Articles about Data Breaches

Hackers so far ahead of defenders it's not even a game

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches. The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still …
John Leyden, 26 Apr 2016
Man on bicycle talks on mobile on busy Brussels street. Photo by Alredo Cerra via Shutterstock

Europe's new privacy safeguards are finally approved, must invade EU nations by 2018

Analysis The General Data Protection Regulation (GDPR) has been ratified by the European Parliament. The final seal of approval follows successful passage through the EU Parliament's Committee on Civil Liberties, Justice and Home Affairs. Following four years of discussions and amendments, the GDPR is now officially EU law and will …
John Leyden, 14 Apr 2016

Cutting edge security: Expensive kit won't save you

We all want to protect our customer and employee data, but as the threat landscape changes and the publicly disclosed data breaches get increasingly larger, our approach may need to change. What constitutes "state of the art" information security in 2016? It’s tempting to create a listicle of 10 shiny new security tools that …
Danny Bradbury, 13 Apr 2016

Cyber-security pro? Forget GCHQ, BT wants to hire 900 of you

Former state monopoly BT is on the hunt for 900 security bods to help it meet the "surge" in customer demand for those skills, following a number of high-profile security and data breaches. The biz currently employs more than 2,500 security folk and reckons its security operations' annual revenues are growing at a double-digit …
Kat Hall, 13 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016
London - Iconic Red telephone box with Big Ben at the background and blue sky - UK, England. Photo by Shutterstock

Spear phishers target gullible Brits more than anyone else – survey

There’s been a sharp (35 per cent) increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware. The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's …
John Leyden, 12 Apr 2016
Cash register, photo via Shutterstock

Want a job in security? Lock down US military's supermarkets

The US Department of Defense is looking to form a security team to protect military commissaries from hackers. NextGov has spotted a posting from the Federal Business Opportunities site for an "incident response service" at military commissary shops. According to the job post [Word Doc], the response service contractors will …
Shaun Nichols, 08 Apr 2016

Divided FCC passes ISP privacy rules, overhauls LifeLine

The US Federal Communications Commission (FCC) has passed a pair of important new rules designed to extend broadband service in the US and protect user data. The commission's rulings came after a last-minute delay in its scheduled March 31 meeting, but ultimately ended with both proposals passing. The LifeLine rules will …
Shaun Nichols, 31 Mar 2016
Moments of perspiration

Cyberthreat: Learning to live with the risk

Cyberthreats are like the common cold or some other infectious virus; eventually you’re going to get sick. It’s a part of life. They’re always there, lurking just around the corner, waiting to make your life that little bit harder. At the same time, you can’t focus entirely on potential risks to your business at the expense of …
Danny Bradbury, 18 Mar 2016

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …
John Leyden, 09 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016
US Pentagon. Pic: DoD photo by MSgt Ken Hammond, USAF

Pentagon to Dept of Defense: Give us $580bn for cyberwar and spacewar

The Pentagon has asked for $582.7bn to bolster the US Department of Defense's (DoD) capabilities, especially when it comes to a future cyber and space war. Testifying before the House Appropriations Committee, which regulates the US Government's expenditure, the Defense Secretary Ash Carter explained why his department was …

Hackers aren't so interested in your credit card data these days. That's bad news

Healthcare and government have overtaken the retail sector as most-targeted for data breaches, according to security firm Gemalto. A total of 1,673 data breaches led to 707 million data records being compromised worldwide during 2015, according to the latest edition of Gemalto’s Breach Level Index report. Not all breaches are …
John Leyden, 23 Feb 2016
Home Secretary Theresa May introduces draft Investigatory Powers Bill to MPs. Pic credit: Parliament TV

Home Office lost its workers' completed security vetting forms

The Home Office has admitted to The Register that among its data breach incidents last year was one in which security vetting documents disappeared from within secured government premises. Through the Freedom of Information Act, The Register has learned that the Home Office – responsible for the UK's domestic counter- …

