Articles about Data Breaches

Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett. The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations …
John Leyden, 21 Sep 2016

UK.gov oughta get its data-sharing house in order before Digital Economy Bill plans

Analysis The government has a funny notion of how to tackle failure. When it comes to contracts, suppliers that have routinely messed up are handed more deals. When it comes to policy, approaches that have proved unsuccessful get dusted off and pushed with renewed vigour. The author who wrote "the definition of insanity is doing the …
Kat Hall, 19 Sep 2016
Defeated-looking young man puts his head against table in front of laptop and pile of papers in conference room. Pic via Shutterstock

So, Gov.UK infosec in 2015. 'Chaotic'. Cost £300m. NINE THOUSAND data breaches...

The Cabinet Office is failing to coordinate the UK's government departments' efforts to protect their information according to a damning report by the National Audit Office. The NAO found that the Cabinet Office failed in its duty and ambition to coordinate and lead government departments’ efforts in protecting such …

Healthcare and local gov are most likely UK bodies to suffer infosec breaches

The number of security incidents reported to UK data privacy watchdogs nearly doubled in the past year, with organisations increasingly becoming overwhelmed with security problems. Data disclosed in error and security breaches were the two primary reasons for an 88 per cent rise in self-reported data protection breaches …
John Leyden, 01 Sep 2016

A quarter of banks' data breaches are down to lost phones and laptops

One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study. Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking. More than 60 financial sector organisations …
John Leyden, 25 Aug 2016

Asia’s top cloud security conference lands in London

PROMO Working in cyber-security? Come and join the experts at CLOUDSEC 2016 in London on September 6 and explore the key security issues du jour. CLOUDSEC is one of the largest internet security conferences held across Asia Pacific and Europe. These events are vendor-neutral and features presentations by industry experts who will …
David Gordon, 16 Aug 2016
Credit card fraud

UK tops European charts ... for carder fraud

The United Kingdom has copped the largest jump in credit card fraud of all European countries with an 18 per cent rise resulting in £88m ($114m, A$150m) of additional losses. Blighty outpaced fraud growth in Greece and Denmark where fraud increased by five percent according to Euromonitor International data mapped out by big …
Darren Pauli, 09 Aug 2016
A medical sample cup

Very peed off: Ohio urologists stay zipped after embarrassing leak

A medical group in Ohio has confirmed it was ransacked by miscreants who leaked hundreds of thousands of medical files, financial documents and patient records – but offered little else in the way of an explanation. The Central Ohio Urology Group told The Register it is still working with investigators and IT security experts …
Shaun Nichols, 04 Aug 2016
A donkey

Dem-owned-crats: Now its congressional committee is hacked

Updated The Democratic Congressional Campaign Committee – which represents Democrats in the US House of Representatives – has been hacked, and miscreants have made off with a massive amount of data. The DCCC confirmed its computer systems were infiltrated and ransacked in a manner similar to the high-profile intrusion at the …
Shaun Nichols, 29 Jul 2016

Flame Canada, flame Canada ... Botched govt payroll computers spew smoke ahead of probe

The Ottawa data center housing Phoenix – the Canadian government's bungled payroll system for federal workers – was shut down on Wednesday after smoke was detected inside. The Shared Services Canada server warehouse also housed computers handling government email, as well as some government websites, which were switched off, …
Shaun Nichols, 28 Jul 2016

Couple in the cooler for sucking $1m out of Uncle Sam via IRS 'Get Transcript' scam

Two people have been jailed for their involvement in a scam that exploited the US IRS "Get Transcript" website to defraud the American government. A couple from Austell, Georgia, laundered more than $1m as part of a larger swindle that abused weaknesses in the taxmen's website to get the personal data needed to file fraudulent …
Shaun Nichols, 27 Jul 2016

Omni-shambles! Card-stealing malware checks into US hotel chain

Yet another US hotel chain has admitted malware infected its computer systems and stole guests' bank card information. Omni Hotels said today [PDF] an attacker managed to infiltrate its IT network and inject a software nasty into its payment terminals that siphoned off copies of people's credit and debit cards. The malware …
Shaun Nichols, 11 Jul 2016
By Bob Bob - https://flic.kr/p/914kty

5 years, 2,300 data breaches. What'll police do with our Internet Connection Records?

