All Data Breach articles
-
Premium
IBM report: Data breach costs at all-time high; AI helping detection
The global average cost of a data breach reached a new all-time high of $4.45 million in 2023, according to IBM’s annual report.
-
Premium
Growing list of MOVEit hack victims shows damage control difficulties
More than 130 organizations are believed to have been impacted by the MOVEit hack, with millions of people’s data at risk. Experts opine on the struggles businesses face in containing exposure.
-
Premium
SEC’s Grewal spotlights enforcement focus on cyber disclosures
The No. 1 priority at the Securities and Exchange Commission after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to Enforcement Division Director Gurbir Grewal.
-
News Brief
APRA pressures Medibank on cyber enhancements post-breach
The Australian Prudential and Regulation Authority will require Medibank Private to hold 250 million Australian dollars (U.S. $166 million) in extra capital until the insurer remediates identified cybersecurity weaknesses after a significant data breach.
-
Premium
NAVEX report: Driven by cyber threats, infosec compliance top of mind
Compliance teams are taking more responsibility for issues related to information security and data privacy, motivated by increasing threats posed by data breaches and cyber intrusions, according to a new survey from NAVEX.
-
Premium
Shades of SolarWinds in lessons from MOVEit hack
A ransomware attack affecting some of the U.K.’s largest corporations has highlighted once again how exposed organizations can be if the levels of cybersecurity used by their third parties are not as strong as expected.
-
Premium
Verizon report: Lion’s share of data breaches linked to organized crime
About 83 percent of data breaches are perpetrated by external bad actors and not employees, with 70 percent of those breaches linked to organized crime groups with financial motives, according to the latest research.
-
News Brief
Ex-Uber security chief avoids prison in obstruction case
The former chief security officer of Uber Technologies was sentenced to probation by a federal court judge as punishment for his involvement in covering up a 2016 data breach that affected 57 million users.
-
News Brief
SEC orders Blackbaud to pay $3M for misleading ransomware disclosures
Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.
-
News Brief
HHS reports: Compliance reviews, health data breaches up
The number of compliance reviews by the Department of Health and Human Services of health organizations increased between 2017 and 2021, according to the agency’s latest reports to Congress.
-
News Brief
Banner Health to pay $1.25M over HIPAA Security Rule lapses
Banner Health agreed to pay $1.25 million as part of a settlement with the Department of Health and Human Services addressing violations of the Health Insurance Portability and Accountability Act Security Rule regarding a 2016 data breach.
-
Premium
Cybersecurity challenges: Defense and disclosure
Experts share perspectives regarding the criticality of cybersecurity risks, what the response of management and boards should be, and how proposed disclosure requirements need to be incorporated into cyber-related responsibilities.
-
Premium
Study: Healthcare overtakes finance as most breached industry in 2022
Healthcare organizations were under attack more than ever by cybercriminals in 2022, overtaking finance as the most breached industry, according to the latest analysis from Kroll.
-
News Brief
Drizly data security to be monitored for 20 years under FTC order
Online alcohol retailer Drizly and its chief executive officer agreed to data security requirements and to be assessed by an independent monitor for up to 20 years as part of a final settlement with the Federal Trade Commission over a data breach that impacted 2.5 million consumers.
-
Article
Irish DPC probing Twitter over breach affecting 5.4M users
The Irish Data Protection Commission is investigating whether Twitter violated the European Union’s General Data Protection Regulation regarding a data breach alleged to have affected 5.4 million users.
-
Article
Abanca fined $3.3M for missing 2-hour breach reporting deadline
The European Central Bank fined Spanish bank Abanca €3.145 million (U.S. $3.3 million) after it “knowingly failed” to report a major cyber breach within the prescribed two-hour time limit.
-
Article
DOJ official addresses liability concerns stemming from Uber CSO case
Principal Associate Deputy Attorney General Marshall Miller called the conviction of a former Uber Technologies chief security officer on obstruction charges an “outlier” that should not discourage compliance officers from self-reporting violations.
-
Article
Australia privacy law proposal sets steep penalty mark for breaches
The Australian government is weighing stringent new privacy reforms that would establish among the steepest penalty regimes in the world—up to AUD$50 million (U.S. $33.5 million)—for serious or repeated breaches.
-
Article
SolarWinds under SEC probe for handling of 2020 cyberattack
SolarWinds revealed the Securities and Exchange Commission is examining cybersecurity disclosures and public statements the company and its executives made after its massive 2020 data breach caused by hackers backed by the Russian government.
-
Article
FTC places restrictions on CEO in Drizly enforcement proposal
The Federal Trade Commission announced a tentative settlement with online alcohol delivery platform Drizly and its chief executive officer regarding a data breach affecting 2.5 million consumers and the alleged lax security that allowed it to happen.