Data Breach News, Articles and Updates

Facebook in class action suit over privacy, data gathering infractions

Facebook accused of "standing idly by" while Aleksandr Kogan raided user accounts through a quiz app and shared the information with Cambridge Analytica and "made only the weakest attempts to prevent further access to this data.

Would you like productivity, or security?

When engineers work on a new invention, they focus on "getting it to work". This imperative precedes the need to "make it safe".

Equifax sent erroneous letters to breach victims

During the aftermath of the massive data breach which compromised the data of nearly 150 million consumers, Equifax notified some people using inaccurate letters.

Orbitz hit with data breach, info on 880,000 payment cards at risk

The online travel company Orbitz has suffered a major data breach possibly exposing the personal information associated with the owners of up to 880,000 payment cards.

Credential stuffing suspected: 150 National Lottery accounts compromised

As many as 150 player accounts registered with the UK's National Lottery were compromised, accessed and potentially viewed by an unauthorised party, according to an online statement from Camelot.

Gwent Police sat on data breach exposure for a year before informing ICO

Gwent Police failed to inform up to 450 people that hackers may have accessed their confidential information after it found that an online tool that allowed citizens to report incidents to the Police was exposed to hackers.

New York hospital data breach, 135,000 patients potentially affected

In the US a New York hospital suffered a data breach affecting about 135,000 patients when an unauthorised party gained access to its servers.

How DLP must evolve to deal with dynamic new threats

Organisations need to equip themselves with a united view of their entire network, extending from the endpoint through to the cloud - including penetrating through encrypted traffic that could be hiding malicious activity.

Data breach site adds 80M new records, updates 'Pwned Passwords' service

Data breach aficionado Troy Hunt has significantly updated his "Have I Been Pwned?" website in recent days, adding a data set of 2,844 breach incidents involving 80 million stolen records.

Android spyware maker Retina-X's servers breached twice in two years

Retina-X Studios, maker of several Spyware apps designed to help parents and enterprises keep tabs on children and employees, was hacked again, resulting in the compromise of sensitive data belonging to users.

Two Russians jailed in 160 million credit card details theft

Two Russian Nationals were given US federal prison sentences for their respective roles in a 2013 data breach which compromised 160 million credit card numbers and resulted in hundreds of millions of dollars in losses.

Equifax data breach may have exposed a wider range of data

Equifax revealed to a US Senate committee in a document that even more personal data than had been originally reported may have been exposed during last year's massive data breach the credit monitoring company experienced.

Unauthorised party access data on 800K Swisscom customers

Telecom giant Swisscom Wednesday disclosed that an unauthorised intruder misappropriated an unnamed sales partner's access to its data, thereby compromising basic information pertaining to approximately 800,000 customers.

Darknet markets worth keeping an eye on - you may see your data for sale

Jamie Bartlett, author of The Dark Net, advises monitoring the darknet markets, both to respond to your own data being sold, but also to protect your reputation if passwords are alleged to come from you following a hack elsewhere.

Oh, baby! Infants' Social Security numbers spotted for sale on dark web

The personal identifiable information (PII) of infants, including Social Security numbers, were recently found advertised for sale on the dark web, providing criminals with a clean credit history.

Aetna agrees to US$ 17 million (£12 million) to settle data breach

Aetna will pay a US$ 17.1 million (£12.3 million) as part of a settlement for a July 2017 data breach that may have compromised the personal health information of thousands of HIV patients.

The cloud is more available than ever but are you making sure it's secure?

Most cloud providers are only responsible for protecting the infrastructure that runs these services, while the customer is responsible for security inside the cloud, creating a shared responsibility of both the cloud provider and customer.

ICO levies £400,000 fine on Carphone Warehouse following 2015 data breach

Following a cyber-attack in 2015 that caused a data breach from one of Carphone Warehouse's computers, the company has just been given a £400,000 fine, one of the highest fines for a data-breach in the UK to date.

Turla cyber-espionage group fakes Adobe to drop malware on embassies

Cyber-espionage group Turla is reported to be targetting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

How ISO 27001 can help your organisation meet GDPR requirements

Making use of ISO 27001 can assist an organisation to be GDPR compliant in several key areas and they can then use this certification to demonstrate a level of GDPR compliance.

123 million sensitive PII records exposed, most US households hit

A cloud-based data repository belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the US Census Bureau containing sensitive personal information on 123 million Americans.

CNIL orders WhatsApp to stop gifting data to parent firm Facebook

French Watchdog CNIL has ordered that Whatsapp stop sharing data with its parent company, Facebook, for business advertising and promotion.

Retailers still in need of data breach response plan

A recent survey showed that surprisingly, a large percentage of retailers still have no data breach response plan in place.

Data breach at PayPal's TIO Networks unit affects 1.6 million customers

PayPal Holdings on Friday acknowledged that a data breach at recently acquired payments processor TIO Networks compromised the personally identifiable information of roughly 1.6 million customers.

Shipping company Clarksons refuses to pay ransom, data leak expected

UK shipping giant Clarksons has beenhit by hackers who were successful in stealing sensitive and confidential data which may soon be leaked due to Clarksons' refusal to pay the ransom demanded by the hackers.

US Senate bill would require jail time for data breach cover ups

Three US Senators have introduced a bill that would require jail time for corporate executives who do not notify consumers of a breach within 30 days.

Morrisons supermarket held liable after employee leaks data

Supermarket chain Morrison's was found liable, in a first of its kind data leak class action suit, for the actions of a former employee who stole the data on thousands of his co-workers and posted it online.

Most UK Uber users and drivers caught up in data breach

More than half of all Uber riders and drivers in the UK were impacted by the ride-sharing company's data breach that was revealed last week.

Penalties for Uber's delayed breach notification would be huge under GDPR

If GDPR had been in effect during the latest Uber hack, the ride-sharing company would have faced stiffed consequences - or more promptly revealed the attack that compromised data of 57 million customers and drivers.

Uber hid massive hack compromising data of 57M for a year

For more than a year, even as it negotiated with regulators in the US over privacy infractions, Uber hid a massive hack that resulted in cyber-thieves pilfering the personal information of 57 million customers and drivers.