Data Breach

Data Breach news, analysis, research, how-to, opinion, and video.

panera bread

Panera Bread blew off breach report for 8 months, leaked millions of customer records

As many as 37 million customer records were exposed thanks to a security vulnerability that Panera Bread chose to ignore for eight months.

a hooded figure targets a coding vulnerability

Saks, Lord & Taylor hacked; 5 million payment cards compromised

Hackers managed to lurk on the network of Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor for nearly a year and steal the payment card data of 5 million customers.

fragile binary cyberattack risk vulnerable

4 main reasons why SMEs and SMBs fail after a major cyberattack

The challenges SMEs and SMBs face and what to do about them.

istock 916151214

Iran's need to steal intellectual property

The indictment of nine Iranians by the DOJ is one in a long string of incursions by Iran to compromise trusted insiders and steal intellectual property.

07 vote

Want to hack a voting machine? Hack the voting machine vendor first

How password reuse and third-party breaches leave voting machine vendors vulnerable to attack.

CSO slideshow - Insider Security Breaches - Two-faced businessman removes his mask in a binary world

What Hamilton can teach us about insider threats

By gaining visibility into user activity, organizations will be able to stem the tide of insider threat risks—and stop the next Aaron Burr in their tracks


1.4B stolen passwords are free for the taking: What we know now

The 2012 LinkedIn breach, along with other old third-party breaches, is still paying dividends for criminals, who now have free access to 1.4 billion previously exposed email addresses and passwords.

bitcoin security vault

The hidden (and not so hidden) costs of a ransomware attack

Most businesses would prefer to bury the costs associated with their response to a data security event. That's not always an option.

wan bank networking finance2

Financial enterprises look to decentralization to reduce the risk of a massive breach

Centralized repositories of consumer data at enterprises have continuously proven to be coveted targets for hackers.

10 insurance

Cyber insurance: data breach, business interruption and beyond

Every business, especially small and medium-sized companies, should have cyber liability insurance—here are the reasons why.

login password - user permissions - administrative control

Former employee visits cloud and steals company data

Shared credentials may have facilitated a former medical center employee's access to the HIPAA data stored in the cloud after his termination.

security threat - circuit board-hand knocking over a chess piece

Orbitz: Hackers likely stole credit card details of nearly 900K Orbitz users

Orbitz warned that hackers likely stole 880,000 credit card details and users' personal information between Jan. 2016 and Dec. 2017.

supply chain management logistics - ERP - Enterprise Resource Planning

8 questions to ask about your industrial control systems security

Do you have a real cybersecurity-focused ICS strategy in place, or are you force-fitting IT security policies on your industrial control systems?

abstract data stream

Avoiding security event information overload

Choose a security event information management (SEIM) vendor that helps you focus on only the security event data that needs to be investigated.

hacker hack attacke cyber malware keyboard

Maslow’s hierarchy of needs for incident response

The advent of laterally spreading malware requires the security community to progressively build out incident response to include more thorough scoping to determine the true extent of an event and threat hunting to find those threats...

intro cyber attack maps

What is a cyber attack? Recent examples show disturbing trends

From virtual bank heists to semi-open attacks from nation-states, the last couple of years has been rough on IT security. Here are some of the major cyber attacks of 2017-2018 and what we can learn from them.

7 data driven

Is your defensive security data-driven?

Data-driven defense uses an organization's own data to identify and mitigate the most important threats. Sounds good, but adoption will be met with resistance.

rules procedures guidelines process structure

SEC's new cybersecurity guidance falls short

Post Equifax, those who hoped that the US Securities and Exchange Commission would impose tougher rules (and consequences for breaking them) around reporting breaches will be disappointed.

man in shadow breach cyber attack ceo

SEC guidance on IT security: Would you report security risks before a breach?

When organizations can collaborate to prevent data breaches from happening, we can create real security rather than spread fear.

medical heart rate monitor ekg hospital

Nuance says NotPetya attack led to $92 million in lost revenue

Nuance Communications, a software company that offers speech and imaging technology to a number of markets, including healthcare and finance, said the 2017 NotPetya malware attacks caused the company to lose $92 million in revenue,...

Load More