Security News

Security teams are also more confident about their data breach response plans, even though the number is only 57%. Experian and the Ponemon Institute shared the state of data breaches and defenses against these attacks in the seventh annual "Is Your Company Ready for a Big Data Breach?" report. Experian has firsthand experience with a massive data breach.

On Wednesday, cybercriminals posted the information of more than 10 million MGM Hotel customers on a hacker forum, exposing their personal data to thousands of criminals nearly a year after the initial breach. In a statement to ZDNet, an MGM spokesperson said: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter." The hackers dumped the personal details-which include full names, home addresses, phone numbers, emails and dates of birth-for 10,683,188 former hotel guests, including Justin Beiber and Twitter CEO Jack Dorsey.

A U.S. Defense Department agency that's responsible for providing secure communications and IT equipment for the president and other top government officials says a data breach of one of its systems may have exposed personal data, including Social Security numbers. While Defense Department officials did not provide specifics about the data breach, such as when it happened or how many individuals may have been affected, the notification letter refers to a data breach of a system hosted by the agency.

The United States' Defence Information Systems Agency has started notifying people that their personal information may have been compromised as a result of a data breach that occured in 2019. DISA is a Department of Defense combat support agency that employs over 8,000 military and civilian personnel.

A hacking forum this week published details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. MGM almost immediately confirmed the breach to ZDNet, linking it to a security incident that happened last summer, according to the report.

Hacking incidents involving email appear to be the most common type of major health data breach being reported to federal regulators so far in 2020. A snapshot Wednesday of the Department of Health and Human Services' HIPAA Breach Reporting Tool shows that so far in 2020, 38 health data breaches affecting a total of about 1.1 million individuals have been added to the official tally.

In the second global insider data breach survey, IT leaders found that 78% think employees have put data at risk accidentally in the past 12 months and 75% believe employees put data at risk intentionally. At the same time, 58% of managers said employee reporting is more likely than any breach detection system to alert them to an insider data breach.

The theft of access token represents a major API security risk moving forward, but also highlights how API risks can remain undetected for so long. API risk is rooted in a lack of visibility, not only into its traffic, but also into its flexible and powerful parameters, known as API specifications-or "Specs." DevOps and SecOps attempt to mitigate this risk by creating and maintaining API catalogs, which are a collection of its specs.

CyberFlood Data Breach Assessment Version 2.0 greatly expands network readiness testing by adding endpoint evaluation, incorporating evasion techniques and encrypted attacks used by attackers, and supporting MITRE ATT&CK and other security frameworks. CyberFlood Data Breach Assessment now supports frameworks for arranging and reporting on attack assessment exercises, including the increasingly popular MITRE ATT&CK framework.

The company said it discovered the breach recently, after being notified by a third-party that "There may have been unauthorized access to data from payment cards that were used at some Rutter's locations." Rutter's investigation revealed on January 14 that hackers had planted malware on payment processing systems, allowing them to obtain information from credit and debit cards used at point-of-sale devices at fuel pumps and convenience stores.