Data Breach News, Articles and Updates

Cash Convertors hit by security breach

Pawnbroker chain Cash Converters is investigating a data security breach at its UK operations after receiving email threats of data release.

Writing authorisation policies to secure big data

Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.

Deloitte hack highlights the need for innovation in cyber-security today

Deloitte fell victim to a data breach that could have been prevented by having simple measures that are standard security protocols but businesses must not only focus on the basics, but also incorporate an innovative approach.

Data breach concerns cause fear around device disposal

Seven in ten people in the UK are being put off recycling old and unused electrical products because of concerns about personal security data breaches.

Amazon takes steps to reduce S3 misconfiguration leaks

Amazon is taking action to combat the recent wave of its Amazon S3 server being left misconfigured subsequently exposing potentially sensitive data.

Kracking the code - why business don't yet need to panic about the 'Krack attack'

Krack attackers need to be within range of the targeted Wi-Fi network, so widespread data loss is unlikely, but do add fixes when available as this vulnerability would allow anyone to read traffic from mobile and laptop to Wi-Fi devices.

Equifax's net income down £20m and £67m costs post data breach

Equifax was financially punished for the breach that allowed the personal data of 145.5 million of its customers to be compromised with revenue down 27 percent (£20 million) in the quarter and breach costs of £66.8 million.

UK University fails to learn - UEA, a data breach repeat offender

The UEA has suffered another data breach; an email was sent to about 300 students in the social science faculty which included the personal health information of a member of staff, in a repeat use of a flaw not fixed previously.

Former Yahoo chief executive Mayer testified before Congress, blamed Russia

Former Yahoo chief executive Marissa Mayer apologises for the two massive data breaches at Yahoo that occurred during her tenure and resulted in 3 billion credentials being stolen, blaming Russian agents for at least one of them.

How to avoid opening the door to hackers with misconfiguration errors

Setting standard configurations based on industry best practices, and continuously monitoring for changes from that baseline enable quick identification of a misconfiguration that could be exploited and address it, before the breach.

Pirates of the Caribbean: 66 years of secrets dug up in Paradise Papers

The Queen's offshore accounts, Russian links to President Donald Trump's top administration officials among 13.4 million documents exposed in Paradise Papers. Legal and accounting firms can expect to be increasingly targeted.

Another misconfigured Amazon S3 server leaks data of 50,000 Australians

Another misconfigured Amazon server has resulted in the exposure of personal data - this time on 50,000 Australian employees that were left unsecure by a third-party contractor.

How secure are you? And are your current tools up to the job?

Con Mallon advises, conduct a compromise assessment based on the assumption that you've already been compromised, then pick the right tools, processes, technology and intelligence to combat that threat.

Fear of system compromise up some 50% among IT pros as perimeter dissolves

Concerns around compromise increase among IT pros in the face of major breaches at even the most security aware organisations, highlighting muddled responses to softening perimeter.

Update: Possibly everyone in Malaysia had their mobile records stolen

It is possible that everyone in Malaysia may have had their mobile phone records stolen and put up for sale on the Dark Web.

Mitigating security risks in the extended enterprise

When companies entrust proprietary data to external business partners, they inherently expose themselves to risk. And these risks often materialise into actual breach incidents warns Alvaro Hoyos.

T-Mobile API bug may have leaked customer account data

A bug in T-Mobile's wsg.t-mobile.com API may have allowed attackers to access customer data that can be used to carry out phishing attacks or worse.

UK to open second investigation into Equifax breach

The UK Financial Conduct Authority (FCA) has opened an investigation into the massive Equifax data breach that exposed the personal information of almost 700,000 British citizens and 145.5 million worldwide.

Royals, celebs, plastic surgery pix stolen. Dark Overlord demands ransom

The London Bridge Plastic Surgery and Aesthetic Clinic has confirmed in a posted statement that it had been hit with a cyber-attack and data was stolen. The clinic did not say exactly what types of information were compromised.

Russian underground shop selling RDP servers for £11 or less

Russian dark web marketplace Ultimate Anonymity Services (UAS) is selling 35,000 compromised Remote Desktop Protocol servers, which criminals can use to anonymise themselves or access victims' networks.

'Data destruction' and its importance to secure your data privacy

Formatting old devices or deleting old information and selling it to third parties is common, says Sunil Chandna but data is not permanently removed and destruction or, preferably, true erasure of data is necessary.

Oilpro.com founder sentenced to prison for hacking competitor

The founder of a professional networking site was sentenced to a year and one day in prison after hacking into a competitor's database and attempting to sell his site to the same company whose database he hacked.

Homes and Communities Agency breach reported to ICO

Ahead of GDPR, even minor breaches are now being reported, with the UK government agency, the Homes and Communities agency, notifying the ICO of a limited breach of its information security policy on Monday 9 October.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

Don't be tomorrow's news - use machine data to protect PII pre-GDPR

Using machine data to monitor staff behaviours can identify potential PII breaches before they happen and avoid the huge fines that would follow once GDPR comes into effect says Matthias Maier

US calls for GDPR-style legislation in wake of vast Yahoo breach

The vast Yahoo breach underscores importance of heeding risk factors, renews interest in GDPR-style legislation

Stopping a 3rd party IT supplier data breach taking down a government

Government organisations responsible for highly sensitive information must ensure that if they are trusting a third-party IT supplier, they have a comprehensive privileged access management strategy in place says Csaba Krasznay

How do we reconcile the open source security risk with GDPR best practice?

GDPR calls for a documented, systematic approach to evaluating your security measures - including how you patch, but patching Open Source code has its own problems explains Matthew Jacobs and Daniel Hedley.

Organisations must protect themselves and end-users from insider threat

Debbie Garside says simple end-user error is the biggest risk you face when it comes to data. But instead of end users facing the sack for making honest mistakes employers should be putting systems in place that protect them.

Point-of-sale data breach bad for Whole Foods' health

Whole Foods Market, disclosed on Thursday that its has suffered a point-of-sale data breach that compromised the payment card information of customers who used its taprooms and full table-service restaurants.