Breaches: Page 8
-
NicholasBPhotography via Getty Images
Minnesota Department of Education exposed in MOVEit data breach
The departments discovered on May 31 that 24 of its files on the MOVEit server had been accessed by an outside entity, including 95,000 student names in foster care across the state.
By Anna Merod • June 14, 2023 -
Mariakray via Getty Images
Ahead of summer holiday weekends, IT security leaders brace for deliberate cyber mischief
Recent history shows holiday weekends and vacations provide an attack surface bonanza for threat actors.
By David Jones • May 26, 2023 -
Chainarong Prasertthai via Getty Images
CISA updates ransomware guide 3 years after its debut
The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.
By David Jones • May 24, 2023 -
Courtesy of Taco Bell
Yum Brands faces class action suits from employees after ransomware attack
The Taco Bell and KFC operator is facing litigation after some personal data of company employees was stolen in the attack.
By David Jones • May 16, 2023 -
Ian Tuttle / Stringer via Getty Images
Western Digital cyberattack not expected to have material impact on future earnings
The company is coordinating with law enforcement while it continues a forensic investigation.
By David Jones • May 15, 2023 -
Danai Jetawattana via Getty Images
Dragos says it thwarted extortion bid by known ransomware threat group
The hackers accessed limited information by impersonating a new employee, and the cybersecurity firm warns some stolen data may be leaked.
By David Jones • May 11, 2023 -
Ian Tuttle via Getty Images
Western Digital confirms customer data accessed by hackers in attack
The company has begun notifying customers about stolen data and expects to restore its online store next week.
By David Jones • May 8, 2023 -
LeoPatrizi via Getty Images
Google, Dashlane separately move to eliminate passwords
In unrelated moves, the companies highlighted a growing effort to phase out dependence on passwords amid a rise in phishing attacks.
By David Jones • May 4, 2023 -
Gegham Qalajyan via Getty Images
3CX threat actor named as company focuses on security upgrades, customer retention
Mandiant attributed the supply chain attack to a North Korea-linked adversary that targeted systems using Windows-based malware.
By David Jones • April 12, 2023 -
Ian Tuttle via Getty Images
Western Digital restores local access to My Cloud Home customers following security breach
The data storage company has provided limited updates to customers after disclosing the initial incident.
By David Jones • April 11, 2023 -
Chung Sung-Jun via Getty Images
Samsung employees leaked corporate data in ChatGPT: report
Data privacy is a concern for companies with employees using ChatGPT’s web-based interface, as input data is used to train and improve the tool.
By Lindsey Wilkinson • April 10, 2023 -
PeopleImages via Getty Images
Broad MFA, rapid patching a must to stop cyberattacks, Marsh McLennan finds
A study says organizations need to implement automated hardening techniques to protect systems against future data breaches.
By David Jones • April 6, 2023 -
ridvan_celik via Getty Images
IT security leaders still told to keep data breaches quiet, study finds
Bitdefender research found 7 in 10 IT and security professionals in the U.S. have been asked to keep a breach confidential.
By David Jones • April 6, 2023 -
gorodenkoff via Getty Images
3CX retains Mandiant to investigate supply chain attack with global reach
Google has invalidated the 3CX software security certificate, and Microsoft software installer files can no longer be downloaded via Chrome. A new installer and certificate are in development.
By David Jones • March 31, 2023 -
WhataWin/Getty Images via Getty Images
CISA summons outside tips to alert victims of early-stage ransomware
Post-breach notifications might seem too late for victim organizations, but swift action can prevent ransomware and data exfiltration.
By Matt Kapko • March 27, 2023 -
Retrieved from Wawa website.
Wawa to pay up to $28.5M in data breach settlement
The chain’s latest payout will go to the financial institutions involved in the 2019 incident, continuing a series of payments it has made to customers and states over the past year.
By Brett Dworski • March 16, 2023 -
Chip Somodevilla via Getty Images
Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation
The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack.
By David Jones • March 10, 2023 -
Illustration: Yann Bastard for Industry Dive
Deep DiveHacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge
Healthcare companies must harden their defenses, but it may require regulators and lawmakers to raise the bar on security standards, experts say.
By Jasmine Ye Han • March 10, 2023 -
sdecoret via Getty Images
Worried about data breaches? Blame the information sector
Three in five records exposed in a data breach last year came from software, telecom, data processing and web hosting companies, Flashpoint found.
By Matt Kapko • March 9, 2023 -
Suebsiri via Getty Images
Insurance holding company Group 1001 says operations restored after ransomware attack
The company did not pay a ransom following a February attack that disrupted operations at several of its member companies.
By David Jones • March 7, 2023 -
Hispanolistic via Getty Images
LastPass aftermath leaves long to-do list for business customers
Organizations using the password manager are exposed after a major breach compromised credentials and, potentially, business secrets.
By Matt Kapko • March 6, 2023 -
Bim via Getty Images
LastPass breach timeline: How a monthslong cyberattack unraveled
A threat actor evaded detection for months and blended in with legitimate activity after targeting 1 of 4 engineers with access to keys to the kingdom.
By Matt Kapko • Updated March 3, 2023 -
Thinkhubstudio via Getty Images
CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access
The voluntary assessment raises concerns as the unnamed organization with a mature security program was unable to detect simulated actors moving laterally across its systems for months.
By David Jones • March 1, 2023 -
Leon Neal via Getty Images
LastPass compromise grew worse after DevOps engineer targeted for encryption key
A threat actor used data from multiple breaches and a vulnerability on a high-level employee’s home computer to steal customer passwords.
By Matt Kapko • Feb. 28, 2023 -
Leon Neal via Getty Images
Phishing takes financial bite out of more victim organizations
The majority of organizations, 84%, experienced at least one successful phishing attack in 2022, Proofpoint research found.
By Matt Kapko • Feb. 28, 2023
Previous
