Breaches: Page 2


  • A password field reflected on a eye.
    Image attribution tooltip
    Leon Neal via Getty Images

    Twilio phishing attack fallout spreads to Signal

    The vendor’s widely used two-factor authentication service became a point of potential compromise for 1,900 Signal users. One user suffered a direct hit.

    By Aug. 15, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    How attackers are breaking into organizations

    Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.

    By Aug. 15, 2022
  • A sample phishing text message that targeted Cloudflare employees.
    Image attribution tooltip

    Cloudflare

    Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

    Dissimilar responses from Cloudflare and Twilio bear important lessons in transparency, resiliency and access.

    By Aug. 9, 2022
  • Hospitals have low level of accountability for connected device breaches

    Only an average of 3.4% of hospitals’ IT budgets are being spent on device security, a recent survey shows.

    By Rebecca Pifer • Aug. 5, 2022
  • Illustration of locks layered above circuity.
    Image attribution tooltip
    Traitov/iStock/Getty via Getty Images

    Data breach costs spread downstream, IBM says

    Nearly half of all organizations studied by IBM have minimal or no cloud security practices in place.

    By July 29, 2022
  • A man looks at lines of code depicted on a computer screen
    Image attribution tooltip
    sestovic via Getty Images

    Entrust acknowledges June cyberattack, remains tight-lipped on the details

    The cybersecurity vendor has yet to disclose how the incident occurred, the type of data stolen and if ransomware was involved.

    By July 28, 2022
  • A closeup up a car dashboard with a a driver's hand. A phone is on a mount to the right of the steering wheel.
    Image attribution tooltip
    Drew Angerer via Getty Images

    Uber reaches non-prosecution deal with feds after concealing data breach

    The ride-sharing firm had been under investigation by the Federal Trade Commission, when the 2016 data breach occurred, an event undisclosed until new management entered the picture. 

    By July 26, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    Data breach at debt collector affects almost 2M healthcare patients

    It’s the second-largest health data breach this year after the Shields Health Care Group cyberattack in March, the Department of Health and Human Services breach reporting portal shows.

    By Rebecca Pifer • July 19, 2022
  • A rendering of an empty hospital corridor with a reception desk.
    Image attribution tooltip
    Ninoon via Getty Images

    Hospital ransomware concerns rise after payment vendor breach, North Korea threats

    A recently disclosed ransomware attack could have exposed patient data from more than 650 healthcare providers.

    By Rebecca Pifer • July 11, 2022
  • A sign is posted in front of a Marriott hotel.
    Image attribution tooltip
    Justin Sullivan via Getty Images

    Latest Marriott breach shows a human error pattern

    The latest incident at Marriott is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.

    By July 7, 2022
  • Carnival, Cruise, Privacy, violatons
    Image attribution tooltip
    Courtesy of Carnival Corp.

    Carnival to pay $5M for cyber violations to NY financial regulator

    The cruise line failed to implement multifactor authentication and took 10 months to report the first of four data incidents.

    By June 27, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    Attackers keep targeting VMware Horizon, exploiting unpatched Log4Shell

    In one case, CISA found multiple threat actors compromising an organization using Log4Shell, which leveraged access to gain remote command and control.

    By June 24, 2022
  • close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept - stock photo
    Image attribution tooltip
    Chainarong Prasertthai via Getty Images

    Breach at Flagstar Bank impacts more than 1.5M customers

    The breach, which occurred between Dec. 3 and Dec. 4, is the second to impact the bank in less than two years.

    By Anna Hrushka • June 22, 2022
  • A person looks at their smartwatch, which shows their pulse in blue
    Image attribution tooltip
    Nastasic via Getty Images

    Employees cause more cyber breaches in healthcare than other industries: report

    Basic web application attacks, miscellaneous errors and system intrusions are at the root of the bulk of healthcare breaches, Verizon research shows.

    By Rebecca Pifer • May 24, 2022
  • Image attribution tooltip
    Getty / edited by Healthcare Dive

    Tenet says 'cybersecurity incident' disrupted hospital operations

    The for-profit health system has restored most critical functions, while affected facilities are starting to resume normal operations.

    By Rebecca Pifer • April 27, 2022
  • Server room (Sefa Ozel/Getty)
    Image attribution tooltip
    Sefa Ozel/Getty via Getty Images

    Okta says 2.5% of customers breached, as Lapsus$ sows disorder

    Threat researchers say Lapsus$, active on social media, revels in the spotlight. Okta's CSO called the breach screenshots "embarrassing." 

    By March 23, 2022
  • Image attribution tooltip
    Spencer Platt / Staff via Getty Images

    NYC transit worker alleges pay violations after Kronos ransomware disruption

    The Metropolitan Transit Authority paid straight-time wages in a timely manner, the suit said, but it reportedly skipped overtime payments.

    By Kate Tornone , Feb. 15, 2022
  • Close up stock photograph of a mature man working with a large computer screen. He’s working with 3D software examining complicated shapes.
    Image attribution tooltip
    Laurence Dutton via Getty Images

    Cybersecurity outlook for 2022

    Nation-state cyberthreats and Log4j have the security community on high alert; organizations need to master response and remediation.  

    By Feb. 14, 2022
  • Image attribution tooltip

    Canva.com

    Sponsored by Enzoic

    In 2022, you can no longer afford to ignore credential security

    Credentials are among the most sought-after targets by hackers due to the low risk and high rewards.

    Jan. 31, 2022
  • A person holds a credit card in front of a laptop computer.
    Image attribution tooltip
    Poike via Getty Images

    NY attorney general probes widespread credential stuffing, 17 companies affected

    The OAG worked with the impacted companies to uncover how threat actors bypassed security safeguards, which led almost all the companies to strengthen security controls.

    By Samantha Schwartz • Jan. 6, 2022
  • Cloud Computing, Data Center, Server Rack, Connection In Neural Network, Technology - stock photo
    Image attribution tooltip
    Just_Super via Getty Images

    Threat actor breaches HPE's Aruba Central via data repository access key

    As more enterprise data moves to the cloud, security and data privacy remain paramount concerns. 

    By Nov. 16, 2021
  • A lit Microsoft log seen above a group of people in shadow.
    Image attribution tooltip
    Jeenah Moon via Getty Images

    SolarWinds threat actor targeted IT service providers in thousands of attacks, Microsoft says

    The campaign from the Russian nation-state threat actor Nobelium was caught early, but there were at least 14 compromises involving password spraying and phishing to gain access.

    By Samantha Schwartz • Oct. 25, 2021
  • Image attribution tooltip
    Mark Wilson via Getty Images

    Ripple effects from a cyber incident take a year to develop: report

    Organizations are likely to both generate and suffer the downstream consequences of cyber incidents because of the technological reliance companies have on one another.

    By Samantha Schwartz • Sept. 27, 2021
  • FTC
    Image attribution tooltip
    Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.

    FTC warns app makers fall under breach notification rule

    A breach must be reported regardless of whether it was the result of malicious action, the agency said. Any unauthorized access, including sharing information without consent, would trigger the rule.

    By Shannon Muchmore • Sept. 17, 2021
  • Image attribution tooltip
    David Ramos via Getty Images

    Cybersecurity discussion growing in regulatory filings

    A surge in ransomware combined with an increase in M&A activity is raising the profile of cybersecurity as a key discussion point in public filings and discussions with investors. 

    By Sept. 8, 2021