Police forces across the UK have been responsible for “at least 2,315 data breaches” over the last five years, according to research by Big Brother Watch, prompting concerns about the increasing amount of data they're holding. Titled Safe in Police Hands? the 138-page report is released today after months of requests made by …
NBC suit worker image via Shutterstock

You know how that data breach happened? Three words: eBay, hard drives

Users are unwittingly selling sensitive and unencrypted data alongside their devices through the likes of eBay and Craigslist. Secure data erasure firm Blancco Technology Group (BTG) purchased 200 second-hand hard disk drives and solid state drives before conducting a forensic analysis to find out what data was recoverable. …
John Leyden, 28 Jun 2016

ICO slapped data blabbers with £2m in fines last year

The Information Commissioner's Office doubled the amount of fines it dished out to organisations in breach of data protection rules last year, issuing £2m in penalties, according to its annual report. The hike in fines was mainly due to changes in the rules on nuisance marketing. For the previous year 2014/15, the commission …
Kat Hall, 28 Jun 2016

TalkTalk CEO Dido Harding pockets £2.8m

Dido Harding, the chief exec of beleaguered firm TalkTalk, was handed £2.8m in salary this year, despite the company suffering a catastrophic cyber attack last year. The payout included base salary, shares and cash – the latter being related to performance targets between 2012-2015, the biz said in its annual report today. …
Kat Hall, 20 Jun 2016
Phone thief, photo via Shutterstock

Home Office staff: Over 100 of our work mobiles lost or pinched last year

The UK Home Office has revealed that its ICT losses for 2015 amounted to 125 devices. In a publication today, notably pushed out shortly after The Register's expose of the department's mega database project, the Home Office has published information about its annual ICT losses for 2015. These losses may provoke concern as the …

TalkTalk scam-scammers still scam-scamming

Updated TalkTalk customers are still being targeted by scammers, following a series of data breaches at the company. In the last four years, TalkTalk has had to admit to four different breaches of data, two directly from the company itself and two others from partners here and in India. Most notorious was its attack in October last …
Kat Hall, 03 Jun 2016
Error

Trouble originating between chair and keyboard caused most UK breaches

UK data breaches caused by good old human error rose again early this year, accounting for 62 per cent of all data breaches reported to UK data protection watchdogs in the first quarter of 2016. This far outstrips other causes of breaches, such as insecure webpages and hacking, which stands at nine per cent combined. The …
John Leyden, 02 Jun 2016
Extortion

Miscreants demand Bitcoins to stay silent on 'dirty secrets' of Tumblr, LinkedIn hack victims

The FBI has issued an unusual warning about a new breed of scammers looking to get rich off the back of recent high-profile data breaches. According to the agency's Internet Crime Complaint Center (IC3), a large volume of emails are being reported where the sender claims to have used data from recent breaches at LinkedIn, …
Iain Thomson, 01 Jun 2016
Image by Walther S http://www.shutterstock.com/gallery-955900p1.html

The six stages of post-security incident grief avoidance

AusCERT Audio Security and forensics man Ashley Deuble has outlined the six stages of good incident response that if followed could bring an enterprise in line with Fortune 50 best practice. The Griffith University security manager says the steps of preparation; identification; containment; eradication; recovery, and lessons learned are …
Darren Pauli, 26 May 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016
Archer cracks the ISIS mainframe's password

Hmmm, where should I dump those unencrypted password files? I know - OneDrive

Enterprises are routinely storing corporate password files in the cloud through Microsoft’s OneDrive backup technology. OneDrive is the most common Office 365 application, with 79.1 per cent of organisations using it, according to a study by cloud control tech vendor Skyhigh Networks. The average corporate OneDrive service …
John Leyden, 18 May 2016
Furnace by https://www.flickr.com/photos/changeable_fate/ cc 2l0 attribution generic https://creativecommons.org/licenses/by/2.0/