ICO says TalkTalk customers need to get themselves a lawyer

A Parliamentary inquiry into the TalkTalk security breach heard the Information Commissioner, Christopher Graham, stress that aggrieved TalkTalk customers should lawyer up. People expecting his office to sort out reparations for them should instead take their complaints directly to the telco, the hearing heard. The "TalkTalk …

Medical data experiment goes horribly wrong: 950,000 records lost

American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Centene Corp boss Michael Neidorff says the company does not know if the information has been …
Darren Pauli, 27 Jan 2016
Tom Wheeler, Chair of FCC. Image by DonkeyHotey

Privacy warriors plead with FCC to wield sword of net neutrality against snooping ISPs

The US Federal Communications Commission (FCC) has been urged to put in place stronger protections for broadband subscribers' privacy. A letter [PDF] written by a coalition of 59 activist groups from across America demands that FCC chairman Tom Wheeler fast-tracks proposed rules that would restrict the ways broadband service …
Shaun Nichols, 20 Jan 2016

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016
Cash on scales. Pic: Images Money, Flickr

ICO: You call that a sentence? Courts need power to hit data thieves harder

Blighty's data watchdog has moaned that the UK's courts needs greater powers to impose penalties on data thieves after a woman was slapped with a £1,000 for flogging 28,000 customer records for £5,000. Sindy Nagra, 42, from Hayes, was issued the fine by Isleworth Crown Court on Friday. She was an admin assistant at a car …
Kat Hall, 11 Jan 2016

The Network and Information Security Directive – who is in and who is out?

New cyber security laws agreed on by EU law makers in early December are set to impact on a large number of businesses. Political agreement on the draft Network and Information Security (NIS) Directive, which could still be amended, was reached by MEPs and representatives of EU  governments in early December. It means the path …
OUT-LAW.COM, 07 Jan 2016
Crypto fingers

Law enforcement versus Silicon Valley's idle problem children

Year in review Tensions have been building for a while on the back of revelations from NSA contractor turned whistleblower Edward Snowden but 2015 marked the outbreak of full-on hostilities between tech firms in Silicon Valley and Western governments. Law enforcement and politicians on both sides of the Atlantic lined up to repeatedly …
John Leyden, 29 Dec 2015

New bill would require public companies to disclose cybersecurity credentials

A new bill introduced to Congress on Thursday would require US publicly listed companies to disclose who on their Board has cybersecurity expertise. If it passes, the Cybersecurity Disclosure Act of 2015 would oblige companies to add details of which, if any, of their directors know about online security in filing to the …
Kieren McCarthy, 18 Dec 2015

Strict new EU data protection rules formally adopted by MEPs

Strict new rules forcing companies to pay four per cent of their global turnover in fines if they breach the European Union's data protection regulations have today been formally agreed. The legislation will create a uniform set of rules across the EU "fit for the digital era," said the EU in a press release. It said they …
Kat Hall, 17 Dec 2015
Crop of doctor with pen and clipboard

Nearly 1 in 5 health data breaches take years to spot, says Verizon

Stolen medical information is a prevalent problem across multiple industries, according to a new study by Verizon. The issue is compounded because many organisations outside of the healthcare sector do not even realise they even hold this type of data. Common sources of protected health information are employee records ( …
John Leyden, 16 Dec 2015
Bates Motel

FTC and Wyndham end hotel data protection feud

Hotel chain Wyndham Resorts has agreed to settle its long-running case with the FTC over its handling of customer data. The US trade bod said on Wednesday it has agreed to a settlement deal [PDF] that will see Wyndham spend the next two decades under mandatory rules for securing and storing customer payment card information. …
Shaun Nichols, 10 Dec 2015
ansip_648

Mandatory data breach reporting rules finally agreed by EUrocrats

After five hours of negotiations on 7 December, members of the European Parliament and Council finally settled on the wording of the EU's Network and Information Security (NIS) Directive. The directive was first proposed in 2013 as a means of forwarding the European Union's cybersecurity strategy. As it is a directive, rather …

