Articles about Data Breaches

Parliament photo by Shutterstock

UK.gov departments are each clinging on to 100 terabytes of legacy data

Some Whitehall departments are saddled with more than 100 terabytes of legacy data, and are wasting time recreating old work at a cost of £500m per year, according to a Cabinet Office report. The Better Information for Better Government report [PDF] said good information governance is critical for effective government. …
Kat Hall, 18 Jan 2017
Password

Credential-stuffers enjoy up to 2% attack success rate – report

Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security. More than three billion credentials were reported stolen worldwide in 2016, with 51 companies admitting a breach. These stolen credentials are routinely abused by cybercriminals …
John Leyden, 17 Jan 2017

A year in infosec: Bears, botnets, breaches ... and elections

How often can we say that an IT blunder might have changed the course of world history? Hillary Clinton’s use of a private email server whilst serving as outgoing US President Barack Obama’s Secretary of State became a key element in the US presidential election this year. The FBI investigation around Clinton’s use of a …
John Leyden, 26 Dec 2016

US healthcare under siege: Got good insurance?

US healthcare organisations, including hospitals, are increasingly vulnerable to medical device hijacks as well as the growing ransomware threat, according to a new study by security vendor TrapX. A total of 93 major attacks occurred during 2016. Hackers were responsible for almost a third (31.42 per cent) of all major HIPAA ( …
John Leyden, 23 Dec 2016
Insurance guys photo via Shutterstock

Sayonara North America: Insurance guy got your back when Office 365 doesn't?

Move to the cloud, they said, everything will be better, they said. Security, reliability, scale. We take the work and the worry off your hands. Except nothing is that simple or straight forward – and that includes cloud. When your IT ran the tin and it crashed, they weren’t running your entire business. If a server flamed out …
Danny Bradbury, 21 Dec 2016
Frustrated accountant puts head in hands. Photo by Shutterstock

Cyber insurance brokers: If it makes you feel any better, 2016 was not our year either

Insurers are handling "hundreds" of breach claims, according to figures from CFC Underwriting. CFC Underwriting said it handled more than 400 claims against cyber-breach policies it issued this year alone. The rise in data breaches and money transfer scams are driving the increase. Claims on CFC policies almost doubled year …
John Leyden, 19 Dec 2016

Akamai buys bot-sniffing startup Cyberfend

Akamai Technologies has beefed up its existing bot management and mitigation services with the acquisition of US startup Cyberfend. Financial terms of the deal, announced Monday, were undisclosed. Credential theft and abuse is a significant problem for online businesses and their customers. Cyberfend’s tech is designed to …
John Leyden, 19 Dec 2016
Password

US commission whistles to FIDO: Help end ID-based hacks by 2021

A White House commission on improving cybersecurity has come up with a list of recommendations for US president-elect Donald Trump’s administration – including a target for no big hacks to involve identity-based compromises. The US Commission on Enhancing National Cybersecurity has identified 16 key recommendations on security …
John Leyden, 08 Dec 2016

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 07 Dec 2016
Data breach

Clients say they'll take their money and run if service hacked – poll

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked. Almost half (48 per cent) of the 1,000 Brits questioned by Onepoll claimed they would cancel accounts if a provider of theirs suffered a data breach. In addition, a …
John Leyden, 01 Dec 2016

The Internet Society is unhappy about security – pretty much all of it

The Internet Society (ISOC) is the latest organisation saying, in essence, “security is rubbish – fix it”. Years of big data breaches are having their impact, it seems: in its report released last week, it quotes a 54-country, 24,000-respondent survey reporting a long-term end user trend to become more fearful in using the …
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

Sharing's caring? Not when you spread data across gov willy-nilly

Digital Economy Bill Privacy campaigners and academics have called for the removal of personal data sharing proposals in the forthcoming Digital Economy Bill. The Bill puts government ministers in control of citizens' personal data, "a significant change in the relationship between citizen and state," wrote 26 signatories in a letter to The …
Kat Hall, 25 Nov 2016

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

Customers of online takeaway firm Deliveroo are getting their accounts hijacked and charged for food they never ordered, according to an investigation by BBC One's Watchdog. Investigators from the campaigning TV consumer affairs programme uncovered evidence that scores of customers of the newly be-logo-ed Deliveroo are being …
John Leyden, 23 Nov 2016

