Troy Hunt

SEPTEMBER 27, 2024

As it relates to the UK GDPR, there are two essential concepts to understand, and they're the first two bulleted items in their personal data breaches guide : The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority.

Data breaches 320

Data breaches Risk Passwords Government 320

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. A notice of breach posted by the California State Controller’s Office. Source: sco.ca.gov. .

Phishing 341

Phishing Data breaches Accountability Technology 341

SecureWorld News

FEBRUARY 6, 2025

Grubhub recently confirmed a data breach stemming from a third-party vendor, exposing the ongoing risks associated with supply chain security. Grubhub detected unusual activity within its environment, later traced to an account associated with a third-party service provider used for customer support. What happened?

Data breaches 94

Data breaches Accountability Social Engineering Passwords 94

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 109

Healthcare Data breaches Passwords Identity Theft 109

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. APIs are essentially instructions that allow applications to access data and interact with web databases. .” Image: customink.com In a filing today with the U.S.

Mobile 343

Mobile Accountability Data breaches Identity Theft 343

Krebs on Security

APRIL 17, 2019

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. And yet, here I am again writing the second story this week about a possibly serious security breach at an Indian company that provides IT support and outsourcing for a ridiculous number of major U.S.

Data breaches 279

Data breaches Phishing Retail Antivirus 279

Malwarebytes

FEBRUARY 25, 2025

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. Given the field that DISA is active in, that information could interest cybercriminals for use as background information for targeted phishing attempts or extortion. Check the vendors advice.

Data breaches 88

Data breaches Passwords Phishing Password Management 88

Malwarebytes

FEBRUARY 14, 2025

Over the years Zacks has suffered a few data breaches. In 2023, data allegedly belonging to Zacks containing 8,615,098 records was leaked online. The most recent data in this database is from May 2020. This would be the 2nd (hacked back in 2020) major data breach for Zacks. Check the vendors advice.

Accountability 76

Accountability Data breaches Passwords Phishing 76

Hacker's King

DECEMBER 28, 2024

Data breaches and account hacks are a growing concern for users, especially with the personal and professional information shared on the platform. If youre worried about your Instagram account being hacked , it's essential to take proactive steps to protect your data.

Data breaches 52

Data breaches Hacking Passwords Accountability 52

Malwarebytes

APRIL 8, 2025

By purchasing prominent Google Ads, they are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even one-time passcodes (OTPs) the keys to someone’s financial data needed for tax compliance. Malicious QuickBooks domains quicckboocks-accounting[.]com

Phishing 71

Phishing Scams Accountability Passwords 71

Malwarebytes

JUNE 1, 2024

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week : Ticketmaster has suffered a data breach. The third party it refers to is likely Snowflake, a cloud company used by thousands of companies to store, manage, and analyze large volumes of data. It didn’t mention which customers.

Data breaches 144

Data breaches Passwords Phishing Password Management 144

Malwarebytes

NOVEMBER 4, 2024

In a data breach notification filed by the Attorney General for the state of Maine, the cybersecurity incident that affected Columbus, Ohio impacted half a million people. Because of the data breach notification from Maine’s Attorney General, that number now has a little more clarity. Check the vendor’s advice.

Data breaches 104

Data breaches Passwords Ransomware Phishing 104

The Last Watchdog

AUGUST 19, 2021

Could be phished credentials. It’s too early to assess compliance to data loss regulations. Often inadvertent data breaches stem from a well-meaning employee trying to meet the needs of clients but without the technical systems to facilitate. Compromising that could make other unrelated accounts vulnerable.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Malwarebytes

MAY 10, 2024

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. So, this is another big data breach that leaves us with more questions than answers. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches 141

Data breaches Passwords Phishing Big data 141

The Last Watchdog

MARCH 19, 2025

Holistic Identity: The New Cyber Battleground Organizations have traditionally focused on securing individual account credentials, but SpyClouds research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. Consumer exposure averages 27 unique emails and 227 credential pairs per user.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

Malwarebytes

MARCH 25, 2025

There are no changes to the way the company stores, manages, or protects customer data. In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. Select View. Watch out for fake vendors.