Hackers tear shreds off Verizon's data breach report top 10 bug list

Information security boffins have pilloried Verizon's latest data breach report, suggesting its list of top security vulnerabilities do not represent reality. The 2016 Data Breach Investigations report [PDF] is Verizon's ninth in the series drawing on a wider pool of data including some 100,000 security incidents and 2260 data …
Darren Pauli, 12 May 2016

MongoDB on breaches: Software is secure, but some users are idiots

You shouldn't expect to see any end to data breaches caused by misconfigured instances of MongoDB soon, the company's strategy veep has told The Register. MongoDB is a fairly popular document store in the database world, used by eBay, Foursquare, and The New York Times. It's open source, available under the GNU APL v3.0 …

Hackers so far ahead of defenders it's not even a game

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches. The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still …
John Leyden, 26 Apr 2016
Man on bicycle talks on mobile on busy Brussels street. Photo by Alredo Cerra via Shutterstock

Europe's new privacy safeguards are finally approved, must invade EU nations by 2018

Analysis The General Data Protection Regulation (GDPR) has been ratified by the European Parliament. The final seal of approval follows successful passage through the EU Parliament's Committee on Civil Liberties, Justice and Home Affairs. Following four years of discussions and amendments, the GDPR is now officially EU law and will …
John Leyden, 14 Apr 2016

Cutting edge security: Expensive kit won't save you

We all want to protect our customer and employee data, but as the threat landscape changes and the publicly disclosed data breaches get increasingly larger, our approach may need to change. What constitutes "state of the art" information security in 2016? It’s tempting to create a listicle of 10 shiny new security tools that …
Danny Bradbury, 13 Apr 2016

Cyber-security pro? Forget GCHQ, BT wants to hire 900 of you

Former state monopoly BT is on the hunt for 900 security bods to help it meet the "surge" in customer demand for those skills, following a number of high-profile security and data breaches. The biz currently employs more than 2,500 security folk and reckons its security operations' annual revenues are growing at a double-digit …
Kat Hall, 13 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016
London - Iconic Red telephone box with Big Ben at the background and blue sky - UK, England. Photo by Shutterstock

Spear phishers target gullible Brits more than anyone else – survey

There’s been a sharp (35 per cent) increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware. The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's …
John Leyden, 12 Apr 2016
Cash register, photo via Shutterstock

Want a job in security? Lock down US military's supermarkets

The US Department of Defense is looking to form a security team to protect military commissaries from hackers. NextGov has spotted a posting from the Federal Business Opportunities site for an "incident response service" at military commissary shops. According to the job post [Word Doc], the response service contractors will …
Shaun Nichols, 08 Apr 2016

Divided FCC passes ISP privacy rules, overhauls LifeLine

The US Federal Communications Commission (FCC) has passed a pair of important new rules designed to extend broadband service in the US and protect user data. The commission's rulings came after a last-minute delay in its scheduled March 31 meeting, but ultimately ended with both proposals passing. The LifeLine rules will …
Shaun Nichols, 31 Mar 2016
Moments of perspiration

Cyberthreat: Learning to live with the risk

Cyberthreats are like the common cold or some other infectious virus; eventually you’re going to get sick. It’s a part of life. They’re always there, lurking just around the corner, waiting to make your life that little bit harder. At the same time, you can’t focus entirely on potential risks to your business at the expense of …
Danny Bradbury, 18 Mar 2016

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …
John Leyden, 09 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016
US Pentagon. Pic: DoD photo by MSgt Ken Hammond, USAF

Pentagon to Dept of Defense: Give us $580bn for cyberwar and spacewar

The Pentagon has asked for $582.7bn to bolster the US Department of Defense's (DoD) capabilities, especially when it comes to a future cyber and space war. Testifying before the House Appropriations Committee, which regulates the US Government's expenditure, the Defense Secretary Ash Carter explained why his department was …

Hackers aren't so interested in your credit card data these days. That's bad news

Healthcare and government have overtaken the retail sector as most-targeted for data breaches, according to security firm Gemalto. A total of 1,673 data breaches led to 707 million data records being compromised worldwide during 2015, according to the latest edition of Gemalto’s Breach Level Index report. Not all breaches are …
John Leyden, 23 Feb 2016
Home Secretary Theresa May introduces draft Investigatory Powers Bill to MPs. Pic credit: Parliament TV