Symantec doubles down on consumer security by buying LifeLock

Symantec has bought identity theft protection firm LifeLock for $2.3bn. The deal, announced Sunday, represents a brave bid by Symantec to shore up a consumer security business eroded by dwindling anti-virus sales. Selling Norton consumer security alongside identity protection and remediation services from LifeLock will enable …
John Leyden, 21 Nov 2016
An upset woman with an empty wallet

Customer data security is our highest priori- ha ha ha whatever, suckers

Something for the Weekend, Sir? I would like it to be known that mine is bigger than yours. And yours is bigger than everyone else's. Only losers waste their time with small. We do big. The IT industry is notably keen on letting us know that everything they do is big, especially when it comes to data security breaches. Cyber-attacks on individuals are never …
Alistair Dabbs, 18 Nov 2016

The world has changed but has your IAM?

Broadcast It was never easy to put a business case together for Identity Access Management (IAM), but the stakes are getting higher all the time. Headlines today are littered with the news of consumer data breaches, customer accounts being compromised and personally identifiable information exploited. At 8am PST / 11am EST / 4pm GMT on …
David Gordon, 15 Nov 2016
Policeman number 10, photo by pcruciatti via Shutterstock

UK.gov's pricey Five Year Plan to see off cyber thugs still in place

UK Chancellor Philip Hammond is due to reaffirm a pledge to spend £1.9bn up until the end of 2020 to bolster the UK’s cyber security strategy in a speech early this afternoon. The updated strategy [84-page PDF] - which doesn’t include any new spending pledges1 - is expected to include an increase in focus on investment in …
John Leyden, 01 Nov 2016
Privacy image

Gartner's seers pass judgement on storage industry leaders

Gartner has published a distributed file systems and object storage magic quadrant with the top three suppliers being Dell EMC, followed by IBM and Scality. The research consultancy defines distributed file systems and object storage as "software and hardware solutions that offer object and/or scale-out file technology to …
Chris Mellor, 21 Oct 2016
Australian Parliament House Canberra

Australia's new data breach disclosure laws have a rather floppy definition of 'breach'

After years of discussion a draft of Australia's proposed data breach disclosure laws has landed and, to The Register's mind, it leaves a lot of wriggle room for those who would keep breaches secret. The draft Privacy Amendment (Notifiable Data Breaches) Bill 2016 (PDF) doesn't make it compulsory to report a breach. “It would …
Simon Sharwood, 19 Oct 2016

You've been hacked. What are you liable for?

Hacking is big news and we’re all susceptible. In the UK, hackers could face jail time under the Computer Misuse Act, but the question on many businesses’ minds will be where the liability lies if they are hacked. The list of successful mega breaches continues to grow; extra-marital affairs site Ashley Madison hit the …
Frank Jennings, 14 Oct 2016

That UK law that'll share Brits' private info among govt departments? Yeah, that'll need oversight

Plans to increase the UK government’s access to citizens' private records without the public’s consent should be subject to greater oversight, head of the Information Commissioner’s Office Elizabeth Denham has told MPs. In an evidence hearing with MPs on Thursday, she was addressing the proposals made in part five of the …
Kat Hall, 14 Oct 2016

New GCHQ unit: Psst, breached biz bods. We won't rat you out to the ICO

The new National Cyber Security Centre is pitching itself to CEOs as a friendly government organisation which won't get the regulators involved after data breaches. Those gathered this morning on the 18th floor of 125 London Wall heard one of the NCSC's deputy directors address CEOs on how they should lead their businesses' …

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Interview Despite the hype about state-sponsored hackers, most breaches are actually the result of either criminal activity or "kids messing around", according to breach expert Troy Hunt. Hunt, operator of the breach notification service Have I Been Pwned, noted that many of the current spate of breach disclosures actually stem from …
John Leyden, 07 Oct 2016

Citizens don't trust UK.GOV with their data

UK citizens have little faith in the government's ability to securely handle their private data - according to a wide-ranging survey which echoes findings by the National Audit Office. Just 22 per cent believed that the government has appropriate means to stop cyber-attacks and identity breaches, according to 1,500 citizens …
Kat Hall, 06 Oct 2016
Defeated-looking young man puts his head against table in front of laptop and pile of papers in conference room. Pic via Shutterstock

Yahoo! Mail! down?! Great! timing! as! more! US! senators! dogpile! hacked! web! giant!