Malvertising: How the ad model makes crime pay

Feature The exploitation of online advertising networks by malware-flingers is expected to cause up to $1bn in damages by the end of this year, but despite ongoing regulatory efforts, it is not clear to whom the liability for these enormous losses will fall. The increasingly sophistication with which online advertisers profile users …

Malware caught checking out credit cards in 54 luxury hotels

Add Starwood – owner of the Sheraton, Westin, W hotel chains – to the ranks of resorts infiltrated by credit card-stealing malware. The luxury hotel chain said on Friday that 54 of its North American locations had been infected with a software nasty that harvested banking card information from payment terminals and cash …
Shaun Nichols, 20 Nov 2015
Broken piggy bank with coins surrounding it. Image via Shutterstock

NCC Group sowing the seeds of disruption in the cyber security industry

Competition It's 2015, the cyber attacks keep on coming, and the bad guys appear to be winning – some may argue this is because devastating data breaches are more newsworthy than businesses upping their security defences. We see a relentless battle between businesses trying to protect themselves and those with malicious intent attacking …
David Gordon, 20 Nov 2015
Gavel

Three men indicted over JPMorgan Chase megahack

Three men have been indicted over the 2014 cyberheist of the largest US bank, JPMorgan Chase & Co. That attack involved the compromise of sensitive personal details of 76 million households and 7 million small businesses. Three men, two Israeli nationals Gery Sharon and Ziv Orensteini, as well as US national Joshua Samuel …
backdoor_648

Tim Cook: UK crypto backdoors would lead to 'dire consequences'

IPB Apple boss Tim Cook has once again warned of what he says would be the "dire consequences" of opening up backdoors to allow spies to access our data. He said it would be wrong for the UK government's latest super-spy bid – the draft Investigatory Powers Bill, which landed in Parliament last week – to weaken cryptography. Cook …
Kelly Fiveash, 10 Nov 2015

TalkTalk may tell investors to tighten belts after cyber incident

TalkTalk is likely to deliver bad news to investors next week, as analysts suggested it has managed to halve its customer growth forecast after spaffing the sensitive data of more than a million existing and former customers. Shares in the telco sit at their lowest point since an initial drop of 10.7 per cent after confessing …

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted. Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from …
John Leyden, 05 Nov 2015

Password reset invoked after vBulletin.com forum software site defaced

The official website of vBulletin.com forum software has hit the big red password reset following a breach by hackers that exposed the IDs of hundreds of thousands of users. A hacker claimed the had made off with a combined 480,000 records after an attack that led to the defacement of the vBulletin.com and a reported hack …
John Leyden, 03 Nov 2015

Here's how TalkTalk ducked and dived over THAT gigantic hack

Timeline It has been almost two weeks since the "cyber attack" on the TalkTalk website of 21 October, yet the company is yet to tell its customers how their data was compromised. TalkTalk's CEO Dido Harding has yet to offer anything more than a token apology regarding the company's security practices, which allowed more than a million …

Brit mobile pay biz reveals historical cyber attacks, gets smacked in the share price

The share price of mobile payments business Optimal Payments has taken a banging after the company confessed it was only just beginning to investigate historical data breaches, following the discovery of its customers' data being trafficked online. The British company said that it had only come to know about the data breaches …
happy_woman_at_desk

TalkTalk attack: UK digi minister recommends security badges for websites

The UK's digital minister Ed Vaizey has floated the idea of adding kitemarks to websites that have strong security measures in place, following the attack on TalkTalk's business last week. Speaking in Parliament on Monday in response to an urgent question on data breaches and consumer protection, following the ransack of …
Kelly Fiveash, 27 Oct 2015
Cash on scales. Pic: Images Money, Flickr

TalkTalk shares drop 10.7% despite research that breaches don't cause drops

Shares in TalkTalk dropped by 10.7 per cent this morning after the company released a statement admitting that a "cyber attack" may have exposed the data of its four million customers. TalkTalk is contacting all of its customers following what it called "a significant and sustained cyber attack" and intends to offer them free …

