Security News

IBM released its annual Cost of a Data Breach Report revealing the global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams. Breach costs increased 10% from the prior year, the largest yearly jump since the pandemic, as 70% of breached organizations reported that the breach caused significant or very significant disruption.

"We discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems," reads the data breach notice to be distributed to impacted individuals on August 9, 2024. The breached data repository, which HealthEquity clarified is outside its core systems, has now been secured by terminating unauthorized sessions and blocking IP addresses associated with the intruders.

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House service provider, whose name was not disclosed. According to the notification, Gemini suffered a third-party data breach when an unauthorized actor breached its vendor's systems between June 3 and June 7, 2024.

Debt collection agency Financial Business and Consumer Solutions has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. FBCS is a US debt collection agency that collects unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities.In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised in a data breach on February 14, 2024.

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary,...

MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 individuals whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. While the Florida-based yacht seller initially stated in a March 12 SEC filing that no sensitive data was stored on the compromised systems, two weeks later, it said in a new 8-K filing that the attackers had stolen personal data belonging to an undisclosed number of people.

In data breach notification letters filed with the Office of Maine's Attorney General, Rite Aid said it detected the incident on June 6, 12 hours after the attackers breached its network using an employee's credentials.Just as it told BleepingComputer when it first confirmed the data breach on Friday, Rote Aid added that the customers' Social Security numbers, financial information, or health information were not exposed in the incident.

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "Nearly all" of its wireless customers as well as customers of mobile virtual network operators using AT&T's wireless network. This comprises telephone numbers with which an AT&T or MVNO wireless number interacted - including telephone numbers of AT&T landline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month.

Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. The company told BleepingComputer on Friday that it's currently investigating a cyberattack detected in June and working on sending data breach notifications to customers affected by the resulting data breach.

AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. In a Friday morning Form 8-K filling with the SEC, AT&T says that the stolen data contains the call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators made from May 1 to October 31, 2022 and on January 2, 2023.