Yahoo!'s embattled mail service was dealt another blow Tuesday when an outage hit users worldwide. Data from outage monitors DownDetector and Outage.Report back up multiple reports from users that the service was knocked offline for a period of time earlier this morning US time, or afternoon for those in Europe. Y mientras el …
Shaun Nichols, 27 Sep 2016

Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett. The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations …
John Leyden, 21 Sep 2016

UK.gov oughta get its data-sharing house in order before Digital Economy Bill plans

Analysis The government has a funny notion of how to tackle failure. When it comes to contracts, suppliers that have routinely messed up are handed more deals. When it comes to policy, approaches that have proved unsuccessful get dusted off and pushed with renewed vigour. The author who wrote "the definition of insanity is doing the …
Kat Hall, 19 Sep 2016
Defeated-looking young man puts his head against table in front of laptop and pile of papers in conference room. Pic via Shutterstock

So, Gov.UK infosec in 2015. 'Chaotic'. Cost £300m. NINE THOUSAND data breaches...

The Cabinet Office is failing to coordinate the UK's government departments' efforts to protect their information according to a damning report by the National Audit Office. The NAO found that the Cabinet Office failed in its duty and ambition to coordinate and lead government departments’ efforts in protecting such …

Healthcare and local gov are most likely UK bodies to suffer infosec breaches

The number of security incidents reported to UK data privacy watchdogs nearly doubled in the past year, with organisations increasingly becoming overwhelmed with security problems. Data disclosed in error and security breaches were the two primary reasons for an 88 per cent rise in self-reported data protection breaches …
John Leyden, 01 Sep 2016

A quarter of banks' data breaches are down to lost phones and laptops

One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study. Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking. More than 60 financial sector organisations …
John Leyden, 25 Aug 2016

Asia’s top cloud security conference lands in London

PROMO Working in cyber-security? Come and join the experts at CLOUDSEC 2016 in London on September 6 and explore the key security issues du jour. CLOUDSEC is one of the largest internet security conferences held across Asia Pacific and Europe. These events are vendor-neutral and features presentations by industry experts who will …
David Gordon, 16 Aug 2016
Credit card fraud

UK tops European charts ... for carder fraud

The United Kingdom has copped the largest jump in credit card fraud of all European countries with an 18 per cent rise resulting in £88m ($114m, A$150m) of additional losses. Blighty outpaced fraud growth in Greece and Denmark where fraud increased by five percent according to Euromonitor International data mapped out by big …
Darren Pauli, 09 Aug 2016
A medical sample cup

Very peed off: Ohio urologists stay zipped after embarrassing leak

A medical group in Ohio has confirmed it was ransacked by miscreants who leaked hundreds of thousands of medical files, financial documents and patient records – but offered little else in the way of an explanation. The Central Ohio Urology Group told The Register it is still working with investigators and IT security experts …
Shaun Nichols, 04 Aug 2016
A donkey

Dem-owned-crats: Now its congressional committee is hacked

Updated The Democratic Congressional Campaign Committee – which represents Democrats in the US House of Representatives – has been hacked, and miscreants have made off with a massive amount of data. The DCCC confirmed its computer systems were infiltrated and ransacked in a manner similar to the high-profile intrusion at the …
Shaun Nichols, 29 Jul 2016

Flame Canada, flame Canada ... Botched govt payroll computers spew smoke ahead of probe

The Ottawa data center housing Phoenix – the Canadian government's bungled payroll system for federal workers – was shut down on Wednesday after smoke was detected inside. The Shared Services Canada server warehouse also housed computers handling government email, as well as some government websites, which were switched off, …
Shaun Nichols, 28 Jul 2016

Couple in the cooler for sucking $1m out of Uncle Sam via IRS 'Get Transcript' scam

Two people have been jailed for their involvement in a scam that exploited the US IRS "Get Transcript" website to defraud the American government. A couple from Austell, Georgia, laundered more than $1m as part of a larger swindle that abused weaknesses in the taxmen's website to get the personal data needed to file fraudulent …
Shaun Nichols, 27 Jul 2016

Omni-shambles! Card-stealing malware checks into US hotel chain

Yet another US hotel chain has admitted malware infected its computer systems and stole guests' bank card information. Omni Hotels said today [PDF] an attacker managed to infiltrate its IT network and inject a software nasty into its payment terminals that siphoned off copies of people's credit and debit cards. The malware …
Shaun Nichols, 11 Jul 2016
By Bob Bob - https://flic.kr/p/914kty

5 years, 2,300 data breaches. What'll police do with our Internet Connection Records?

