Australian data breach news & repercussions

In the wake of the nation’s major data breaches, Australian authorities have conducted investigations in conjunction with other agencies, like Interpol.  Their findings lead them to the totally unremarkable conclusion that Russian hackers are behind this recent spate.  Commissioner of the Australian Federal Police (AFP), Reece Kershaw, revealed that his team was aware of the… Read More

Penalties for data breaches surging

A data breach against Drizly LLC in 2020 exposed the personal data of around 2.5 million customers through a hacker accessing employee login information.  Now, the Federal Trade Commission (FTC) has levied a proposed decision and order against both the firm and its CEO, James Cory Rellas, exacting stern measures.  Demonstrating the severity of consequence… Read More

HELP WANTED:  Data Security Experts

First it was telecoms like Optus and Telstra, then Medibank Private Ltd., to name a few major Australian firms hit by cybersecurity breaches.  Now, another significant data breach has been disclosed – this time of a military communication platform called ForceNet.  Fortunately, in this case it seems no data was compromised by the cyber attack… Read More

Ransomware targets education

Ransomware continues to be a thorn in the side of countless organizations and industries.  The FBI has confirmed a rise in this trend, especially since 2019.  One dark web listing in 2020 advertised 2,000 university credentials for sale.  This year, the agency found further evidence for multiple cybercrime forums selling credentials and VPN access to… Read More

Australia’s seismic telecom breaches

The big data security story in the news these last few weeks is the hack of Optus, Australia’s second largest telecom firm.  One unusual twist to the standard plot is the alleged hacker retracting their ransom demands and offering an actual apology for the incident.  You don’t often see that.  Perhaps the situation got too… Read More

Twitter and Twilio Breaches

Twitter has experienced elevated data security issues in recent years.  The data of around 5.4 million anonymous user accounts was recently on sale on an underground forum for $30,000 between last June 2021 and January 2022.  Ultimately, a lower price was negotiated by the buyers.  Through the stolen data, the new owners could theoretically trace… Read More

Financial penalties for data breaches

Consequences abound, lately, for major companies across industries.  Most recently, T-Mobile and Uber have had to face the music regarding their respective data breaches.  In the latter, Uber has admitted to covering up its 2016 data breach in testimony to the Department of Justice (DOJ), reaching a deal with the agency to escape prosecution.  The… Read More

Log4J Bug Still a Major Risk

Last December, we discussed the recently disclosed Log4j vulnerability – a severe exploit that resided within the Java programming language.  It was described at the time as perhaps the most serious vulnerability seen by the U.S. Cybersecurity and Infrastructure Security Agency, due to the countless applications that used the Log4j code.  Some even went so… Read More

Wedding planners and medical device security

Sometimes, hackers don’t need to literally breach a company’s systems in order to do damage.  In the case of Zola, a wedding planning startup, all the hackers needed was access to user accounts to steal funds or charge thousands of dollars to their credit cards (which is still considered a data breach).  Existing accounts that… Read More

Managing talent shortages in data security

Prior to the pandemic, the IT field was already experiencing a shortage of cybersecurity skills and struggling to fill in the gaps.  The evolving patterns of remote work, along with the sophistication of cyber criminals, have only exacerbated the challenges.  Trust issues can arise for organizations bringing freelancers aboard, outsiders who will be handling sensitive… Read More