CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout
Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus.
Stay informed on the latest data breach incidents and security breaches. Protect your information with our up-to-date breach news and analysis.
Search across headline titles and summaries.
Background for this topic.
Breach means unauthorized access to a computer system or network that exposes or steals sensitive data like personal details, passwords, or proprietary information. Attackers often exploit software flaws, weak passwords, or social engineering to gain entry. Breaches can also result from insiders misusing access or accidental data exposure.
Understanding breaches is crucial because they reveal weaknesses in security controls and can lead to data theft or operational disruption. Effective defenses include promptly patching vulnerabilities, enforcing strong authentication, and segmenting networks to limit attacker movement. Detecting breaches quickly through monitoring and logging helps contain damage and guide targeted remediation efforts to secure affected systems and data.
Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus.
Respondents in Dark Reading's Strategic Security Survey believe that the primary cause of their organization's next major data breach would involve social engineering, negligent users, and insecure remote workers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee
Also: Polish Prime Minister Says Previous Administration Deployed Pegasus SpywareThis week, the Zeus leader pleaded guilty, Prudential detected hackers, U.S. telecoms have to report breaches, Microsoft patched zero-days, researchers said Chinese threat intel is faulty, ransomware hit Romanian healthcare entities, Juniper was breached and Poland allegedly previously used Pegasus.
Pediatric Tech Vendor Hit by 2022 Data Breach Affecting 3 Million - Mostly ChildrenAn electronic health record and practice management software firm says the only way to avoid bankruptcy from the consolidation of nine proposed class action lawsuits filed in the wake of a 2022 data breach is to settle the case for $4 million.
The breach exposed administrative and user data from specific IT systems, but there is no evidence of customer or client data compromise
Oklahoma Integris Health Facing Multiple Lawsuits in 2023 BreachAn Oklahoma-based healthcare system is notifying 2.4 million individuals that their sensitive information was potentially compromised in an exfiltration incident last year. Cybercriminals have been attempting to extort ransom payments directly from some of those affected patients - including kids.
The finance services giant says it was hacked — and reported the incident proactively before SEC requirements mandated it. It could be an anti-extortion move, or merely a brand protection effort.
Researchers See Waning Mystique, Use of Ghost Groups, Breach Tricks, Trauma of WarWhile overall ransomware profits might remain high, many of the remaining or rebooted top-tier groups are "really struggling" with scarce talent, trauma from the Russia-Ukraine war and repeated disruptions by law enforcement, say researchers from threat intelligence firm RedSense.
Emergency impacting more than 100 facilities appears to be caused by incident at software provider The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider.…
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. [...]
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [...]
The Commission's breach rules for voice and wireless providers, untouched since 2017, have finally been updated for the modern age.
Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. [...]
Gang going after critical infrastructure because it's...you know Canada's Trans-Northern Pipelines has allegedly been breached by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.…
UK utilities firm Southern Water has informed 5-10% of its customer base that their personal data has been accessed following a ransomware attack in January
A notification letter sent to the Attorney General of Maine showed 57,028 individuals were impacted
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers.
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. [...]
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. [...]