Security News

T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen.Yesterday, news broke that a threat actor was selling the alleged personal data for 100 million T-Mobile customers after they breached database servers operated by the mobile network.

Pearson agreed to pay a $1 million civil money penalty to settle charges "Without admitting or denying the findings" that it tried to hide and downplay the 2018 data breach that led to the theft of "Student data and administrator log-in credentials of 13,000 school, district and university customer accounts" in the United States. "As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then Pearson understated the nature and scope of the incident, and overstated the company's data protections," said Kristina Littman, Chief of the SEC Enforcement Division's Cyber Unit.

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. The company says that it "Recently learned" that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack."The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID, and health-related information," Colonial Pipeline reveals in the data breach notification letters.

Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads. PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices.

Text IQ announced that its solution for identifying personal information outperformed AWS, Microsoft and Google in a real-life comparison of AI recall and precision. As companies across the globe...

Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.

Data breaches now cost companies a total of $4.24 million per incident on average, according to the Cost of a Data Breach Report, conducted by Ponemon Institute and analyzed by IBM Security. "While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach - which may pay off in reducing the cost of these incidents further down the line."

A report released Wednesday by IBM Security looks at how and why the average cost of dealing with a data breach has jumped to a new high. To compile its "Cost of a Data Breach Report 2021" IBM Security commissioned Ponemon Institute to survey more than 500 organizations hit by data breaches.

University of San Diego Health this week revealed that personal information was accessed in a data breach involving unauthorized access to some employee email accounts. In a substitute notification, UC San Diego Health revealed that an unknown threat actor accessed or acquired the affected data between December 2, 2020 and April 8, 2021.