Security News

Joe Sullivan, the former Chief Security Officer of Uber, has been convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of the hack Uber suffered in 2016. "In the wake of that disclosure, the FTC's Division of Privacy and Identity Protection embarked on an investigation of Uber's data security program and practices. In May 2015, the month after Sullivan was hired, the FTC served a detailed Civil Investigative Demand on Uber, which demanded both extensive information about any other instances of unauthorized access to user personal information, and information regarding Uber's broader data security program and practices."

The Australian Federal Police has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. Details of the scam were previously shared by 9News Australia reporter Chris O'Keefe on September 27, 2022.

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught."

The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 125,000 individuals.As revealed in a notice of data breach sent to affected people, an attacker breached the city's network and exfiltrated an undisclosed number of files containing sensitive information.

Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said.

Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations - such as admin accounts without multi-factor authentication - have left a dangerous amount of cloud data exposed to insider threats and cyberattacks, according to Varonis. For the report, researchers analyzed nearly 10 billion cloud objects across a random sample of data risk assessments performed at more than 700 companies worldwide.

Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month. In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ID document numbers exposed to the hackers.

TD Bank has disclosed a data breach affecting an undisclosed number of customers whose personal information was stolen by a former employee and used to conduct financial fraud.TD Bank is one of the largest banks in the United States by deposits, operating 1,220 branches and employing over 26,000 people.

The Australian Federal Police announced today the launch of Operation Guardian to ensure that more than 10,000 customers who had their info leaked in the Optus data breach will get priority protection against fraud attempts. Throughout Operation Guardian, JPC3 members can use full and collective legislative powers and investigative and intelligence capabilities of all Australian policing jurisdictions to help boost the breach victims' protection against fraudsters.

All of it I've never spent more than 10 seconds authorising myself to get into something when multifactor has popped up, and I can spare 10 seconds for the safety and security of not just my company's data, but our employees and our customers data. CHET. Well, the precise law in the United States, the Computer Fraud and Abuse Act, is very specific about the fact that you're breaching that Act when you exceed your authority or you have unauthorised access to a system.