The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But how many of these email notifications will go ignored, bounced or quarantined? Bulk emails sent en masse to recipients can easily appear suspicious, but they may actually be legally
Tag: breach
Vastaamo breach: Is blackmailing individual customers the next extortion trend?
An office assistant searches for a patient’s misplaced medical file at a family clinic amid a transition to an electronic health records system. Handling of patient data remains under a microscope after the digital extortion attack disclosed by a Finnish psychotherapy center. (Photo by John Moore/Getty Images) The data breach and
Finnish psychotherapy center fires CEO for suppressing breach details
Finnish psychotherapy center Vastaamo, which was blackmailed after experiencing a ransomware data breach, fired its CEO Ville Tapio for holding back information on the hack for close to 18 months. Based on investigations into the incident, it seems probable that the data breach that led to the theft of the customer
Shopify breach: Help center employees are a unique breed of insider threat
Shopify’s Toronto office. (Raysonho @ Open Grid Scheduler / Grid Engine) A data breach at Shopify perpetrated by two “rogue employees” who worked on the e-commerce platform’s support team illustrates how certain roles within an organization may require more stringent monitoring. Based on Shopify’s online support page, the “support team” appears to refer
SANS Institute breach proves anyone can fall victim to a ‘consent phishing’ scam
Emerging Products: Breach and attack simulation technologies
SC Labs tested seven breach and attack simulation products for August that will sharpen up your security assessments. (Source: Erikona, Getty Images) Manual security testing can’t keep pace with the threat landscape. Penetration testing takes time and it’s costly and labor-intensive. It’s also fully dependent on the expertise of the penetration
MongoDB hacker threatens to report breach to GDPR
A hacker that uploaded ransom notes on nearly 23,000 MongoDB databases left exposed online without passwords has given his potential victims until tomorrow to pay a $140 ransom, or possibly report the breach to local GDPR authorities. According to recent ZDNet story, the hacker used an automated script to scan for
Indian airline SpiceJet confirms breach of 1.2 million passenger details
SpiceJet, one of India’s largest privately owned airlines, has confirmed a data breach involving the details of over a million of its passengers. The security researcher, who described their actions as “ethical hacking” but whom we are not naming as they likely ran afoul of U.S. computer hacking laws, gained access
Mitsubishi Electric discloses June 2019 breach; Tick hacking group reportedly blamed
Japanese manufacturer Mitsubishi Electric has acknowledged its discovery last June of a data breach perpetrated by an unauthorized third party that accessed both personal employee information and corporate materials. The public disclosure came amid multiple English and Japanese news sources publishing details on the incident [1, 2, 3, 4, 5], which
Aussie P&N bank suffers data breach
The Australian P&N Bank reported a data breach that exposed detailed and sensitive financial information on an unspecified number of customers. Access was gained on December 12 to the bank’s customer relationship management system, which is operated by a third-party hosting firm, was undergoing an upgrade. Details on how it was accessed were not revealed, but