used in air-gapped attacks?
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables. Continue Reading
-
News
26 Jul 2018
Ponemon: Mega breaches, data breach costs on the rise
The Ponemon Institute's '2018 Cost of a Data Breach Study' details a rise in data breaches with a look at mega breaches and why U.S. companies experience the greatest loss. Continue Reading
-
News
26 Jul 2018
ComplyRight data breach affects 662,000, gets lawsuit
ComplyRight, an HR and tax services firm, was hit with a data breach that affected 662,000 people. It has also prompted a lawsuit by a person whose data was breached. Continue Reading
-
News
29 Jun 2018
Exactis leak exposes database with 340 million records
Experts said the Exactis leak needs to be treated as a learning moment for defining identity online after the marketing firm exposed data on 230 million adults and 110 million businesses. Continue Reading
-
Answer
27 Jun 2018
What backup security measures protect against data breaches?
Backup security varies across different storage media. What works for tape-based backup may not work for disk backups, so plan your data protection strategy accordingly. Continue Reading
-
Answer
27 Jun 2018
How are air-gapped computers put at risk by the Mosquito attack?
Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson. Continue Reading
-
Answer
18 May 2018
How does the Terror exploit kit spread through malicious ads
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis. Continue Reading
-
News
17 May 2018
Securus hack exposes law enforcement customers of location tracking
Following news that it provides near real-time location data to law enforcement without warrants, a Securus hack exposed information on those law enforcement customers. Continue Reading
-
Answer
17 May 2018
SSH private keys: How do threat actors find exposed keys?
Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay protected with Nick Lewis. Continue Reading
-
Tip
17 May 2018
How security operations centers work to benefit enterprises
One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
-
News
20 Apr 2018
Another misconfigured Amazon S3 bucket exposes 48M records
News roundup: A misconfigured Amazon S3 bucket led to the exposure of 48 million records collected by a private data analytics firm. Plus, PCI SSC updated its cloud guidelines, and more. Continue Reading
-
Podcast
17 Apr 2018
Risk & Repeat: Breaking down the Verizon DBIR 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more. Continue Reading
-
Answer
28 Mar 2018
Zyklon malware: What Microsoft Office flaws does it exploit?
Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson. Continue Reading
-
Answer
27 Mar 2018
How can a Moxa MXview vulnerability be exploited by hackers?
A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation. Continue Reading
-
News
16 Mar 2018
Following Equifax data breach, executive charged with insider trading
News roundup: A CIO has been charged with insider trading after the Equifax data breach. Plus, Trump blocked Broadcom's acquisition of Qualcomm, and more. Continue Reading
-
News
06 Mar 2018
Equifax data breach affected 2.4 million more consumers
The massive Equifax data breach affected even more people. The startling total is now 147.9 million U.S. consumers who had their information stolen by hackers. Continue Reading
-
Answer
26 Feb 2018
Uber breach: How did a private GitHub repository fail Uber?
The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred. Continue Reading
-
News
21 Feb 2018
Cryptojacking attacks hit enterprises' cloud servers
Cloud security vendor RedLock discovered threat actors had gained access to several enterprise cloud environments, including Tesla's, and used them for cryptojacking schemes. Continue Reading
-
News
14 Feb 2018
Equifax breach worsens, additional consumer data exposed
The Equifax breach compromised even more consumer data, including tax identification numbers, than originally reported. But the credit rating agency didn't disclose the update. Continue Reading
-
Tip
07 Feb 2018
Cloud security lessons to learn from the Uber data breach
Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main takeaways from the massive breach. Continue Reading
-
News
12 Jan 2018
Fancy Bears hackers target International Olympic Committee
News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again. Plus, a former NSA contractor pleads guilty to stealing government data, and more. Continue Reading
-
News
05 Jan 2018
A DHS data breach exposed PII of over 250,000 people
News roundup: A DHS data breach exposed PII of 250,000 federal employees, as well as investigative data from 2002 to 2014. Plus, a new bill aims to nix paperless voting, and more. Continue Reading
-
News
22 Dec 2017
Cryptocurrency exchanges increasingly targeted by cyberattacks
News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more. Continue Reading
-
News
15 Dec 2017
Half of business leaders admit to hiding data breach information
News roundup: Data breach information is kept from customers 50% of the time, according to a report. Plus, the FBI director continues to preach against encryption, and more. Continue Reading
-
News
12 Dec 2017
1.4 billion stolen credentials found on dark web
A massive repository containing more than 1.4 billion stolen credentials was found on the dark web with special features for malicious actors. Continue Reading
-
News
08 Dec 2017
Hacker behind Uber data breach was paid off through bug bounty
News roundup: The man responsible for the 2016 Uber data breach is a 20-year-old from Florida. Plus, Ethiopia reportedly targeted dissidents with Israeli spyware, and more. Continue Reading
-
Podcast
07 Dec 2017
Risk & Repeat: Analyzing the accidental data breach
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online. Continue Reading
-
News
01 Dec 2017
Proposed data breach legislation could put executives in jail
Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers. Continue Reading
-
Guide
01 Dec 2017
Cyberthreats, cyber vulnerabilities, and how to fight back
The key to countering cyberthreats today is to first understand your biggest vulnerabilities and then research the most effective countermeasures available to minimize them. Continue Reading
-
Podcast
30 Nov 2017
Risk & Repeat: Uber data breach has implications for infosec
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure. Continue Reading
-
Tip
30 Nov 2017
Data breach litigation: What enterprises should know
Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach. Continue Reading
-
Answer
17 Nov 2017
Ransomware recovery methods: What does the NIST suggest?
Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises. Continue Reading
-
News
10 Nov 2017
Following Equifax breach, CEO doesn't know if data is encrypted
News roundup: Following the massive Equifax breach, the CEO said he doesn't know if customer data is encrypted or not. Plus, flaws were found in IEEE's P1735 standard, and more. Continue Reading
-
Definition
31 Oct 2017
cyber attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit. Continue Reading
-
News
20 Oct 2017
Microsoft mum on 2013 database breach of bug tracking system
News roundup: Former employees reveal a 2013 database breach exposed Microsoft's bug tracking system, DHS sets new rules for federal agencies on web, email security, and more. Continue Reading
-
Podcast
11 Oct 2017
Risk & Repeat: Scope of Equifax, Yahoo breaches expands
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the expanding scope of the Equifax and Yahoo breaches and the long-term effects of these major security incidents. Continue Reading
-
News
07 Oct 2017
NSA breach leads to theft of government spy software
An NSA contractor became the target of a cyberattack after storing agency spying software on a personal device, and this NSA breach has caused a rise in fears regarding Russia. Continue Reading
-
Opinion
02 Oct 2017
No customer data leaks? Companies look down the rabbit hole
When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation. Continue Reading
-
E-Zine
02 Oct 2017
Growing data protection risks and how to manage them
Companies today collect more data from more sources than ever before. Often the data is distributed across on-premises environments, cloud systems and third-party networks. The network perimeter behind which most enterprise data once resided is gone, and users now have the ability to access data from anywhere and at any time via laptops, smartphones and other mobile devices. Managing these data protection risks creates unique challenges for CISOs and their security teams.
"Security must be able to protect the data wherever it is being used, viewed or saved," said Christopher Pierson, executive vice president, general counsel and CSO at Viewpost, an electronic payments and invoicing service, based in Maitland, Fla.
For organizations covered by regulations such as PCI DSS, HIPAA, the Gramm-Leach-Bliley Act and, soon, the European Union General Data Protection Regulation, the trends pose enormous compliance headaches. The distribution of data and the many ways in which it can be accessed has made handling data protection risks especially challenging.
At the same time, many companies have network-level security models that prevent their security teams from transitioning to data-level controls. In this issue of Information Security magazine, we look at data-centric security models and better ways to manage data protection risks.
Continue Reading -
News
29 Sep 2017
Deloitte hack compromised sensitive emails, client data
News roundup: During the Deloitte hack, attackers had access to client data and internal email servers. Plus, the U.S. asks China not to enforce its Cybersecurity Law, and more. Continue Reading
- 28 Sep 2017
-
Podcast
21 Sep 2017
Risk & Repeat: Equifax data breach fallout continues
In this week's Risk & Repeat podcast, SearchSecurity editors continue discussing the Equifax data breach and examine new details about an Apache Struts flaw tied to the attack. Continue Reading
-
News
13 Sep 2017
Equifax breach response deemed insufficient in multiple ways
Experts criticized the Equifax breach response as insufficient, given the size and scope of the data loss, and they said the company was likely not prepared for such an incident. Continue Reading
-
Podcast
13 Sep 2017
Risk & Repeat: Equifax data breach response called into question
In this week's Risk & Repeat podcast, SearchSecurity editors tackle the massive Equifax data breach and how the credit bureau's response to the security incident is creating more problems. Continue Reading
-
News
08 Sep 2017
Equifax breach exposes 143 million consumers' personal data
A massive Equifax breach, which was discovered in July, exposed the personal information, including names, birth dates and Social Security numbers, of 143 million Americans. Continue Reading