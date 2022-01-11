ContributorsPublishersAdvertisers
Economy

2021 Data Breach Investigations Report

Computerworld
 4 days ago

This year, we have updated the DBIR patterns (now seven in number) using machine-learning clustering. This resulted in...

www.computerworld.com

bleepingcomputer.com

Goodwill discloses data breach on its ShopGoodwill platform

American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform. ShopGoodwill's Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability. Smith...
infosecurity-magazine.com

Why Is Data Destruction the Best Way to Impede Data Breach Risks?

Improper selection of vendors and ignoring reliable and certified data destruction can turn out to be disastrous, as was in the case of Morgan Stanley Bank, which was fined $60m for the lapse. A statement made by the United States Department of Treasury’s Office of the Controller of the Currency on data breach by US banking giant in 2020 sums up why secure data destruction is crucial:
Seeking Alpha

Oscar Health discloses data breach

Oscar Health (OSCR -0.3%) said Oscar Health Plan of California recently discovered an incident involving personal information of a subset of its members. The company said that between Oct. 28, 2021 and Nov. 16, 2021 a mailing intended for some of its members from Oscar may have been misrouted to another Oscar member in error due to a vendor printing issue.
Phone Arena

After multiple data breaches, the FCC proposes new data breach rules for carriers

The FCC proposed a new set of rules for carriers to follow in the event of a data breach (via The Verge). The FCC proposed eliminating the current seven-day waiting time for customers to be notified of a data breach and mandating that carriers begin notifying their customers even if an inadvertent data breach occurs. Furthermore, the FCC also proposed that carriers inform the Commission of all reportable data breaches.
martechseries.com

Identity Theft Resource Center to Release 16th Annual Data Breach Report at Policy Forum During Data Privacy Week 2022

The release of the Annual Data Breach Report supports the Data Privacy Week 2022 initiative to educate businesses on data collection best practices that respect data privacy and promote transparency. The Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, announced its...
telecompetitor.com

FCC Proposes Data Breach Notification Requirements

The FCC today published a Notice of Proposed Rulemaking (NPRM) designed to start the process of strengthening the agency’s requirements for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The agency pointed out that the increasing frequency and severity of security breaches involving...
Healthcare IT News

EHR vendor hit with lawsuit following data breach

An electronic health record vendor was sued this past week after a cyberattack led to the exposure of the data of 319,778 people. In October, the Tennessee-based QRS, which provides EHR and practice-management software, began notifying individuals of the incident. "QRS failed to reasonably secure, monitor, and maintain the protected...
latesthackingnews.com

UScellular Discloses Data Breach Following A Cyber Attack

The communication giant has recently reported a data breach incident to the Attorney General. As revealed, UScellular suffered a data breach after experiencing a hacking attack on its billing systems towards the end of 2021. UScellular Data Breach. According to the details shared in the breach notification letter, UScellular suffered...
infosecurity-magazine.com

FlexBooker Reveals Major Customer Data Breach

An online booking software provider has released details of a cloud breach over the festive period, resulting in the theft of millions of customers’ personal details. FlexBooker offers appointment scheduling software for organizations in healthcare, finance and other sectors to accept bookings on their website. However, late last week,...
dataversity.net

Preventing Data Breaches with Continuous Security Validation

Data breaches in the U.S. are on the rise, with millions of individuals impacted: According to the Identity Theft Resource Center, the number of data breaches from January to September 2021 (1,291) exceeded the number of attacks during all of 2020 (1,108). It’s possible that number is even higher because...
securityboulevard.com

Leveraging Least Privilege in Data Breach Management

Looking back over the past 6 years, and being focused primarily on cloud security with organizations of all sizes and complexity, it is not a stretch to say that most are doing it wrong. One of the biggest problems companies face regarding security is excessive privileges, yet most do not focus enough on this; which is to their own detriment. For example, in AWS, there are over 10,000 different IAM actions. These permissions include read, write, and management actions. With all this complexity and lack of focus on cloud identities as a fundamental part of a modern security program, I see time and time again huge risks in people’s clouds due to over-permissioned cloud Identities. All a bad actor would need is to leverage one of these overly permissive identities and it is game over. That being said, don’t worry there is hope.With the right focus and approach, you can discover and manage the Identity risk in your cloud.
scmagazine.com

Three ways to simplify the data breach notification process

Data breaches are not going anywhere. Proactive strategies are absolutely necessary, yet are a hefty investment in time and money. Thankfully, there are three easy steps security teams can take to prepare for the inevitable and stay accountable to the organization’s top stakeholders. The SolarWinds and Microsoft Exchange server...
ZDNet

Illinois fertility clinic and online pharmacy giant Ravkoo report data breaches

Online pharmacy company Ravkoo and Fertility Centers of Illinois (FCI) have both informed thousands of current and former patients of data breaches involving troves of their sensitive information. The HIPAA Journal said 79,943 current and former patients were sent breach notification letters informing them that passport numbers, Social Security numbers,...
healthitsecurity.com

Business Associate Data Breach Impacts 32 Healthcare Organizations

An unauthorized third party accessed one Ciox employee’s email account between June 24 and July 2, 2021, a notice on the company’s website explained. The individual may have downloaded emails and attachments from the account. On September 24, Ciox determined that the emails and attachments contained patient information...
infosecurity-magazine.com

Morgan Stanley Agrees to Data Breach Settlement

American multinational investment bank and financial services company Morgan Stanley has agreed to pay $60m to settle a legal claim over data security. A class-action lawsuit was filed against the company in July 2020 over two security breaches that compromised the personal data of approximately 15 million of its customers.
securityboulevard.com

Broward Health: A New Data Breach, an Old Story

Just two days after we published our ‘Worst Healthcare Data Breaches of 2021” blog, reports came in on January 1st, 2022 that a Fort Lauderdale health care company was compromised by an attacker. Patient and employee personal identifiable information (PII) was exposed at Broward Health including names, addresses and even social security numbers and bank account information. The breach occurred back in October 2021, however, it’s reported that there is no sign of ‘misuse’ of this data as of now. Broward Health has taken action to strengthen their security after this incident including a company-wide password reset as well as implementing two-factor authentication – but is it enough?
inforisktoday.com

The Anatomy of a Third-Party Data Breach

Data breaches that stem from third parties, vendors, or contractors are on the rise. In fact, the increase in third-party data breaches is due to the industrialization of the cybercriminal ecosystem and innovations such as ransomware, which makes cybercrime much more profitable and easier to carry out. Our eBook covers the ins and outs of third-party data breaches including the attack methods, the most common phases, and the importance of a vendor access management platform.
bleepingcomputer.com

Have I Been Pwned warns of DatPiff data breach impacting millions

The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to...
threatpost.com

McMenamins Data Breach Affects 12 Years of Employee Info

The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident...
PUBLIC SAFETY

