Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? Who now owns that data? The cat site?

Data breaches 170

Data breaches Data collection B2B Mobile 170

Troy Hunt

OCTOBER 19, 2017

For the last 4 years, I've also run a free service called Have I Been Pwned (HIBP) which aggregates data breaches and presently contains about 4.8 million people presently subscribe to those notifications and I've had up to 3 million people visit the site in a single day after a major data breach.

Data breaches 226

Data breaches Government Backups Internet 226

Security Affairs

SEPTEMBER 3, 2019

The popular webcomic platform XKCD has suffered a data breach that exposed data of its forum users, the incident impacted 562,000 subscribers. XKCD has suffered a data breach that exposed data of its forum users. New breach: XKCD had 562k accounts breached last month. Pierluigi Paganini.

Data breaches 108

Data breaches Passwords Advertising Data collection 108

SecureWorld News

AUGUST 15, 2024

In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. Use complex, unique passwords for all accounts and consider using a password manager.

Data breaches 110

Data breaches Identity Theft Password Management Data collection 110

Identity IQ

MARCH 2, 2021

If you’re still under the impression that hacking is restricted to hoodie-wearing individuals in darkened rooms, then you might be vastly underestimating the scale the data breach problem. . Last year alone more than 300 million consumers were impacted by data breaches, according to the Identity Theft Resource Center.

Data breaches 98

Data breaches Identity Theft Cybercrime Data collection 98

SecureWorld News

APRIL 29, 2024

Kaiser Permanente, one of the largest not-for-profit providers of health care and coverage in the United States, is dealing with the fallout from a significant data breach that has affected more than 13 million individuals. The company revealed details of the incident in a public notification posted on April 25th.

Data breaches 114

Data breaches Healthcare Identity Theft Advertising 114

The Last Watchdog

MAY 21, 2020

The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. The more information they store, the higher the risk of a data breach.

Advertising 290

Advertising Internet Internet Accountability 290

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile 313

Mobile Wireless Advertising Accountability 313

Security Affairs

JANUARY 16, 2025

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 The law firm pointed out that it has no evidence the exposed data has been misused.

Data breaches 78

Data breaches Identity Theft Consumer Protection Data collection 78

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

Security Affairs

AUGUST 28, 2021

vpnMentor’s researchers reported that the Chinese mobile gaming company EskyFun suffered a data breach, over 1 million gamers impacted. . vpnMentor’s researchers discovered that the Chinese mobile gaming company EskyFun suffered a data breach, information of over 1 million gamers were exposed on an unsecured server. .

Data breaches 133

Data breaches Mobile Data collection Hacking 133

eSecurity Planet

AUGUST 20, 2024

A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks. Who Is Behind the NPD Breach? With an estimated 2.9

Identity Theft 130

Identity Theft Data breaches Passwords Encryption 130

Adam Levin

DECEMBER 3, 2018

The data is thought to have originated from Data&Leads, Inc. A cached version of the company’s website shows that it promised “access to our massive in-house data collection, as well as one of the largest data supplier networks of any data or lead company.”. The takeaway?

Identity Theft 194

Identity Theft Data collection Engineering Passwords 194

Hot for Security

MARCH 17, 2021

Fact: Zynga, the California-based social game developer, suffered a major data breach in 2019 when a malicious actor stole 218 million records belonging to “Words With Friends” players. If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already.

Data breaches 105

Data breaches Passwords Accountability Media 105

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 127

Data breaches Banking Hacking Malware 127

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. banks are stiffing account takeover victims. A single bitcoin is trading at around $45,000. Elizabeth Warren (D-Mass.)

Cryptocurrency 290

Cryptocurrency Cybercrime Computers and Electronics Scams 290

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering 144

Social Engineering Media Data collection Passwords 144

Malwarebytes

JULY 29, 2024

At Malwarebytes, we reported how a team of researchers at Mozilla who reviewed the privacy and data collection policies of various product categories for several years now, named “Privacy Not Included,” found cars to be the worst product category they ever reviewed for privacy.

Insurance 113

Insurance Data collection Data breaches Manufacturing 113

Centraleyes

NOVEMBER 9, 2024

The Delaware Personal Data Privacy Act (DPDPA) is a state law created to protect the privacy of Delaware residents by regulating the collection, use, storage, and sharing of personal data by businesses. These protections extend to sensitive data such as health, financial, and biometric information.

Data privacy 52

Data privacy Data collection Risk Accountability 52

Malwarebytes

APRIL 10, 2024

Why data matters I can’t tell you how many times I’ve read that “data is the new oil” without reading any explanations as to why people should care. Creating a social media account requires handing over your full name and birthdate. Where the risk truly lies, however, is in fraudulent account access.