Home Office lost its workers' completed security vetting forms

The Home Office has admitted to The Register that among its data breach incidents last year was one in which security vetting documents disappeared from within secured government premises. Through the Freedom of Information Act, The Register has learned that the Home Office – responsible for the UK's domestic counter- …

ICO says TalkTalk customers need to get themselves a lawyer

A Parliamentary inquiry into the TalkTalk security breach heard the Information Commissioner, Christopher Graham, stress that aggrieved TalkTalk customers should lawyer up. People expecting his office to sort out reparations for them should instead take their complaints directly to the telco, the hearing heard. The "TalkTalk …

Medical data experiment goes horribly wrong: 950,000 records lost

American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Centene Corp boss Michael Neidorff says the company does not know if the information has been …
Darren Pauli, 27 Jan 2016
Tom Wheeler, Chair of FCC. Image by DonkeyHotey

Privacy warriors plead with FCC to wield sword of net neutrality against snooping ISPs

The US Federal Communications Commission (FCC) has been urged to put in place stronger protections for broadband subscribers' privacy. A letter [PDF] written by a coalition of 59 activist groups from across America demands that FCC chairman Tom Wheeler fast-tracks proposed rules that would restrict the ways broadband service …
Shaun Nichols, 20 Jan 2016

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016
Cash on scales. Pic: Images Money, Flickr

ICO: You call that a sentence? Courts need power to hit data thieves harder

Blighty's data watchdog has moaned that the UK's courts needs greater powers to impose penalties on data thieves after a woman was slapped with a £1,000 for flogging 28,000 customer records for £5,000. Sindy Nagra, 42, from Hayes, was issued the fine by Isleworth Crown Court on Friday. She was an admin assistant at a car …
Kat Hall, 11 Jan 2016

The Network and Information Security Directive – who is in and who is out?

New cyber security laws agreed on by EU law makers in early December are set to impact on a large number of businesses. Political agreement on the draft Network and Information Security (NIS) Directive, which could still be amended, was reached by MEPs and representatives of EU  governments in early December. It means the path …
OUT-LAW.COM, 07 Jan 2016
Crypto fingers

Law enforcement versus Silicon Valley's idle problem children

Year in review Tensions have been building for a while on the back of revelations from NSA contractor turned whistleblower Edward Snowden but 2015 marked the outbreak of full-on hostilities between tech firms in Silicon Valley and Western governments. Law enforcement and politicians on both sides of the Atlantic lined up to repeatedly …
John Leyden, 29 Dec 2015

New bill would require public companies to disclose cybersecurity credentials

A new bill introduced to Congress on Thursday would require US publicly listed companies to disclose who on their Board has cybersecurity expertise. If it passes, the Cybersecurity Disclosure Act of 2015 would oblige companies to add details of which, if any, of their directors know about online security in filing to the …
Kieren McCarthy, 18 Dec 2015

Strict new EU data protection rules formally adopted by MEPs

Strict new rules forcing companies to pay four per cent of their global turnover in fines if they breach the European Union's data protection regulations have today been formally agreed. The legislation will create a uniform set of rules across the EU "fit for the digital era," said the EU in a press release. It said they …
Kat Hall, 17 Dec 2015
Crop of doctor with pen and clipboard

Nearly 1 in 5 health data breaches take years to spot, says Verizon

Stolen medical information is a prevalent problem across multiple industries, according to a new study by Verizon. The issue is compounded because many organisations outside of the healthcare sector do not even realise they even hold this type of data. Common sources of protected health information are employee records ( …
John Leyden, 16 Dec 2015
Bates Motel

FTC and Wyndham end hotel data protection feud

Hotel chain Wyndham Resorts has agreed to settle its long-running case with the FTC over its handling of customer data. The US trade bod said on Wednesday it has agreed to a settlement deal [PDF] that will see Wyndham spend the next two decades under mandatory rules for securing and storing customer payment card information. …
Shaun Nichols, 10 Dec 2015