Breaches: Page 4


  • Bottles of Clorox bleach on a supermarket shelf.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Clorox warns of quarterly loss related to August cyberattack, production delays

    The company expects a significant financial impact stemming from the recent cyberattack, which is reportedly linked to the Scattered Spider threat group.

    By Oct. 5, 2023
  • An exterior image of a hotel
    Image attribution tooltip
    Robert Mora via Getty Images
    Image attribution tooltip

    Caesars Entertainment faces class action lawsuits following rewards database hack

    At least four separate plaintiffs allege the company was negligent for allowing their sensitive personal data to be stolen in a social engineering attack by criminal threat groups. 

    By Sept. 27, 2023
  • Bottles of Clorox bleach on a supermarket shelf.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Clorox warns of product shortages a month after disclosing cyberattack

    The household product maker said the incident damaged IT systems and will have a material effect on its fiscal Q1 performance.

    By Sept. 18, 2023
  • An MGM Resorts sign
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    MGM, Caesars attacks raise new concerns about social engineering tactics

    Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.

    By Sept. 18, 2023
  • Sand slipping through hands cupped together.
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip
    Deep Dive

    Security has an underlying defect: passwords and authentication

    Cyberattacks are fueled by the shortcomings of business authentication controls. Bad things happen when access falls apart and credentials land in the wrong hands.

    By Sept. 18, 2023
  • An exterior image of a the Bellagio hotel in Las Vegas
    Image attribution tooltip
    Robert Mora via Getty Images
    Image attribution tooltip

    MGM Resorts discloses cyber incident in filing with SEC

    Moody’s Investors Service called the cyber incident credit negative, and MGM is still taking steps to protect data and fully secure business operations. 

    By Sept. 13, 2023
  • Password input field
    Image attribution tooltip
    Getty via Getty Images
    Image attribution tooltip

    Compromised credential use jumps 300% in cloud intrusions: IBM

    Valid credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, IBM found.

    By Sept. 13, 2023
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    High-profile CVEs turn up in vulnerability exploit sales

    Flashpoint observed 27 vulnerability exploits listed for sale or purchased on the dark web during the first half of the year. One-third were linked to Microsoft products.

    By Sept. 12, 2023
  • Exterior of MGM Grand Hotel & Casino in Las Vegas
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    MGM Resorts takes systems offline as it investigates cyberattack

    The company restored full operations to dining, gaming and entertainment venues Monday night, following earlier reports payment systems, digital room keys and reservations systems were down at multiple properties. 

    By Updated Sept. 12, 2023
  • A Microsoft logo is seen during the 2015 Microsoft Build Conference on April 29, 2015 at Moscone Center in San Francisco, California.
    Image attribution tooltip
    Stephen Lam via Getty Images
    Image attribution tooltip

    Microsoft crash dump exposed key that led to US cabinet email hacks, investigation finds

    A China-based threat group used the key to access a Microsoft engineer’s corporate account and, later, compromised more than two dozen customer email accounts.

    By Sept. 7, 2023
  • Petro-Canada has more than 1,500 retail locations across the nation of Canada.
    Image attribution tooltip
    Courtesy of Suncor
    Image attribution tooltip

    Suncor CEO says company mostly recovered from June cyberattack

    The incident was serious and not worth repeating, President and CEO Rich Kruger said. "I’d rather have a root canal than go through one of these attacks again.”

    By Aug. 17, 2023
  • Wooden brown gavel on the table
    Image attribution tooltip
    Zolnierek via Getty Images
    Image attribution tooltip

    TIAA hit with class-action lawsuit over MOVEit data breach

    The suit claims the teachers’ retirement fund did not properly handle sensitive information compromised in the far-reaching cyberattack.

    By Anna Merod • Aug. 14, 2023
  • CrowdStrike booth at RSA Conference in San Francisco.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    Threat actors abuse valid accounts using manual tactics, CrowdStrike says

    The research underscores the outsized role and prevalence of legitimate credentials as an entry point for cyberattacks.

