Security News
ADT Inc. disclosed via a Form 8-K filing at the U.S. Securities and Exchange Commission (SEC) that hackers have gained access to its systems, which hold customer order details. [...]
The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure...
Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since. More Australia coverage Australia's privacy regulator alleges serious Medibank cyber security failures.
IBM released its annual Cost of a Data Breach Report revealing the global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams. Breach costs increased 10% from the prior year, the largest yearly jump since the pandemic, as 70% of breached organizations reported that the breach caused significant or very significant disruption.
The United Kingdom's Information Commissioner's Office revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, these security flaws were chained to hack into the commission's Exchange Server 2016 and deploy web shells, which allowed the attackers to gain persistence after installing web shells and backdoors.
"We discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems," reads the data breach notice to be distributed to impacted individuals on August 9, 2024. The breached data repository, which HealthEquity clarified is outside its core systems, has now been secured by terminating unauthorized sessions and blocking IP addresses associated with the intruders.
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House service provider, whose name was not disclosed. According to the notification, Gemini suffered a third-party data breach when an unauthorized actor breached its vendor's systems between June 3 and June 7, 2024.
Debt collection agency Financial Business and Consumer Solutions has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. FBCS is a US debt collection agency that collects unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities.In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised in a data breach on February 14, 2024.
Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary,...