Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
Struggling European electronics giant Dixons Carphone says its investigation into a 2017 data breach has found that 10 million customers' personal details - up from its previous estimate of 1.2 million - were compromised. It previously reported that 5.9 million payment cards were also compromised.
Under the EU's General Data Protection Regulation, within 72 hours of an organization learning about the data breach, it must report the breach to relevant authorities or face fines. The U.K.'s data privacy watchdog says it's already seen the volume of self-reported breaches quadruple.
Singapore's largest healthcare group has suffered a hack attack that exposed 1.5 million residents' personal details. But authorities say the "deliberate, targeted and well-planned attack" appears to have been principally designed to steal medical information pertaining to the country's prime minister.
Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server. Some security experts say Trump's response was nonsense and flies in the face of good digital forensics and incident response practice.
Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.
The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.
Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.
The U.K. has approved a plan to build a cutting-edge court complex in London designed to handle cybercrime, fraud and economic crime. The facility is expected to be a growth driver for the country's legal industry, despite the U.K.'s pending withdrawal from the European Union.
Companies are sending notification emails about a data breach at Typeform, a software-as-a-service platform for distributing and managing surveys, questionnaires and competitions. The breach is so far known to affect Travelodge, Fortnum & Mason, Monzo bank and the Tasmanian Electoral Commission.
As organizations move more data into the cloud, too many are treating security as an afterthought, says Outpost24's Bob Egner. Instead, as part of an agile development program, he recommends making penetration testing a constant, and using solid DevSecOps to maintain optimal cloud data security.
An Equifax software engineer has settled an insider trading charge with the U.S. Securities and Exchange Commission after he allegedly earned $77,000 after he made a securities transaction based on his suspicion that the credit bureau had suffered a data breach.
Helping victims know their passwords have been exposed in a data breach is half the battle in the fight to improve password security. To help, Mozilla and 1Password are integrating into their products a feature from the popular "Have I Been Pwned" breach notification service.
In today's business community, data breaches are an epidemic. They infect organizations of all sizes, in every nook and cranny of the world.
Globally, cyber-crime damages are expected to double by 2021, totaling $6 trillion.
The perpetrators of these attacks are generally after individuals' personal data such as...
Human resources software developer PageUp says it doesn't appear that personal data exposed in a malware attack was actually removed from its systems. But it has also found authentication error logs that recorded incorrect login attempts from before 2007.