Breaches


  • Image attribution tooltip
    Poike via Getty Images

    NY attorney general probes widespread credential stuffing, 17 companies affected

    The OAG worked with the impacted companies to uncover how threat actors bypassed security safeguards, which led almost all the companies to strengthen security controls.

    By Jan. 6, 2022
  • Image attribution tooltip
    Just_Super via Getty Images

    Threat actor breaches HPE's Aruba Central via data repository access key

    As more enterprise data moves to the cloud, security and data privacy remain paramount concerns. 

    By Nov. 16, 2021
  • Image attribution tooltip
    Jeenah Moon via Getty Images

    SolarWinds threat actor targeted IT service providers in thousands of attacks, Microsoft says

    The campaign from the Russian nation-state threat actor Nobelium was caught early, but there were at least 14 compromises involving password spraying and phishing to gain access.

    By Oct. 25, 2021
  • Image attribution tooltip
    Mark Wilson via Getty Images

    Ripple effects from a cyber incident take a year to develop: report

    Organizations are likely to both generate and suffer the downstream consequences of cyber incidents because of the technological reliance companies have on one another.

    By Sept. 27, 2021
  • Image attribution tooltip
    Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.

    FTC warns app makers fall under breach notification rule

    A breach must be reported regardless of whether it was the result of malicious action, the agency said. Any unauthorized access, including sharing information without consent, would trigger the rule.

    By Shannon Muchmore • Sept. 17, 2021
  • Image attribution tooltip
    David Ramos via Getty Images

    Cybersecurity discussion growing in regulatory filings

    A surge in ransomware combined with an increase in M&A activity is raising the profile of cybersecurity as a key discussion point in public filings and discussions with investors. 

    By Sept. 8, 2021
  • Image attribution tooltip

    iStock.com/pixelfit

    Sponsored by Code42

    Are you ready for the second wave of digital transformation?

    In the second wave of digital transformation, understanding Insider Risk is more important than ever.  

    Sept. 7, 2021
  • Image attribution tooltip
    Jeenah Moon via Getty Images

    Azure flaw exposes enterprise databases, raising questions on cloud security

    The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

    By Aug. 30, 2021
  • Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images

    T-Mobile closes breach entry point, adds consultants to fix security holes

    The hacker's goal was to gain customer data, and "they succeeded," CEO Mike Sievert said in a statement Friday.

    By Aug. 27, 2021
  • Image attribution tooltip
    Leon Neal via Getty Images

    Credential stuffing: the data availability problem

    If data is the valuable asset locked away for safekeeping, credentials are key to opening the vault. For threat actors, the real value of credentials is that they offer access without trace.

    By Sue Poremba • Aug. 23, 2021
  • Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images

    T-Mobile: Understanding the latest in the carrier's string of data breaches

    The breach, affecting more than 54 million individuals, is the company's fifth disclosed incident since 2018.

    By Updated Aug. 24, 2021
  • Image attribution tooltip
    Mario Tama via Getty Images

    Morgan Stanley falls prey to lingering effects of Accellion breach

    Data from the investment firm was compromised through the vendor of a vendor, a hallmark of difficult-to-prevent — and increasingly frequent —  supply chain security incidents.

    By July 9, 2021
  • Image attribution tooltip
    Patrick Lux via Getty Images

    Spoofing, spear phishing dominate BEC attacks: report

    Threat actors are targeting the C-suite and corporate finance departments with the goal of stealing credentials or unleashing malicious payloads. 

    By June 29, 2021
  • Image attribution tooltip
    Tomohiro Ohsumi via Getty Images

    Codecov to sunset Bash Uploader following April supply chain attack

    The company seeks to boost security posture, however analysts are raising questions about whether the new uploader addresses underlying concerns.

    By June 14, 2021
  • Image attribution tooltip
    Alex Wong via Getty Images

    Data breaches, poor cyber practices raise cost of borrowing: study

    Research from the American Accounting Association shows banks have raised interest rates on companies where customer data has been hacked.

    By June 7, 2021
  • Image attribution tooltip
    Peter Macdiarmid via Getty Images

    Why CISOs can't afford to have data breach fatigue

    Security teams monitor thousands of alerts per day, which are hard to escape even in off hours, as news about data breaches becomes mainstream.

    By Sue Poremba • June 1, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images

    Compromised cloud costs companies $6.2M annually, study finds

    Attackers heavily target Microsoft 365 and Google Workspace accounts using brute force or phishing attacks, according to Ponemon Institute research.

    By May 27, 2021
  • Image attribution tooltip
    Stefani Reynolds / Stringer via Getty Images

    As Colonial Pipeline returns to service, Congress looks to bolster utility-government security efforts

    Several bills aim to boost public-private partnerships in securing the nations grid, which experts say are critical to keeping attackers at bay.

    By Robert Walton • May 17, 2021
  • Image attribution tooltip
    damircudic via Getty Images

    Password managers are a necessary — yet vulnerable — last line of defense

    The Passwordstate breach is forcing CISOs and researchers to review vendors and reassess security practices.

    By May 4, 2021
  • Image attribution tooltip
    sestovic/E+/Getty via Getty Images

    First Horizon breach highlights rising threats against financial institutions

    The attack shows the potential risk financial institutions face when trying to protect customer account data and financial assets.

    By April 29, 2021
  • Image attribution tooltip
    gilaxia via Getty Images

    Codecov hack — likened to SolarWinds — targets software supply chain

    Third-party actors were able to linger inside the software-testing firm’s environment for months, exfiltrating customer data.

    By Updated April 30, 2021
  • Image attribution tooltip
    SARINYAPINNGAM via Getty Images

    Employees can't quit habit of writing down, sharing passwords

    Amid heightened threats, workers are incorporating company names into passwords, writing them on sticky notes and sharing them via email.

    By April 6, 2021
  • Cybersecurity spending is up but so are breaches

    Healthcare, media, entertainment and gaming experienced the greatest growth in breaches last year, coinciding with a "big shift" toward digital transformation, Canalys found.

    By March 30, 2021
  • Security leaders: Expect more insider data leaks, threats in 2021

    The rise stems from a lack of accurate insight from data loss prevention and cloud access security broker technologies.

    By March 29, 2021
  • Remote work gives rise to more executive credential theft

    Threat actors are increasingly using social engineering to cultivate vulnerable end users and compromise networks, according to a CyberArk report.

    By March 25, 2021