Police forces across the UK have been responsible for “at least 2,315 data breaches” over the last five years, according to research by Big Brother Watch, prompting concerns about the increasing amount of data they're holding. Titled Safe in Police Hands? the 138-page report is released today after months of requests made by …
NBC suit worker image via Shutterstock

You know how that data breach happened? Three words: eBay, hard drives

Users are unwittingly selling sensitive and unencrypted data alongside their devices through the likes of eBay and Craigslist. Secure data erasure firm Blancco Technology Group (BTG) purchased 200 second-hand hard disk drives and solid state drives before conducting a forensic analysis to find out what data was recoverable. …
John Leyden, 28 Jun 2016

ICO slapped data blabbers with £2m in fines last year

The Information Commissioner's Office doubled the amount of fines it dished out to organisations in breach of data protection rules last year, issuing £2m in penalties, according to its annual report. The hike in fines was mainly due to changes in the rules on nuisance marketing. For the previous year 2014/15, the commission …
Kat Hall, 28 Jun 2016

TalkTalk CEO Dido Harding pockets £2.8m

Dido Harding, the chief exec of beleaguered firm TalkTalk, was handed £2.8m in salary this year, despite the company suffering a catastrophic cyber attack last year. The payout included base salary, shares and cash – the latter being related to performance targets between 2012-2015, the biz said in its annual report today. …
Kat Hall, 20 Jun 2016
Phone thief, photo via Shutterstock

Home Office staff: Over 100 of our work mobiles lost or pinched last year

The UK Home Office has revealed that its ICT losses for 2015 amounted to 125 devices. In a publication today, notably pushed out shortly after The Register's expose of the department's mega database project, the Home Office has published information about its annual ICT losses for 2015. These losses may provoke concern as the …

TalkTalk scam-scammers still scam-scamming

Updated TalkTalk customers are still being targeted by scammers, following a series of data breaches at the company. In the last four years, TalkTalk has had to admit to four different breaches of data, two directly from the company itself and two others from partners here and in India. Most notorious was its attack in October last …
Kat Hall, 03 Jun 2016
Error

Trouble originating between chair and keyboard caused most UK breaches

UK data breaches caused by good old human error rose again early this year, accounting for 62 per cent of all data breaches reported to UK data protection watchdogs in the first quarter of 2016. This far outstrips other causes of breaches, such as insecure webpages and hacking, which stands at nine per cent combined. The …
John Leyden, 02 Jun 2016
Extortion

Miscreants demand Bitcoins to stay silent on 'dirty secrets' of Tumblr, LinkedIn hack victims

The FBI has issued an unusual warning about a new breed of scammers looking to get rich off the back of recent high-profile data breaches. According to the agency's Internet Crime Complaint Center (IC3), a large volume of emails are being reported where the sender claims to have used data from recent breaches at LinkedIn, …
Iain Thomson, 01 Jun 2016
Image by Walther S http://www.shutterstock.com/gallery-955900p1.html

The six stages of post-security incident grief avoidance

AusCERT Audio Security and forensics man Ashley Deuble has outlined the six stages of good incident response that if followed could bring an enterprise in line with Fortune 50 best practice. The Griffith University security manager says the steps of preparation; identification; containment; eradication; recovery, and lessons learned are …
Darren Pauli, 26 May 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016
Archer cracks the ISIS mainframe's password

Hmmm, where should I dump those unencrypted password files? I know - OneDrive

Enterprises are routinely storing corporate password files in the cloud through Microsoft’s OneDrive backup technology. OneDrive is the most common Office 365 application, with 79.1 per cent of organisations using it, according to a study by cloud control tech vendor Skyhigh Networks. The average corporate OneDrive service …
John Leyden, 18 May 2016
Furnace by https://www.flickr.com/photos/changeable_fate/ cc 2l0 attribution generic https://creativecommons.org/licenses/by/2.0/

Hackers tear shreds off Verizon's data breach report top 10 bug list

Information security boffins have pilloried Verizon's latest data breach report, suggesting its list of top security vulnerabilities do not represent reality. The 2016 Data Breach Investigations report [PDF] is Verizon's ninth in the series drawing on a wider pool of data including some 100,000 security incidents and 2260 data …
Darren Pauli, 12 May 2016

MongoDB on breaches: Software is secure, but some users are idiots

You shouldn't expect to see any end to data breaches caused by misconfigured instances of MongoDB soon, the company's strategy veep has told The Register. MongoDB is a fairly popular document store in the database world, used by eBay, Foursquare, and The New York Times. It's open source, available under the GNU APL v3.0 …