    By Aug. 8, 2023
  • A large hallway with supercomputers inside a server room data center.
    Image attribution tooltip
    luza studios via Getty Images
    Image attribution tooltip

    Poor access management besets most cloud compromises, Google says

    The prevalence of systems with weak access controls underscores a chronic security problem for organizations storing data in the cloud.

    By Aug. 3, 2023
  • The exterior of the Department Health and Human Services headquarters.
    Image attribution tooltip
    Alex Wong via Getty Images
    Image attribution tooltip

    MoveIT breach exposes data of 612K Medicare beneficiaries, CMS says

    The data was compromised as part of a breach at third-party provider Maximus. The government contractor said the data of as many as 11 million individuals was affected in the incident.

    By Rebecca Pifer • July 31, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    Valid account credentials are behind most cyber intrusions, CISA finds

    The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.

    By July 28, 2023
  • A picture of a doctor's chest with a stethoscope around the neck.
    Image attribution tooltip
    Joe Raedle/Getty Images via Getty Images
    Image attribution tooltip

    Average cost of healthcare data breach reaches $11M, report finds

    The sector continues to be the most expensive industry for data breaches, with costs increasing 53% since 2020.

    By Emily Olsen • July 25, 2023
  • Money moving through cyberspace.
    Image attribution tooltip
    Viorika via Getty Images
    Image attribution tooltip

    Investigations are causing data breach costs to skyrocket, IBM finds

    Organizations are under mounting pressure to conduct more thorough investigations as the complexity of data breaches grow.

    By July 24, 2023
  • Activision
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft attackers may have data access beyond Outlook, researchers warn

    Microsoft is pushing back on claims by Wiz that compromised private encryption keys may have exposed SharePoint, Teams and OneDrive data to an APT actor.

    By July 21, 2023
  • Estee Lauder Lipsticks on display.
    Image attribution tooltip
    Mike Coppola/Getty Images via Getty Images
    Image attribution tooltip

    Estée Lauder takes down some systems following cyberattack

    ALPHV, the ransomware threat actor taking credit for the attack, threatened to reveal more information about the data it claims to have stolen.

    By July 19, 2023
  • Business man looks out of an office window
    Image attribution tooltip
    PeopleImages via Getty Images
    Image attribution tooltip

    GoTo, parent company to LastPass, names new CISO

    The change in security leadership comes months after the third-party cloud storage service GoTo shares with LastPass was breached.

    By July 19, 2023
  • A building is seen from a parking lot with a sign that reads "UKG."
    Image attribution tooltip

    Photo: Obtained by Industry Dive

    Image attribution tooltip

    UKG agrees to pay up to $6M in lawsuit tied to 2021 breach

    The payroll services provider reached an agreement to settle a class action lawsuit tied to a ransomware attack that targeted its Kronos Private Cloud service.

    By July 18, 2023
  • A logo sits illuminated outside the Microsoft pavilion on the opening day of the World Mobile Congress at the Fira Gran Via Complex on February 22, 2016 in Barcelona, Spain.
    Image attribution tooltip
    David Ramos via Getty Images
    Image attribution tooltip

    Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts

    The China-linked group, which Microsoft calls Storm-1558, has adopted new techniques after it took steps to disrupt their recent hacking activity.

    By July 17, 2023
  • 3D digital circular dynamic wave.
    Image attribution tooltip
    Vitalii Pasichnyk/Getty via Getty Images
    Image attribution tooltip
    Deep Dive

    MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims

    The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.

    By July 14, 2023
  • Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol. 3d rendering.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Johns Hopkins hit with class action suit following MOVEit data breach

    The suit alleges that the health system failed to implement safeguards to secure patients’ health information and provided insufficient details about the stolen data.

    By Sydney Halleman • July 12, 2023