Security news aggregator

Latest coverage for PII

PII covers information that identifies people, making its collection, storage, and disclosure central to privacy protection and breach response.

929 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

PII (personally identifiable information) is information that identifies a person directly or can do so when combined with other data. Direct identifiers include names, government identification numbers, passport details, and email addresses; indirect identifiers can include birth dates, precise location, or unique account attributes. The term is used broadly in security, but its legal scope varies: laws and regulations may use different definitions, such as “personal data” under the GDPR or protected health information under HIPAA.

PII is a high-value target because unauthorized access or disclosure can enable identity fraud, targeted phishing, or privacy harm. It may be exposed through compromised applications, cloud storage, logs, endpoints, or third parties. Practitioners should inventory and classify it, collect and retain only what is needed, restrict access, and protect it with encryption or tokenization where appropriate. Monitoring and tested procedures for investigating exposure are important, while retention, deletion, and notification duties depend on the applicable jurisdiction and sector.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 929

Lidl disclosed a third-party data breach affecting online shop customers in Germany, Belgium, and the Netherlands. Payment data was not exposed. Lidl contacted customers of its online shop in Germany, Belgium, and the Netherlands last week to inform them that their personal data had been stolen in an attack on an external IT service provider. […]

Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information of 4.38 million customers and agents after gaining access to its systems between June 15 and June 25. Attackers stole data from the company policyholder […]

WhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it’s finally letting them talk to each other without exchanging phone numbers. The company announced this week that usernames are coming later this year, and reservations are open now. The problem […]

Investigators Found Months of Unchecked Database Scraping ActivitySouth Korea's privacy regulator fined Coupang a record 624.7 billion won after concluding that weak authentication controls, insider access abuse, evidence destruction and unauthorized data collection contributed to the exposure of personal information belonging to 33.7 million people.

Novo Nordisk suffered a cyberattack where clinical trial data was copied. The breach is confirmed, but no threat actor has claimed responsibility. The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand […]

Carnival disclosed a data breach affecting nearly 6 million people after hackers used social engineering to access employee accounts. Carnival Corporation is notifying nearly 6 million people after a data breach exposed personal information. According to the notification shared with the Maine Attorney General’s Office, the total number of persons affected is 5,995,277. The company said […]

'Have I Been Pwned' Founder Troy Hunt Reviews Impact on People and OrganizationsThe volume of data breaches that result in stolen personal data being leaked online has been surging, "courtesy of the ShinyHunters," and while it affects individuals, the organizations being extorted are bearing the brunt of such attacks, said Troy Hunt, founder and CEO of Have I Been Pwned.

Hackers Constantly Break 'Confirmation of Data Destruction' PromisesWhen a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Loading more headlines...