Breach News, Articles and Updates

US Senate bill would require jail time for data breach cover ups

Three US Senators have introduced a bill that would require jail time for corporate executives who do not notify consumers of a breach within 30 days.

Firefox tests in-browser breached site notifications

Firefox is testing out a warning system that will notify users when they visit breached sites and offer the option to be notified if a site they previously visited becomes breached in the future.

Imgur acts to disclose years-old breach that compromised 1.7 million users

Online image sharing and hosting service Imgur was breached in 2014, resulting in the theft of roughly 1.7 million user email addresses and passwords, the company confirmed last Friday in an online notification.

Equifax board picks former Broadcom exec for tech committee

Two months after revelations that an Equifax breach had exposed information on 145.5 million US consumers, the company has added Scott A McGregor, former CEO of Broadcom Corp. to the board and to its technology committee.

Update: Microsoft 2013 secret vulnerabilities database breach - long tail

In 2013 Microsoft discovered that hackers had breached the secret internal database it uses to track vulnerabilities, it then quietly upped its security, segmenting the database from its network and compelling two-factor authentication.

Hackers target business emails with Netflix scam

Netflix scam steals customers' credit card data, and puts businesses at risk where employees re-use passwords.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

Yahoo says all 3 billion accounts compromised in breach

A 2013 breach of Yahoo!'s network affected all three billion of the company's accounts, Verizon Communications, which acquired Yahoo post-breach for $4.48 billion (£3.38 billion), said Tuesday.

Indian government and corporate credentials found for sale on DarkNet

The login credentials and other inside information of more than 6,000 Indian ISPs, government departments and businesses is being advertised for sale on DarkNet.

Sys Admins warned to be vigilant as OneLogin admits security breach

Amid fears that even encrypted data has been compromised by a breach of OneLogin, the company is advising customers to take extensive remediation steps.

ICYMI: UK threats grow, TalkTalk2, something phishy at HSBC and more

In Case You Missed It: UK threat grows says NCSC, TalkTalk customers report fraud calls, HSBC customers being phished, NHS Wales breached, and the latest Web browser exploits.

After DailyMotion breach, how can organisations avoid password reuse attacks?

As the smoke clears from the DailyMotion breach, IT security professionals are starting to fret about the threat of password reuse attacks on enterprises.

DailyMotion breached, 85 million accounts made off with

One of the internet's foremost video hosting platforms has been breached and hackers have made off with tens of millions of account details.

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organisation's five major venues during the last year.

Adobe to pay $1M for breach

Adobe will be paying $12 million to 15 states to settle a breach claim.

Yahoo knew about hack back in 2014

A filing to the Securities and Exchange Commission has revealed that Yahoo knew about the hack which stole details of 500 million of its users back in 2014.

RAND Report questions breach cost

A breach isn't quite as big a deal as we've been told. That is if the findings of a new report are to be believed. Authored by Sasha Romanosky, a policy researcher at the RAND Corporation, the report undercuts one of the great cliches of the cyber-security industry: that breaches are expensive.

Yahoo mega-breach raises key questions, criticisms

One day after Yahoo disclosed one of the largest data breaches in history, Internet and data security experts continue to weigh in on the historic incident that compromised over 500 million user accounts. To that end, SC presents three key questions...

Yahoo! confirms 500 million users affected in data breach

Yahoo! has confirmed a major data breach of its systems, with the number of users affected standing at 500 million. It is currently suspected to be a state-sponsored attack, as it has similarities to other Russian attacks.

Eurekalert news service attacked

Scientific news service EurekAlert suffered a breach which saw the login details of thousands of journalists stolen. The company has now reformed the technology behind its website and is promising a brand new login system.

Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.

Okta research says slow tech upgrades puts companies at risk

Research from security company Okta is claiming that companies which aren't agile on technology upgrades are putting themselves at risk of cyber-attacks.

Research firm finds MICROS hackers infected more POS vendors

Trailing not too far behind the news that hackers have compromised a leading point-of-sale system is the new revelation that at least five more vendors have been hit with similar breaches

2.3 million 'Warframe,' 'Clash of Kings' accounts compromised

More than 2.3 million users records were compromised as two separate gaming companies announced they suffered data breaches.

Hacker claims to breach Amazon server, Amazon disagrees

A security researcher claims to have hacked an Amazon server and dumped the information of tens of thousands of users online. Even though several sources appear to speak for the data's legitimacy, Amazon says it's nonsense.

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

65 million hacked Tumblr user details go up for sale on dark web

Tumbler waited three years to tell users about breach

IP EXPO: Responsibility and blaming the victim

Today's panel at IPEXPO discussed the common bad habit of blaming the victim rather than the criminals who committed the crime.

The cyber-security buck should stop with executives, finds survey

New research by VMWare has found that a great deal of UK workers believe that the responsibility for cyber-security should go all the way to the board of directors.