Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.
Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.
A Shift Toward a Human-Centric Approach to Information Security
Every IT security department's job, to protect data, has become more challenging as the security perimeter has dissolved with the adoption of cloud applications. The traditional threat-centric approach is to apply rigid policies to a dynamic...
In the age of GDPR, more organizations are looking to data classification - including more automated techniques for doing so - as a way to not only help them protect their crown jewels, but in the case of a breach quickly identify what went missing, says Digital Guardian's Tony Themelis.
Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.
The European Union's (EU's) General Protection Regulation (GDPR), which began enforcement on May 25, 2018, dramatically increases the penalties for failing to properly protect users' personal . The maximum fines that can be leveraged against an organization eclipse penalties that have been imposed in the past; they...
Coupled with HIPAA and other regulatory requirements that make securing protected health (PHI) paramount, healthcare organizations have no shortage of serious considerations that must be adequately addressed to ensure patient and safety.
To find out what considerations are weighing heaviest on the minds of...
PageUp, an HR software developer in Australia with clients worldwide, is warning that malware-wielding attackers may have accessed a raft of personal data stored in its systems. The breach may be the largest to have hit Australia since its mandatory data breach notification law went into effect in February.
Yesterday's threat detection is not working. Companies must reshape their cybersecurity programs, knowing that attackers are always looking for a way in - or may have already penetrated.
There are numerous ways healthcare organizations can benefit from a deception approach as new cyber vulnerabilities and risks in...
The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.
At its core, compliance for HIPAA is simply about maintaining patient privacy by ensuring your users appropriately access and use patient data. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed.
The challenge, however, is the lack of visibility into what users do with...
Cambridge Analytica, the data analysis firm that reportedly received data on up to 87 million Facebook users without their consent, shut down on Wednesday. The company had worked on the 2016 campaign of U.S. President Donald Trump. But its backers have launched a new firm, called Emerdata.
Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data.