Data Breaches News and Analysis
With insured losses at $90 billion, did cyber insurance firms dodge financial calamity?
The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.
Cyber experts say advice from breached IoT device company Ubiquiti falls short
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…
SolarWinds hack is the perfect foreword to new book on history’s biggest breaches
SC Media spoke to author and former CISO Neil Daswani about his upcoming new book “Big Breaches: Cybersecurity Lessons for Everyone.”
Legal recourse? Nissan balances competitive and security fallout from source code leak
News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.
CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks
The agency has found evidence of authentication token abuse in networks infected with corrupted versions of Orion software and say restoring integrity will require a full network rebuild in certain cases.
The physical breach of the Capitol building opens a cybersecurity Pandora’s box
The incident, as well as the response among those on Capitol Hill tasked with securing government technology assets, serves as a dramatic and evolving case study for public and private sector entities on the scope of the cybersecurity risk tied to a physical breach.
Fourth breach at T-Mobile puts focus on security post mergers
The poor record raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable.
Microsoft doesn’t treat its source code like a trade secret. Is that smart?
In the course of investigating the impacts of the SolarWinds breach, Microsoft security specialists discovered “unusual activity” within a number of internal accounts, including one that was used to view the company’s internal source code.
Non-profit founded by Gates Foundation suffers massive exposure of student records
An exposed AWS bucket left hundreds of thousands of student-related records exposed to the internet, but officials from the non-profit say most of the data was old and obsolete.
The 2020 SolarWinds reality check: As cleanup continues, community considers implications
What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December. And yet, experts predict years of clean up, both physical and political, and potential shifts in how the nation secures the supply chain.
Ticketmaster fined $10 million in corporate espionage scheme
Ticketmaster tried to steal both a client and design ideas from a competitor by logging into the back-end system with a former employer’s login credentials.
Kawasaki Heavy Industries, a partner of defense companies and agencies, reports breach
Of particular concern among some cybersecurity experts is the fact that the company took several months to report to the incidents, which stemmed from unauthorized access to servers from overseas offices.
Can SolarWinds survive? For breached companies it’s a long, painful road to restoring trust
Communicating with the public, working with stakeholders and convincing insurers that root security failures have been addressed are all part of how companies come back from a bad breaches. But it still may not be enough.
Breach alerts dismissed as junk? New guide for sending vital emails may help
The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don’t get ignored, bounced or quarantined.
‘Very, very large’ telecom organization and Fortune 500 company breached in SolarWinds hack
Noteworthy is the combination of the targets, which adds up to what one researcher described as attacks against the backbone of the nation’s critical infrastructure.
As Microsoft confirms breach from SolarWinds hack, President Brad Smith argues for federal policy changes
Smith suggested a three-point plan he believed would prevent further supply chain attacks: Increasing intelligence sharing between government and the private sector, developing stronger international norms for acceptable behavior in cyberespionage, and finding harsher ways to hold governments accountable.
In wake of SolarWinds hack, here are the critical responses required of all businesses
SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine what was breached, mitigate the damage before using the software again, and explore new supply chain safeguards.
Spotify notifies customers of breach, files under CCPA
The vulnerability may have inadvertently exposed Spotify account registration information, which potentially included email addresses, preferred display names, passwords, genders and dates of birth.
Employees 85% more likely to leak files today vs pre-COVID
The vast majority of that 85 percent are malicious insiders and the rest are caused by employee carelessness.
Pfizer-BioNTech data stolen in cyberattack on European Medicines Agency
The European Medicines Agency reported Wednesday that it was the focus of a cyberattack involving some of the data around the first COVID-19 vaccine that’s being distributed in Europe. In a brief statement yesterday, the EMA – which assesses medicines and vaccines for the European Union – only said it was the subject of a…