Security News

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank's credit card holders. The Comptroller of the Currency said in a consent order Thursday that Capital One failed in 2105 to establish effective risk management when it migrated information technology operations to a cloud-based service.

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. According to a press release published by the OCC on Thursday, Capital One failed to establish appropriate risk management before migrating its IT operations to a public cloud-based service, which included appropriate design and implementation of certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts.

Twitter has confirmed that the breach of several high-profile accounts that occurred on July 15 was caused by a phone spear phishing attack that targeted a small number of employees. Using the credentials of the affected employees, the attackers managed to compromise 130 different Twitter accounts, including those of Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, and Barack Obama, according to Twitter.

Conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with more than 3,200 security professional in organizations that suffered a data breach over the past year. Smart tech slashes breach costs in half: Companies who had fully deployed security automation technologies experienced less than half the data breach costs compared to those who didn't have these tools deployed - $2.45 million vs. $6.03 million on average.

Video creation service Promo.com this week confirmed that user data was exposed as a result of a data breach identified last week. In 2016, it launched the Promo video creation platform for businesses and in 2019 it rebranded from Slidely to Promo.com.

Data breaches are now costing companies nearly $4 million according to a new report from IBM Security and the Ponemon Institute released Wednesday. On average, breaches now cost organizations $3.86 million per attack, with the United States having the highest average cost per breach and healthcare being the most heavily hit industry.

GPS titan Garmin is still recovering from the fallout of the devastating ransomware attack that has crippled its website, disrupted customer support, disabled apps, and paused communications since late July 22. Since the crisis began, employees of the company around the world took to social media to admit what the company would not: That it was hit with a damaging ransomware attack that locked them out of significant portions of their own system globally.

Digital banking service Dave announced over the weekend that user data was compromised in a third-party security incident. The newly disclosed data breach, Dave says, was the result of a security incident at Git analytics tool Waydev, a former service provider for Dave.

A lawsuit alleging that ex-UKIP leader Richard Braine took part in blackmail and data breaches has been all but thrown out of the High Court as a judge said it was "Without any proper and sound evidential foundation". Amid rival political factions struggling for control of the right-wing party - which launched Nigel Farage's political career before the televisually omnipresent Brexiteer split off to form his own movement - Braine was accused of illicitly accessing party figures' email accounts and the party membership database.

A genealogy website used to catch one of California's most wanted serial killers remained shut down Thursday after a security breach exposed the DNA profiles of more than a million people to law enforcement agencies. GEDmatch said in a message emailed to members and posted Wednesday on its Facebook page that on Sunday a "Sophisticated attack" on their servers through an existing user account made the DNA profiles of its members available for police to search for about three hours.