Security News

In 2019 the total number of records exposed increased by 284% compared to 2018, according to Risk Based Security. In total, there were over 15.1 billion records exposed shattering industry projections.

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018. Pasco is Japan's largest geospatial service provider and Kobe Steel is a major steel manufacturer.

For individuals whose personal details were exposed, the impact of a data breach may last forever. Witness the 2015 data breach of extramarital dating site Ashley Madison, perpetrated by a group calling itself the Impact Team, which leaked 30 GB of data about subscribers.

Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals. 68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.

"As a consumer, it can be hard to avoid massive data breaches and hacking attempts against corporations holding your personal information," Security.org said in its survey report. "2018 was the second-most active year for data breaches globally, yet many Americans could be making it worse by not properly protecting their bank account information. As we found, many people didn't change their passwords regularly, and many reused the same passwords for a variety of accounts. Even among people who had been exposed to data breaches, many exhibited risky behavior regarding public Wi-Fi networks and storing their credit card information on their devices."

According to a new Identity Theft Resource Center report, the number of U.S. data breaches tracked in 2019 increased 17 percent from the total number of breaches reported in 2018. The 2018 Marriott data breach exposed 383 million records alone, significantly skewing the data.

The FBI has changed its policy around election cybersecurity and said it will now notify state officials in the event that local election systems are hacked. Previously, the FBI would inform these parties but didn't necessarily share the information with state election officials, a move that came under fire from state lawmakers and Congress for not going far enough to protect the integrity of elections from cyberattacks.

The FBI, in a change of policy, is committing to inform state officials if local election systems have been breached, federal officials said Thursday. Now the FBI will notify both counties victimized by breaches as well as the state's chief election official - in most cases, the secretary of state.

2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here's the Threatpost Top 10 for data-breach...

From ransomware ramp up, to voice assistant privacy perils, the Threatpost team breaks down the top news stories from this past year.