Data breaches 96

Data breaches Passwords Banking Malware 96

SC Magazine

JULY 13, 2021

Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses. A Guess retail store. N509FZ, CC BY-SA 4.0 link] , via Wikimedia Commons).

Retail 102

Retail Ransomware Hacking Digital transformation 102

The Last Watchdog

MARCH 14, 2019

The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. But they did so without taking into account the hockey-stick rise in reliance on third-party suppliers. When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management.

Cyber Risk 165

Cyber Risk Risk Digital transformation Accountability 165

Security Affairs

JULY 1, 2021

While not highly sensitive, the data could still be used by threat actors to stage attacks against US business owners who the threat actors might see as being more affluent and potentially vulnerable to phishing and ransomware attacks. Our teams have investigated a set of alleged LinkedIn data that has been posted for sale.

Data breaches 104

Data breaches Social Engineering Data collection Media 104

Security Affairs

MAY 12, 2021

Businesses must ensure that these entities understand and respect the consumers’ data rights and do not use the data in any manner inconsistent with the purpose for which it was originally collected. Data breaches and other threats. The culprit gained access to sensitive data of 11.9 Privacy Violations.

Data collection 109

Data collection Data breaches VPN Risk 109

IT Security Guru

AUGUST 7, 2024

Progressive Profiling : Progressive Profiling, or the gradual collection of customer information over time, allows insurance entities to develop comprehensive profiles without overwhelming the customer with long forms, while also respecting customer privacy preferences.

Insurance 124

Insurance Data collection Authentication Technology 124

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams 111

Scams Hacking Data collection Advertising 111

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived.

Data breaches 79

Data breaches Data collection Ransomware Hacking 79

BH Consulting

MARCH 26, 2025

It introduces accountability measures for large platforms, and strengthens users’ rights. The Data Act enhances access to and use of non-personal data across sectors. The Digital Services Act regulates online services to enhance digital trust. Incident Response Plan: Establish crisis management strategies.

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware 228

Spyware Mobile Advertising Software 228

SC Magazine

MARCH 10, 2021

Kottmann also reportedly even posted some of the videos on Twitter, which later deleted the hacker’s account and their offending tweets. The one that scares me the most is that with this data and its analysis, adversaries could perpetuate not only cybercrimes, but also physical crimes like looting or kidnapping.”.

Surveillance 129

Surveillance IoT Accountability Passwords 129

Centraleyes

DECEMBER 11, 2024

Governance and Accountability: Organizations must establish governance structures, including appointing a Chief Information Security Officer (CISO) or equivalent roles, to oversee cybersecurity initiatives. Reputational Damage: Customers may lose trust in an organization that experiences a data breach or system compromise.

Risk 52

Risk Cybersecurity Penetration Testing Digital transformation 52

SecureList

OCTOBER 13, 2023

This article delves deep into the settings and privacy policies of LLM-based chatbots to find out how they collect and store conversation histories, and how office workers who use them can protect or compromise company and customer data. The user creates an account and gains access to the bot. Account hacking.

Accountability 138

Accountability B2B Risk Hacking 138

eSecurity Planet

SEPTEMBER 21, 2024

Health Insurance Portability & Accountability Act (HIPAA) The Health Insurance Portability and Accountability Act (HIPAA) sets standards for protecting sensitive health information, particularly electronic health records (EHRs). HIPAA also requires organizations to conduct regular risk assessments and report data breaches.

Cybersecurity 120

Cybersecurity Computers and Electronics Cyber threats Healthcare 120

Centraleyes

NOVEMBER 7, 2024

to ensure that organizations handle data ethically and transparently. The OCPA focuses on empowering consumers with rights over their personal data, enhancing data protection practices, and fostering accountability. Data Security Obligations: Standards for implementing security measures to protect personal information.

Data collection 52

Data collection Data breaches Data privacy Risk 52

eSecurity Planet

OCTOBER 11, 2022

In the ever-evolving fight against data loss , data breaches, and data theft in the 21st century, organizations worldwide have turned to a number of cybersecurity solutions, services, and software in an attempt to keep their data safe and secure from threats. Why Use Behavioral Analytics in Cybersecurity?

Advertising 125

Advertising Cybersecurity DDOS Data breaches 125

Identity IQ

JANUARY 17, 2023

These are generally not considered privacy data, but when coupled with an element like your identity document, it becomes private. Other types of data that you should consider private include: Your bank account number and card details. Login information for online accounts you have. Why Is Data Privacy Important?

Data privacy 98

Data privacy Identity Theft Accountability Banking 98

SecureWorld News

APRIL 30, 2023

One of the most important responsibilities of security professionals is to avoid data breaches. At the same time, the IBM report reveals that it takes an average of 277 days to detect and contain a data breach. DCAP systems are designed to automatically identify and solve problems related to the storage and use of data.

Technology 98

Technology Unstructured Data Data breaches Information Security 98