Data Breach News, Articles and Updates

AI startup Clarifai hacked by Russian operatives in Pentagon Maven project

Artificial intelligence startup Clarifai failed to report that it had been hacked by Russian operatives while it was working on the Defence Department's Maven project, according to a recent lawsuit.

Dixons Carphone investigate into data breach affecting 5.9 M customers

Dixons Carphone has launched an investigation after admitting to a massive data breach involving 5.9 million payment cards and 1.2 million personal data records.

Coca-Cola hit with insider breach, 8,000 affected

The Coca-Cola Company announced a data breach today possibly affecting about 8,000 workers due to a former employee having in their possession an external hard drive containing employee personal data.

Jay-Z's streaming service discloses breach: number-fudging accusations

In denying accusations that it manipulated its subscriber statistics, Jay-Z-owned music streaming platform TIDAL instead has disclosed a potential data breach, according to various industry reports.

USB drive sniffing K-9 helps capture student hacker

A US student in San Fransico accused of hacking his school's computer system to change grades was captured with the aid of a K-9 unit when its dog was able to sniff out a thumb drive holding incriminating evidence.

Equifax data breach cost hits £175 million - £91 million insured

The massive data breach that compromised the data of 147.9 million Equifax customers last year has cost the company more than £175 million in related expenses.

LinkedIn Autofill flaw lets hackers harvest website visitors' personal info

If the visitor clicks anywhere on the page, then according to Cable, "LinkedIn interprets this as the AutoFill button being pressed, and sends the information via postMessage to the malicious site".

Facebook in class action suit over privacy, data gathering infractions

Facebook accused of "standing idly by" while Aleksandr Kogan raided user accounts through a quiz app and shared the information with Cambridge Analytica and "made only the weakest attempts to prevent further access to this data.

Would you like productivity, or security?

When engineers work on a new invention, they focus on "getting it to work". This imperative precedes the need to "make it safe".

Equifax sent erroneous letters to breach victims

During the aftermath of the massive data breach which compromised the data of nearly 150 million consumers, Equifax notified some people using inaccurate letters.

Orbitz hit with data breach, info on 880,000 payment cards at risk

The online travel company Orbitz has suffered a major data breach possibly exposing the personal information associated with the owners of up to 880,000 payment cards.

Credential stuffing suspected: 150 National Lottery accounts compromised

As many as 150 player accounts registered with the UK's National Lottery were compromised, accessed and potentially viewed by an unauthorised party, according to an online statement from Camelot.

Gwent Police sat on data breach exposure for a year before informing ICO

Gwent Police failed to inform up to 450 people that hackers may have accessed their confidential information after it found that an online tool that allowed citizens to report incidents to the Police was exposed to hackers.

New York hospital data breach, 135,000 patients potentially affected

In the US a New York hospital suffered a data breach affecting about 135,000 patients when an unauthorised party gained access to its servers.

How DLP must evolve to deal with dynamic new threats

Organisations need to equip themselves with a united view of their entire network, extending from the endpoint through to the cloud - including penetrating through encrypted traffic that could be hiding malicious activity.

Data breach site adds 80M new records, updates 'Pwned Passwords' service

Data breach aficionado Troy Hunt has significantly updated his "Have I Been Pwned?" website in recent days, adding a data set of 2,844 breach incidents involving 80 million stolen records.

Android spyware maker Retina-X's servers breached twice in two years

Retina-X Studios, maker of several Spyware apps designed to help parents and enterprises keep tabs on children and employees, was hacked again, resulting in the compromise of sensitive data belonging to users.

Two Russians jailed in 160 million credit card details theft

Two Russian Nationals were given US federal prison sentences for their respective roles in a 2013 data breach which compromised 160 million credit card numbers and resulted in hundreds of millions of dollars in losses.

Equifax data breach may have exposed a wider range of data

Equifax revealed to a US Senate committee in a document that even more personal data than had been originally reported may have been exposed during last year's massive data breach the credit monitoring company experienced.

Unauthorised party access data on 800K Swisscom customers

Telecom giant Swisscom Wednesday disclosed that an unauthorised intruder misappropriated an unnamed sales partner's access to its data, thereby compromising basic information pertaining to approximately 800,000 customers.

Darknet markets worth keeping an eye on - you may see your data for sale

Jamie Bartlett, author of The Dark Net, advises monitoring the darknet markets, both to respond to your own data being sold, but also to protect your reputation if passwords are alleged to come from you following a hack elsewhere.

Oh, baby! Infants' Social Security numbers spotted for sale on dark web

The personal identifiable information (PII) of infants, including Social Security numbers, were recently found advertised for sale on the dark web, providing criminals with a clean credit history.

Aetna agrees to US$ 17 million (£12 million) to settle data breach

Aetna will pay a US$ 17.1 million (£12.3 million) as part of a settlement for a July 2017 data breach that may have compromised the personal health information of thousands of HIV patients.

The cloud is more available than ever but are you making sure it's secure?

Most cloud providers are only responsible for protecting the infrastructure that runs these services, while the customer is responsible for security inside the cloud, creating a shared responsibility of both the cloud provider and customer.

ICO levies £400,000 fine on Carphone Warehouse following 2015 data breach

Following a cyber-attack in 2015 that caused a data breach from one of Carphone Warehouse's computers, the company has just been given a £400,000 fine, one of the highest fines for a data-breach in the UK to date.

Turla cyber-espionage group fakes Adobe to drop malware on embassies

Cyber-espionage group Turla is reported to be targetting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

How ISO 27001 can help your organisation meet GDPR requirements

Making use of ISO 27001 can assist an organisation to be GDPR compliant in several key areas and they can then use this certification to demonstrate a level of GDPR compliance.

123 million sensitive PII records exposed, most US households hit

A cloud-based data repository belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the US Census Bureau containing sensitive personal information on 123 million Americans.

CNIL orders WhatsApp to stop gifting data to parent firm Facebook

French Watchdog CNIL has ordered that Whatsapp stop sharing data with its parent company, Facebook, for business advertising and promotion.

Retailers still in need of data breach response plan

A recent survey showed that surprisingly, a large percentage of retailers still have no data breach response plan in place.