Security news aggregator

Latest coverage for Sensitive Information

Sensitive information includes data whose exposure can enable identity theft, fraud, privacy violations, or targeted cyberattacks.

44 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Sensitive information is data whose unauthorized access, disclosure, alteration, or loss could harm people, organizations, or public interests. It can include personal identifiers, authentication secrets, financial and health records, proprietary business data, and information protected by law or contractual duty. Sensitivity depends on context: a data set may be restricted because of privacy obligations, competitive value, safety concerns, or national-security classification.

For security practitioners, the key issue is controlling the data throughout its lifecycle—from collection and use to storage, sharing, archiving, and deletion. Excessive privileges, exposed databases, insecure transfers, application logs, backups, and compromised accounts can all reveal sensitive data. Useful controls include data classification, least-privilege access, strong authentication, encryption in transit and at rest, retention limits, and monitoring for inappropriate access or transfer. A suspected exposure requires identifying what data was affected, preserving relevant evidence, containing access, and assessing privacy or regulatory notification duties.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 44 Filtered view
Bank Info Security 1 month, 3 weeks ago

Liberty Mutual Sued Over Alleged Everest Group Data Theft

Incident Comes Months After NYS Fined Liberty Mutual $2M in Other HacksInsurance carrier Liberty Mutual is facing proposed class action litigation filed by policyholders who allege their sensitive information was compromised in an April data theft claimed by cybercrime gang Everest Group. The incident is the company's latest data security related troubles.

Ransomware Gang Everest Claims It Has Leaked All Stolen DataA revenue cycle management software firm is notifying an undisclosed number of patients of several medical diagnostic labs that their sensitive information, including diagnoses and treatments, was stolen in a November hack. Ransomware gang Everest Group claims it has leaked all the data.

Bank Info Security 5 months, 2 weeks ago

Ambulance Billing Firm Pays $515K Fine to 2 States in Hack

Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 BreachAn ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.

Bank Info Security 6 months, 1 week ago

Orthopedic Practice Pays $500K Settlement to NYS in Hack

2023 Incident Affected More Than 650,000 Patients, EmployeesAn upstate New York orthopedic practice has agreed to pay state regulators a $500,000 settlement and implement stronger security practices following a 2023 hack involving the theft of 650,000 individuals' sensitive information. Cybercrime group INC Ransom reportedly claimed credit for the incident.

Bank Info Security 7 months, 2 weeks ago

CISA Warns of Severe Flaws in Nuclear Med Tracking Software

Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS SoftwareU.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.

Bank Info Security 7 months, 3 weeks ago

Email Hacks Continue to Plague Healthcare Sector

Mindpath Health Settles Claim for $3.5M; Delta Dental Notifies 146,000 of BreachEmail breaches continue to plague the healthcare sector, resulting in data compromises that often affect the sensitive information of scores of patients. Two recent incidents illustrate the risks email breaches pose to patients, and the potential legal fallout for providers.

DHS Plans to Expand SAVE Database Use Raise Privacy, Accuracy and Security ConcernsA Department of Homeland Security move to broaden an immigration verification database into a voter verification tool could expose sensitive information to security threats. Critics caution it accelerates a pattern of data being repurposed by the Trump administration for surveillance.

Bank Info Security 8 months, 3 weeks ago

Radiology Practice to Pay $3.4M-Plus to Settle Hack Lawsuit

2023 Data Theft Affected Nearly 887,000 PatientsA radiology practice that has been serving patients in North Carolina for about 70 years agreed to pay more than $3.4 million to settle proposed class action litigation filed in the wake of a 2023 hacking incident that compromised the sensitive information of nearly 887,000 individuals.

Bank Info Security 9 months, 3 weeks ago

Google, Flo Health, Flurry to Pay $59.5M in Privacy Lawsuit

Settlement Ends Litigation Alleging Unlawful Sharing of Consumers' Fertility DataFlo Health, Google and Flurry have agreed to shell out millions of dollars to fund a nearly $60 million settlement for proposed class action lawsuit that accused Flo of using tracking codes in its fertility app that shared women's sensitive information with Google and Flurry without their consent.

Congress Pressed to Fund Federal Court System Cyber Upgrades Amid Escalating RisksA breach of the U.S. national court filing system intensified concerns over the federal judiciary's cybersecurity, with critics urging reforms and congressional funding to close gaps that could expose sealed cases, confidential informants and other sensitive information.

'IntelBroker' Faces Four-Count Indictment in Manhattan Federal CourtA hacker known online as "IntelBroker" and who has a history of spilling sensitive information faces a four-count criminal indictment in the United States after French police arrested him in February. IntelBroker's true identity is British national Kai West, U.S. federal Manhattan prosecutors said.

Bank Info Security 1 year, 2 months ago

Public AI Tools Need Governance to Avoid Data Leakage Risk

Zscaler's Jay Chaudhry on Visibility and Policy Enforcement to Secure AI UsageOrganizations face significant risks when employees use public AI tools without governance, but security platforms can provide visibility, policy controls and data protection to safeguard sensitive information from unauthorized exposure, said Jay Chaudhry, founder, chairman and CEO, Zscaler.

Top Democrat Sounds Alarm Over Whistleblower Report of DOGE's Master DatabaseA top Democrat on the House Oversight Committee sounded the alarm after a whistleblower provided information to Congress warning that staffers for the Department of Government Efficiency violated federal data laws while building a "master database" of sensitive information across federal agencies.

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

Bank Info Security 1 year, 3 months ago

UK Fines Law Firm 60,000 Pounds for Ransomware Data Breach

Firm Failed to Close Outdated User Account, Waited 43 Days to Notify RegulatorsThe U.K. Information Commissioner's Office imposed a fine of 60,000 pounds against Liverpool-based law firm DDP Law for GDPR violations relating to a 2022 ransomware hack and data leak that exposed sensitive information including the details of its clients' cases.

Bank Info Security 1 year, 3 months ago

FTC: 23andMe's Buyer Must Uphold Co.'s Data Privacy Pledge

Letter to Bankruptcy Trustee Says 23andMe's Privacy Promises Must Carry OverThe Federal Trade Commission has sent a letter to 23andMe's bankruptcy trustees saying that any sale of the genetic testing firm or its assets will be subject to the company's previous pledges to consumers involving the privacy and security of their sensitive information and biological samples.

Bank Info Security 1 year, 4 months ago

Concerns Over Apple's UK iCloud Encryption Deactivation

Withdrawal of Advanced Data Protection for British Users Could Have Global ImpactApple's decision to withdraw iCloud end-to-end encryption in the United Kingdom has privacy and security advocates worried that the British government could scan and surveil sensitive information of Apple users worldwide. Apple on Friday deactivated its Advanced Data Protection feature in the U.K.

Bank Info Security 1 year, 5 months ago

3 Health Groups Report 2024 Hacks Affecting 1.2 Million

Attacks Hit Hospitals, Clinics in California, Alabama and ColoradoThree healthcare entities - including a California hospital and outpatient care provider, an Alabama cardiology practice, and a Colorado community health system, are notifying a total of more than 1.2 million individuals that their sensitive information was compromised in 2024 hacks.

Loading more headlines...