Data Breach News, Articles and Updates

The cloud is more available than ever but are you making sure it's secure?

Most cloud providers are only responsible for protecting the infrastructure that runs these services, while the customer is responsible for security inside the cloud, creating a shared responsibility of both the cloud provider and customer.

ICO levies £400,000 fine on Carphone Warehouse following 2015 data breach

Following a cyber-attack in 2015 that caused a data breach from one of Carphone Warehouse's computers, the company has just been given a £400,000 fine, one of the highest fines for a data-breach in the UK to date.

Turla cyber-espionage group fakes Adobe to drop malware on embassies

Cyber-espionage group Turla is reported to be targetting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

How ISO 27001 can help your organisation meet GDPR requirements

Making use of ISO 27001 can assist an organisation to be GDPR compliant in several key areas and they can then use this certification to demonstrate a level of GDPR compliance.

123 million sensitive PII records exposed, most US households hit

A cloud-based data repository belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the US Census Bureau containing sensitive personal information on 123 million Americans.

CNIL orders WhatsApp to stop gifting data to parent firm Facebook

French Watchdog CNIL has ordered that Whatsapp stop sharing data with its parent company, Facebook, for business advertising and promotion.

Retailers still in need of data breach response plan

A recent survey showed that surprisingly, a large percentage of retailers still have no data breach response plan in place.

Data breach at PayPal's TIO Networks unit affects 1.6 million customers

PayPal Holdings on Friday acknowledged that a data breach at recently acquired payments processor TIO Networks compromised the personally identifiable information of roughly 1.6 million customers.

Shipping company Clarksons refuses to pay ransom, data leak expected

UK shipping giant Clarksons has beenhit by hackers who were successful in stealing sensitive and confidential data which may soon be leaked due to Clarksons' refusal to pay the ransom demanded by the hackers.

US Senate bill would require jail time for data breach cover ups

Three US Senators have introduced a bill that would require jail time for corporate executives who do not notify consumers of a breach within 30 days.

Morrisons supermarket held liable after employee leaks data

Supermarket chain Morrison's was found liable, in a first of its kind data leak class action suit, for the actions of a former employee who stole the data on thousands of his co-workers and posted it online.

Most UK Uber users and drivers caught up in data breach

More than half of all Uber riders and drivers in the UK were impacted by the ride-sharing company's data breach that was revealed last week.

Penalties for Uber's delayed breach notification would be huge under GDPR

If GDPR had been in effect during the latest Uber hack, the ride-sharing company would have faced stiffed consequences - or more promptly revealed the attack that compromised data of 57 million customers and drivers.

Uber hid massive hack compromising data of 57M for a year

For more than a year, even as it negotiated with regulators in the US over privacy infractions, Uber hid a massive hack that resulted in cyber-thieves pilfering the personal information of 57 million customers and drivers.

Misconfigured Amazon S3 server leaks Australian Broadcasting Corporation

As misconfigured Amazon servers continue to leak sensitive data Australian Broadcasting Corporation (ABC) is the latest culprit of administrators not properly securing their cloud servers.

The three certainties in life: death, taxes and GDPR

As the GDPR clock ticks down to implementation, it is clear that this will not be a non-event like the Millennium Bug - it will happen and there will be dire consequences, potentially company-closures, in the event of non-compliance.

Cash Convertors hit by security breach

Pawnbroker chain Cash Converters is investigating a data security breach at its UK operations after receiving email threats of data release.

Writing authorisation policies to secure big data

Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.

Deloitte hack highlights the need for innovation in cyber-security today

Deloitte fell victim to a data breach that could have been prevented by having simple measures that are standard security protocols but businesses must not only focus on the basics, but also incorporate an innovative approach.

Data breach concerns cause fear around device disposal

Seven in ten people in the UK are being put off recycling old and unused electrical products because of concerns about personal security data breaches.

Amazon takes steps to reduce S3 misconfiguration leaks

Amazon is taking action to combat the recent wave of its Amazon S3 server being left misconfigured subsequently exposing potentially sensitive data.

Kracking the code - why businesses don't yet need to panic about 'Krack attack'

Krack attackers need to be within range of the targeted Wi-Fi network, so widespread data loss is unlikely, but do add fixes when available as this vulnerability would allow anyone to read traffic from mobile and laptop to Wi-Fi devices.

Equifax's net income down £20m and £67m costs post data breach

Equifax was financially punished for the breach that allowed the personal data of 145.5 million of its customers to be compromised with revenue down 27 percent (£20 million) in the quarter and breach costs of £66.8 million.

UK University fails to learn - UEA, a data breach repeat offender

The UEA has suffered another data breach; an email was sent to about 300 students in the social science faculty which included the personal health information of a member of staff, in a repeat use of a flaw not fixed previously.

Former Yahoo chief executive Mayer testified before Congress, blamed Russia

Former Yahoo chief executive Marissa Mayer apologises for the two massive data breaches at Yahoo that occurred during her tenure and resulted in 3 billion credentials being stolen, blaming Russian agents for at least one of them.

How to avoid opening the door to hackers with misconfiguration errors

Setting standard configurations based on industry best practices, and continuously monitoring for changes from that baseline enable quick identification of a misconfiguration that could be exploited and address it, before the breach.

Pirates of the Caribbean: 66 years of secrets dug up in Paradise Papers

The Queen's offshore accounts, Russian links to President Donald Trump's top administration officials among 13.4 million documents exposed in Paradise Papers. Legal and accounting firms can expect to be increasingly targeted.

Another misconfigured Amazon S3 server leaks data of 50,000 Australians

Another misconfigured Amazon server has resulted in the exposure of personal data - this time on 50,000 Australian employees that were left unsecure by a third-party contractor.

How secure are you? And are your current tools up to the job?

Con Mallon advises, conduct a compromise assessment based on the assumption that you've already been compromised, then pick the right tools, processes, technology and intelligence to combat that threat.

Fear of system compromise up some 50% among IT pros as perimeter dissolves

Concerns around compromise increase among IT pros in the face of major breaches at even the most security aware organisations, highlighting muddled responses to softening perimeter.