Breaches: Page 3
-
Stanley Steemer hack breached data of almost 67K customers
The cleaning company said attackers gained access to its systems nearly a month before the intrusion was discovered in March.
By David Jones • Nov. 17, 2023 -
File-transfer services, rich with sensitive data, are under attack
A trio of supply-chain attacks in 2023 created turmoil for thousands of corporate victims and their customers.
By Matt Kapko • Nov. 14, 2023 -
Trendline
Securing the cloud
The ubiquity of the cloud has left security gaps for organizations, leaving them to navigate a complex vendor landscape and defend their technology supply chain
By Cybersecurity Dive staff -
For Maine, the MOVEit attack is personal
With 1.3 million individuals compromised, the level of exposure on an individual basis is one that's representative of a compromise of its entire population.
By Matt Kapko • Nov. 10, 2023 -
MGM Resorts anticipates no further disruptions from September cyberattack
The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.
By David Jones • Nov. 9, 2023 -
5 Okta customers snared in attack on the provider’s support system
The IAM provider says the attack was most likely linked to a compromised employee’s personal Google account or personal device.
By Matt Kapko • Nov. 3, 2023 -
Okta employee data breached in third-party healthcare attack
An incident at Rightway Healthcare resulted in a breach of sensitive health information of almost 5,000 Okta employees. It’s the latest in a series of security woes for the IAM provider.
By Matt Kapko • Nov. 2, 2023 -
Non-bank financial institutions must report data security breaches: FTC
The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.
By Rajashree Chakravarty • Nov. 2, 2023 -
BeyondTrust, Cloudflare averted Okta attacks thanks to security chops
With details scant, worries remain about how the attacks might have played out for less security-focused businesses that were impacted.
By Matt Kapko • Nov. 1, 2023 -
Five Guys discloses hack of 2 employees’ emails
The disclosure comes weeks after the company agreed to settle a federal class action suit stemming from a 2022 attack.
By David Jones • Oct. 30, 2023 -
Philadelphia discloses email compromise 5 months after initial detection
An ongoing investigation uncovered a two-month dwell time in the city’s email system that exposed some individuals’ sensitive information.
By Matt Kapko • Oct. 26, 2023 -
LastPass working through ‘systemic’ security overhaul
“We didn’t just address the issues that were the cause of the breach,” CEO Karim Toubba said. Still, nearly 1 in 10 customers are fleeing the password manager.
By Matt Kapko • Oct. 25, 2023 -
1Password caught in Okta breach, impacting employee-facing apps
The password manager came forward after BeyondTrust and Cloudflare disclosed similar Okta environment breaches. All three victims claim no data was compromised.
By Matt Kapko • Oct. 24, 2023 -
Okta attacked again, this time hitting its support system
A threat actor accessed customer support tickets and files containing sensitive data. Okta declined to say how many customers are impacted.
By Matt Kapko • Updated Oct. 23, 2023 -
Almost 42K Cisco IOS XE devices exploited, no patch available
Security researchers warn the number of infected hosts grew after a critical zero-day vulnerability was found.
By David Jones • Oct. 19, 2023 -
US data compromises hit all-time high
Supply-chain attacks and zero-day exploits, such as the widespread attacks against the MOVEit file-transfer service, are surging, according to the Identity Theft Resource Center.
By Matt Kapko • Oct. 16, 2023 -
Caesars Entertainment says social-engineering attack behind August breach
In a filing with the Maine attorney general, the gaming company said the attack began in mid-August and impacted tens of thousands of the state's residents.
By David Jones • Oct. 9, 2023 -
Construction insurer hit in data breach
Builders Mutual disclosed the hack affected 64,761 individuals, per a filing with the state of Maine.
By Matthew Thibault • Oct. 6, 2023 -
Clorox warns of quarterly loss related to August cyberattack, production delays
The company expects a significant financial impact stemming from the recent cyberattack, which is reportedly linked to the Scattered Spider threat group.
By David Jones • Oct. 5, 2023 -
Caesars Entertainment faces class action lawsuits following rewards database hack
At least four separate plaintiffs allege the company was negligent for allowing their sensitive personal data to be stolen in a social engineering attack by criminal threat groups.
By David Jones • Sept. 27, 2023 -
Clorox warns of product shortages a month after disclosing cyberattack
The household product maker said the incident damaged IT systems and will have a material effect on its fiscal Q1 performance.
By David Jones • Sept. 18, 2023 -
MGM, Caesars attacks raise new concerns about social engineering tactics
Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.
By David Jones • Sept. 18, 2023 -
Deep Dive
Security has an underlying defect: passwords and authentication
Cyberattacks are fueled by the shortcomings of business authentication controls. Bad things happen when access falls apart and credentials land in the wrong hands.
By Matt Kapko • Sept. 18, 2023 -
MGM Resorts discloses cyber incident in filing with SEC
Moody’s Investors Service called the cyber incident credit negative, and MGM is still taking steps to protect data and fully secure business operations.
By David Jones • Sept. 13, 2023 -
Compromised credential use jumps 300% in cloud intrusions: IBM
Valid credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, IBM found.
By Matt Kapko • Sept. 13, 2023 -
High-profile CVEs turn up in vulnerability exploit sales
Flashpoint observed 27 vulnerability exploits listed for sale or purchased on the dark web during the first half of the year. One-third were linked to Microsoft products.
By Matt Kapko • Sept. 12, 2023