Breach News, Articles and Updates

After 'isolated' hack, Germany says government computers are secure

The German government said on Wednesday that hackers had breached the network of government computers with an isolated attack that had been brought under control and which was being investigated by security officials.

Equifax breach worse than thought, consumers affected now total 147.9M

Equifax has once again bumped up the estimated number of US consumers affected by its massive breach - now saying that data on 147.9 million was somehow exposed.

Data breach site adds 80M new records, updates 'Pwned Passwords' service

Data breach aficionado Troy Hunt has significantly updated his "Have I Been Pwned?" website in recent days, adding a data set of 2,844 breach incidents involving 80 million stolen records.

Uber says bug that allows 2fa bypass 'not particularly severe'

Just two months after the car-sharing service admitted to covering up a breach that exposed sensitive information on 57 million customers and drivers, a security researcher has discovered a flaw.

India's 1.2 billion citizen national database reportedly breached

India's national ID database containing the information of nearly 1.2 billion people was breached with cyber-criminals selling access to the information for US$ 8 (£6), though officials deny the extent of the incident.

US government DHS data breach affects 250,000

More than 250,000 of the US Department of Homeland Security (DHS) employees along with individuals involved in on-going DHS criminal investigations had their personally identifiable information (PII) compromised in a data breach.

Irish Zoo scammed, approximately €500,000 stolen

Most humans have a soft spot for animals. Cyber-criminals are another breed obviously, as evidenced by the Dublin Zoo's computer system getting breached so the payments due were electronically redirected to a criminal's account.

US Senate bill would require jail time for data breach cover ups

Three US Senators have introduced a bill that would require jail time for corporate executives who do not notify consumers of a breach within 30 days.

Firefox tests in-browser breached site notifications

Firefox is testing out a warning system that will notify users when they visit breached sites and offer the option to be notified if a site they previously visited becomes breached in the future.

Imgur acts to disclose years-old breach that compromised 1.7 million users

Online image sharing and hosting service Imgur was breached in 2014, resulting in the theft of roughly 1.7 million user email addresses and passwords, the company confirmed last Friday in an online notification.

Equifax board picks former Broadcom exec for tech committee

Two months after revelations that an Equifax breach had exposed information on 145.5 million US consumers, the company has added Scott A McGregor, former CEO of Broadcom Corp. to the board and to its technology committee.

Update: Microsoft 2013 secret vulnerabilities database breach - long tail

In 2013 Microsoft discovered that hackers had breached the secret internal database it uses to track vulnerabilities, it then quietly upped its security, segmenting the database from its network and compelling two-factor authentication.

Hackers target business emails with Netflix scam

Netflix scam steals customers' credit card data, and puts businesses at risk where employees re-use passwords.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

Yahoo says all 3 billion accounts compromised in breach

A 2013 breach of Yahoo!'s network affected all three billion of the company's accounts, Verizon Communications, which acquired Yahoo post-breach for $4.48 billion (£3.38 billion), said Tuesday.

Indian government and corporate credentials found for sale on DarkNet

The login credentials and other inside information of more than 6,000 Indian ISPs, government departments and businesses is being advertised for sale on DarkNet.

Sys Admins warned to be vigilant as OneLogin admits security breach

Amid fears that even encrypted data has been compromised by a breach of OneLogin, the company is advising customers to take extensive remediation steps.

ICYMI: UK threats grow, TalkTalk2, something phishy at HSBC and more

In Case You Missed It: UK threat grows says NCSC, TalkTalk customers report fraud calls, HSBC customers being phished, NHS Wales breached, and the latest Web browser exploits.

After DailyMotion breach, how can organisations avoid password reuse attacks?

As the smoke clears from the DailyMotion breach, IT security professionals are starting to fret about the threat of password reuse attacks on enterprises.

DailyMotion breached, 85 million accounts made off with

One of the internet's foremost video hosting platforms has been breached and hackers have made off with tens of millions of account details.

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organisation's five major venues during the last year.

Adobe to pay $1M for breach

Adobe will be paying $12 million to 15 states to settle a breach claim.

Yahoo knew about hack back in 2014

A filing to the Securities and Exchange Commission has revealed that Yahoo knew about the hack which stole details of 500 million of its users back in 2014.

RAND Report questions breach cost

A breach isn't quite as big a deal as we've been told. That is if the findings of a new report are to be believed. Authored by Sasha Romanosky, a policy researcher at the RAND Corporation, the report undercuts one of the great cliches of the cyber-security industry: that breaches are expensive.

Yahoo mega-breach raises key questions, criticisms

One day after Yahoo disclosed one of the largest data breaches in history, Internet and data security experts continue to weigh in on the historic incident that compromised over 500 million user accounts. To that end, SC presents three key questions...

Yahoo! confirms 500 million users affected in data breach

Yahoo! has confirmed a major data breach of its systems, with the number of users affected standing at 500 million. It is currently suspected to be a state-sponsored attack, as it has similarities to other Russian attacks.

Eurekalert news service attacked

Scientific news service EurekAlert suffered a breach which saw the login details of thousands of journalists stolen. The company has now reformed the technology behind its website and is promising a brand new login system.

Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.

Okta research says slow tech upgrades puts companies at risk

Research from security company Okta is claiming that companies which aren't agile on technology upgrades are putting themselves at risk of cyber-attacks.