Breach News, Articles and Updates

Speech recognition software firm breach exposes thousands of records

US-based speech recognition software firm Nuance announced the breach of thousands of patient records after a third party gained unauthorised access.

If your vendor is breached, you are too

Half of companies surveyed suffered a third-party data breach - Why? One possible answer is that the relative costs of breaches - especially the very high-profile ones - aren't painful enough long-term to prompt a major security overhaul.

Outdated VPN remote access puts critical national infrastructure at risk

Critical national infrastructure organisations who cannot afford to let high value data or control of critical systems get into the wrong hands should be particularly wary of using outdated VPN remote access.

Uber updates bug bounty program after breach

In the aftermath of revelations that Uber kept a 2016 breach hidden for a year and paid ransom to a hacker, the company has tweaked its bug bounty programme, which operates under Hacker One, to prevent further missteps.

Facebook ups number hit by Cambridge Analytica breach to 87 million

Facebook announced an additional 37 million people were affected in the Cambridge Analytica breach while at the same time rolling out new plans to restrict data access to the site's users.

After 'isolated' hack, Germany says government computers are secure

The German government said on Wednesday that hackers had breached the network of government computers with an isolated attack that had been brought under control and which was being investigated by security officials.

Equifax breach worse than thought, consumers affected now total 147.9M

Equifax has once again bumped up the estimated number of US consumers affected by its massive breach - now saying that data on 147.9 million was somehow exposed.

Data breach site adds 80M new records, updates 'Pwned Passwords' service

Data breach aficionado Troy Hunt has significantly updated his "Have I Been Pwned?" website in recent days, adding a data set of 2,844 breach incidents involving 80 million stolen records.

Uber says bug that allows 2fa bypass 'not particularly severe'

Just two months after the car-sharing service admitted to covering up a breach that exposed sensitive information on 57 million customers and drivers, a security researcher has discovered a flaw.

India's 1.2 billion citizen national database reportedly breached

India's national ID database containing the information of nearly 1.2 billion people was breached with cyber-criminals selling access to the information for US$ 8 (£6), though officials deny the extent of the incident.

US government DHS data breach affects 250,000

More than 250,000 of the US Department of Homeland Security (DHS) employees along with individuals involved in on-going DHS criminal investigations had their personally identifiable information (PII) compromised in a data breach.

Irish Zoo scammed, approximately €500,000 stolen

Most humans have a soft spot for animals. Cyber-criminals are another breed obviously, as evidenced by the Dublin Zoo's computer system getting breached so the payments due were electronically redirected to a criminal's account.

US Senate bill would require jail time for data breach cover ups

Three US Senators have introduced a bill that would require jail time for corporate executives who do not notify consumers of a breach within 30 days.

Firefox tests in-browser breached site notifications

Firefox is testing out a warning system that will notify users when they visit breached sites and offer the option to be notified if a site they previously visited becomes breached in the future.

Imgur acts to disclose years-old breach that compromised 1.7 million users

Online image sharing and hosting service Imgur was breached in 2014, resulting in the theft of roughly 1.7 million user email addresses and passwords, the company confirmed last Friday in an online notification.

Equifax board picks former Broadcom exec for tech committee

Two months after revelations that an Equifax breach had exposed information on 145.5 million US consumers, the company has added Scott A McGregor, former CEO of Broadcom Corp. to the board and to its technology committee.

Update: Microsoft 2013 secret vulnerabilities database breach - long tail

In 2013 Microsoft discovered that hackers had breached the secret internal database it uses to track vulnerabilities, it then quietly upped its security, segmenting the database from its network and compelling two-factor authentication.

Hackers target business emails with Netflix scam

Netflix scam steals customers' credit card data, and puts businesses at risk where employees re-use passwords.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

Yahoo says all 3 billion accounts compromised in breach

A 2013 breach of Yahoo!'s network affected all three billion of the company's accounts, Verizon Communications, which acquired Yahoo post-breach for $4.48 billion (£3.38 billion), said Tuesday.

Indian government and corporate credentials found for sale on DarkNet

The login credentials and other inside information of more than 6,000 Indian ISPs, government departments and businesses is being advertised for sale on DarkNet.

Sys Admins warned to be vigilant as OneLogin admits security breach

Amid fears that even encrypted data has been compromised by a breach of OneLogin, the company is advising customers to take extensive remediation steps.

ICYMI: UK threats grow, TalkTalk2, something phishy at HSBC and more

In Case You Missed It: UK threat grows says NCSC, TalkTalk customers report fraud calls, HSBC customers being phished, NHS Wales breached, and the latest Web browser exploits.

After DailyMotion breach, how can organisations avoid password reuse attacks?

As the smoke clears from the DailyMotion breach, IT security professionals are starting to fret about the threat of password reuse attacks on enterprises.

DailyMotion breached, 85 million accounts made off with

One of the internet's foremost video hosting platforms has been breached and hackers have made off with tens of millions of account details.

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organisation's five major venues during the last year.

Adobe to pay $1M for breach

Adobe will be paying $12 million to 15 states to settle a breach claim.

Yahoo knew about hack back in 2014

A filing to the Securities and Exchange Commission has revealed that Yahoo knew about the hack which stole details of 500 million of its users back in 2014.

RAND Report questions breach cost

A breach isn't quite as big a deal as we've been told. That is if the findings of a new report are to be believed. Authored by Sasha Romanosky, a policy researcher at the RAND Corporation, the report undercuts one of the great cliches of the cyber-security industry: that breaches are expensive.