Breaches


  • A person works next to a 5G logo.
    Image attribution tooltip
    David Ramos/Getty Images via Getty Images

    Nokia warns 5G security ‘breaches are the rule, not the exception’

    A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.

    By Nov. 16, 2022
  • Funny glasses depicted against a gray wall
    Image attribution tooltip
    iStock / Getty Images via Getty Images

    No, your CEO is not texting you

    Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.

    By Nov. 3, 2022
  • A Bed Bath & Beyond sign against a blue sky with puffy white clouds.
    Image attribution tooltip
    Daphne Howland/Cybersecurity Dive

    Bed Bath & Beyond reviewing data breach

    The home goods retailer doesn’t believe sensitive or personal data was accessed by the third party.

    By Caroline Jansen • Nov. 2, 2022
  • U.S. Bank
    Image attribution tooltip
    Permission granted by U.S. Bank

    U.S. Bank data breach impacts 11K customers

    A third-party vendor accidentally shared the names, addresses, Social Security numbers, birthdays, closed account numbers and outstanding balances, the bank said.

    By Gabrielle Saulsbery • Oct. 31, 2022
  • A lightbulb with a cycle circle around it.
    Image attribution tooltip
    Permission granted by Gartner
    Sponsored by Gartner Peer Insights

    Cybersecurity quarterly benchmarks: Q1, 2022

    Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

    Oct. 24, 2022
  • Lights reflect off of server cases.
    Image attribution tooltip
    Kwarkot/iStock via Getty Images

    As cybersecurity threats rage, colleges invest in risk prevention and pay higher insurance premiums

    Cyber insurance policy renewal price increases are typically between 40% and 60%, with some increases hitting the triple digits, S&P said.

    By Rick Seltzer • Oct. 14, 2022
  • A large hallway with supercomputers inside a server room data center.
    Image attribution tooltip
    luza studios via Getty Images

    CommonSpirit’s ‘IT security incident’ was likely cyberattack, security experts say

    Experts view moving systems offline and interrupting access to electronic health records as a defensive move.

    By Samantha Liss • Oct. 7, 2022
  • Image attribution tooltip
    Drew Angerer via Getty Images

    American Airlines phishing attack involved unauthorized access to Microsoft 365

    The airline has begun disclosing additional details to state regulators, confirming more than 1,700 people were impacted.

    By Sept. 26, 2022
  • Image attribution tooltip
    Mario Tama via Getty Images

    Morgan Stanley fined $35M by SEC over improper data disposal

    The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

    By Gabrielle Saulsbery • Sept. 21, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    Stolen single sign-on credentials for major firms available for sale on dark web

    Stolen SSO credentials are available for half of the top 20 public companies, and 25% of the entire S&P 500, BitSight found.

    By Sept. 21, 2022
  • American Airlines jet taking off from an airport runway.
    Image attribution tooltip
    Joe Raedle / Staff via Getty Images

    American Airlines targeted by threat actor in July data incident

    The airline has notified customers about the potential release of personal data, but said there is no evidence of the data being misused. 

    By Sept. 20, 2022
  • The Capital One flag flies over its headquarters March 13, 2006 in Mclean, Virginia.
    Image attribution tooltip
    Mark Wilson via Getty Images

    Capital One freed from consent order tied to 2019 breach

    The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

    By Gabrielle Saulsbery • Sept. 20, 2022
  • A photo illustration of LastPass logos on a hard drive disk held in someone's hand.
    Image attribution tooltip
    Leon Neal via Getty Images

    LastPass says it contained August breach, leaving customer data and vaults secure

    After investigating alongside Mandiant, the widely used password manager has enhanced a number of security protocols in response to the four-day incident.  

    By Sept. 16, 2022
  • Golden circuit cloud showing cloud computing technology
    Image attribution tooltip
    PhonlamaiPhoto via Getty Images

    Cloud security pros expect elevated risk for serious data breaches

    Just one out of five cybersecurity and engineering professionals escaped the previous year without incident.

    By Sept. 14, 2022
  • The threat actor JuiceLedger launched a supply chain attack against PyPI contributors.
    Image attribution tooltip
    Permission granted by SentinelOne

    PyPI contributors targeted by JuiceLedger in latest attack against open source

    The supply chain attack represents a potential risk to organizations using open source, researchers from SentinelOne and Checkmarx say.

    By Sept. 6, 2022
  • A rendering of an empty hospital corridor with a reception desk.
    Image attribution tooltip
    Ninoon via Getty Images

    Cyberattacks pivot from large health systems to smaller hospitals, specialty clinics

    The trend of attacks focusing on a systemic technology used across most providers is one that Critical Insights expects to continue this year. 

    By Rebecca Pifer • Aug. 29, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    Twilio discloses more victims as phishing attack effects cascade

    The communications and identity authentication provider said it has discovered 163 victims thus far.

    By Aug. 29, 2022
  • An octopus floats, depicted in a deep blue background
    Image attribution tooltip
    TheSP4N1SH via Getty Images

    Almost 10K credentials compromised in phishing spree that ensnared Twilio, Mailchimp

    Attackers targeted Okta identity credentials and two-factor authentication in the campaign dubbed Oktapus.

    By Aug. 26, 2022
  • A photo illustration of LastPass logos on a hard drive disk held in someone's hand.
    Image attribution tooltip
    Leon Neal via Getty Images

    LastPass breached, portions of source code stolen, CEO says

    The unauthorized actor did not access data or encrypted vaults from its more than 33 million registered users, however the company deployed containment and mitigation measures. 

    By Aug. 26, 2022
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images

    Third-party attacks spike as attackers target software connections

    Every third-party tool and partnership is a potential path for attack and an opportunity to exploit human behavior. The risks spread far and wide.

    By Aug. 22, 2022
  • A Mailchimp logo on a phone with a larger Mailchimp in the background.
    Image attribution tooltip

    Rafael Henrique/Zumapress/Newscom

    Mailchimp breach shines new light on digital identity, supply chain risk

    Sophisticated threat actors are targeting weak links in the email marketing space to go after vulnerable financial targets.

    By Aug. 18, 2022
  • A group of co-workers surround a computer screen
    Image attribution tooltip
    Yuri Arcurs via Getty Images

    DigitalOcean, caught in Mailchimp security incident, drops email vendor

    An attack on the email marketing firm raises questions about the continued risk of a supply chain compromise. 

    By Aug. 17, 2022
  • A password field reflected on a eye.
    Image attribution tooltip
    Leon Neal via Getty Images

    Twilio phishing attack fallout spreads to Signal

    The vendor’s widely used two-factor authentication service became a point of potential compromise for 1,900 Signal users. One user suffered a direct hit.

    By Aug. 15, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    How attackers are breaking into organizations

    Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.

    By Aug. 15, 2022
  • A sample phishing text message that targeted Cloudflare employees.
    Image attribution tooltip

    Cloudflare

    Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

    Dissimilar responses from Cloudflare and Twilio bear important lessons in transparency, resiliency and access.

    By Aug. 9, 2022