Passwords 112

Passwords Accountability Data breaches Phishing 112

Adam Levin

JULY 10, 2020

2020 is on the path to becoming a record-breaking year for data breaches and compromised personal data. billion records have already been exposed, and that’s only accounting for the first quarter of 2020. The post 2020 Likely To Break Records for Breaches appeared first on Adam Levin. MGM Resorts (10.6

Data breaches 252

Data breaches Social Engineering Antivirus Scams 252

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 141

Data breaches Social Engineering Engineering Authentication 141

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 339

Hacking Phishing Cybercrime Passwords 339

Security Affairs

OCTOBER 23, 2023

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The incident was discovered on May 24, but further investigation revealed that threat actors have had access to the compromised email accounts at least since March 2023.

Data breaches 135

Data breaches Identity Theft Accountability Scams 135

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. TARGETED PHISHING. customers this month. Take a deep breath.

Passwords 363

Passwords Password Management Phishing Scams 363

Malwarebytes

MARCH 19, 2025

Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers’ personal information. The data breach notification states that the breach occurred on April 20, 2024 and CCB discovered it on October 4, 2024. 2FA that relies on a FIDO2 device cant be phished.

Banking 84

Banking Data breaches Computers and Electronics Passwords 84

Malwarebytes

JULY 19, 2024

The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims). Because both of these breaches were announced/updated in the second quarter of 2024 they have a huge impact on the numbers. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches 123

Data breaches Passwords Identity Theft Phishing 123

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. When a user registers with a service, a unique passkey linked to their account is generated and stored securely on their device.

Phishing 62

Phishing Passwords Password Management Authentication 62

Adam Levin

MARCH 23, 2020

Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. Beware of Phishing Links: Phishing scams are on the rise. Confirm requests for data or personal information with a quick phone call to protect against spear phishing.

Manufacturing 245

Manufacturing Passwords Phishing Accountability 245

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. The impact of these exposures is evident: nearly a quarter of data breaches resulted from compromised identity data.

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

Malwarebytes

OCTOBER 8, 2024

Money transfer company MoneyGram has notified its customers of a data breach in which it says certain customers had their personal information taken between September 20 and 22, 2024. Protecting yourself after a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

Data breaches 112

Data breaches Passwords Identity Theft Phishing 112

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. 2, and Aug.

Mobile 344

Mobile Phishing Authentication Accountability 344

Malwarebytes

JUNE 14, 2024

The online handle of the seller immediately raised the suspicion that this was yet another Snowflake related data breach. Post by Sp1d3r on breach forum The post also mentions Suntrust bank because Truist Bank arose after SunTrust Banks and BB&T (Branch Banking and Trust Company) merged in December 2019. Take your time.

Data breaches 105

Data breaches Banking Passwords Phishing 105

Malwarebytes

AUGUST 27, 2024

The Texas Dow Employees Credit Union (TDECU) has filed a data breach notification , reporting that the data of 500,474 people has been accessed in an external system breach. Protecting yourself after a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

Data breaches 110

Data breaches Passwords Phishing Password Management 110

Malwarebytes

APRIL 2, 2024

million current customers, and the leaked data is “from 2019 or earlier” Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. We are reaching out to all 7.6M

Data breaches 145

Data breaches Passwords Phishing Accountability 145

Malwarebytes

MARCH 5, 2024

In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered the breach. The account information of some card holders may have fallen into the wrong hands. The accessed information includes account numbers, names, and card expiration dates. Take your time.

Data breaches 121

Data breaches Accountability Passwords Identity Theft 121

Security Affairs

JUNE 17, 2024

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. The LA County’s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024.

Data breaches 105

Data breaches Phishing Insurance Accountability 105

Malwarebytes

JULY 12, 2024

Back in March, AT&T confirmed that 73 million people had been affected in a breach that people had been speculating about for some time. Protecting yourself after a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach. Watch out for fake vendors.

Data breaches 143

Data breaches Passwords Phishing Password Management 143

Malwarebytes

NOVEMBER 7, 2023

After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. To gain access to that service account, the attacker compromised an Okta employee. 2FA that relies on a FIDO2 device can’t be phished.

Accountability 134

Accountability Passwords Data breaches Phishing 134

Krebs on Security

AUGUST 25, 2023

And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.

Mobile 236

Mobile Cyber Risk Data breaches Cryptocurrency 236

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 333

Accountability Cryptocurrency Passwords DNS 333