UK biz email slinger Mimecast files for $100m IPO in US

Mimecast filed for an initial public offering on Wall Street on Friday and said it hoped to raise up to $100m (£64m). The London-based email security vendor, which has 14,500 biz customers on its books, said that it planned to list under the symbol "MIME" on the Nasdaq exchange. For its most recent quarter, Mimecast – which …
Kelly Fiveash, 19 Oct 2015

Malware, restoring data: What keeps data center techies up all night

A majority of organizations polled in a data center and cloud security survey are dissatisfied with their malware containment and recovery times. More than half (55 per cent) of survey respondents were dissatisfied with the length of time it takes them to contain and recover from hacker infiltrations and malware infections, …
John Leyden, 15 Oct 2015

UK gets the Ashley Madison fear: Data privacy moans on the up

Consumer complaints about the way personal data is handled increased by 30 per cent from 2013 to 2014, according to figures from Pinsent Masons, acquired via several Freedom of Information requests to the Information Commissioners Office (ICO). Complaints about the security of personal information rose from 886 in 2013 to 1, …
John Leyden, 05 Oct 2015
F-35

Raytheon: Ho hum, another day, another $1bn cyber-security contract with Uncle Sam

Defense contractor Raytheon said it will be providing IT security for more than 100 US government agencies in a deal valued at upwards of $1bn. Raytheon said the billion-dollar contract, reportedly set to run for five to seven years, will include development and support of cybersecurity protections for the Department of …
Shaun Nichols, 30 Sep 2015

Bloodthirsty data parasites hungrily eye up healthcare sector

The healthcare industry sees 340 per cent more security incidents and attacks than the average market segment, according to a new study by Raytheon|Websense. Raytheon|Websense also warns that healthcare organisations are more than 200 per cent more likely to encounter data theft. Carl Leonard, principal security analyst at …
John Leyden, 24 Sep 2015

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015

Security bods jab pins at encrypted database system balloons

Developers of encrypted databases and security researchers are at loggerheads – and it's over a study that claims property-preserving encrypted databases may be vulnerable to attack. The researchers – Muhammad Naveed of the University of Illinois at Urbana-Champaign, Charles Wright of Portland State University, and Seny Kamara …
John Leyden, 11 Sep 2015

Vote now: Who can solve a problem like Ashley Madison?

Poll Avid Life Media – the owner of hookup site Ashley Madison – has weeks-old openings for a data analyst and a senior system administrator. The opportunities (noticed by Vulture-eyed Reg staffers) got us thinking about who in the wide world of tech is capable of righting the hacker-raided Tinder-for-cheaters site, which has …
John Leyden, 27 Aug 2015

Who should be responsible for IT security?

Typically, when a cybersecurity problem arises, it’s the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it’s hardly the office manager or the accounts receivable department’s lookout, right? Perhaps. On the other hand, …
Danny Bradbury, 18 Aug 2015

Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords

Updated Islamic State's frothing fanatics have leaked online what they claim to be the email addresses and plaintext passwords of 1,500 American military personnel – including CIA staff. The details include full names, email addresses, unencrypted passwords, ZIP codes, places of work, and telephone numbers. They come in a format that …
Kieren McCarthy, 12 Aug 2015

Hackers hid Carphone Warehouse breach with DDoS smokescreen – report

Hackers reportedly swamped Carphone Warehouse with junk traffic as a smokescreen, before breaking into systems and stealing the personal details of 2.4m customers. Up to 90,000 customers may also have had their encrypted credit card details accessed, the UK-based mobile phone reseller admitted at the weekend. Customers with …
John Leyden, 11 Aug 2015
1984

Jail incompetent council folk who leak our data, thunders furious BBW

A report published today by British privacy rights group Big Brother Watch (BBW) says the scale of private data being leaked is so great that those responsible should be jailed. Between April 2011 and April 2014, local councils experienced around four data breaches a day – a total of 4,236 instances – according to figures …
Jennifer Baker, 11 Aug 2015