Breach of India’s Biometric Database Puts 1 Billion Users at Risk

A breach of the Unique Identification Authority of India’s Aadhaar biometric system is putting personally identifiable information (PII) of more than 1 billion Indian residents at risk, reports the Tribune, an Indian publication. Attackers created a gateway to the biometric database, in which any Aadhaar user’s ID number can be entered into a portal, the […]

DHS insider breach resulted in theft of personal info of staff and people involved in investigations

The US DHS Office of Inspector General (OIG) has confirmed that the “privacy incident” discovered in May 2017 resulted in the theft of personally identifiable information of DHS employees and individuals associated with investigations. The incident was the result of an attempted inside job by three DHS OIG employees who, according to the New York Times, stole the […]

Reacting to a big breach

Big security breaches have become disturbingly frequent in recent years. And with every headline announcing a security failure comes the anger and blame-storming, a lot of it from security professionals. Understandable, but how useful is it? Rather than face-palming all over Twitter, enumerating all the things they did wrong, and why they deserve getting hacked, […]

​240,000 Homeland Security employees, case witnesses affected by data breach

The United States Department of Homeland Security (DHS) has confirmed the breach of the DHS Office of Inspector General (OIG) Case Management System (CMS), affecting approximately 247,167 individuals employed by DHS in 2014, as well as individuals including subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014. DHS issued a statement […]

Forever 21 Found Malware and Encryption Disabled on its PoS Devices

Forever 21’s investigation into a data breach first reported in November 2017 has revealed malware planted on the retailer’s point-of-sale systems (PoS) as well as encryption disabled on some of the devices. The retailer, which had been using encryption on its payment system since 2015, received a report in mid-October indicating unauthorized access to payment card data […]

2017 was a dumpster fire of privacy and security screw-ups

If you thought 2016 was bad — a year of historical hacks and game-changing cyberattacks — 2017 was even worse. Sure, 2016 may have killed every famous person we ever cared about, but this year brought shame on our favorite companies for getting security wrong and violating our privacy. Companies betrayed you, covered up hacks and renounced their responsibilities, […]

Census Records Leaked in Marketing Firm’s Exposure of 123 Million Households

On the heels of Equifax’s massive breach of American consumer data, researchers have discovered an even richer collection of personal data on 123 million American households left exposed online in an unsecured Amazon Web Services storage bucket. Researchers at the Upguard Cyber Risk Team discovered the database of marketing and analytics firm Alteryx was configured to […]

Our top 7 cyber security predictions for 2018

Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace. According to CSO’s Michael Nadeau there is […]

19 M California Voter Records Held for Ransom in MongoDB Attack

Voter registration data for over 19.2 million California residents that was residing on an unsecured MongoDB database has been deleted and held for ransom by attackers, according to researchers at Kromtech, who discovered the incident. This continues a series of cyber-extortion attacks that exploit the MongoDB database management system. Similar to others, in this instance, the attacker scanned the […]

An Effective Cyber Hygiene Program Can Save A Business

According to the 2016 Verizon Data Breach Incident Report, the vast majority of cyberattacks were successful due to individual error. For example, 63 percent of breaches leveraged weak, default, or stolen passwords, and 12 percent of breaches involved clicking on a malicious link or attachment. Left uninhibited, employees will behave how they choose when they are […]