Twitter and Twilio Breaches

Twitter has experienced elevated data security issues in recent years.  The data of around 5.4 million anonymous user accounts was recently on sale on an underground forum for $30,000 between last June 2021 and January 2022.  Ultimately, a lower price was negotiated by the buyers.  Through the stolen data, the new owners could theoretically trace… Read More

Financial penalties for data breaches

Consequences abound, lately, for major companies across industries.  Most recently, T-Mobile and Uber have had to face the music regarding their respective data breaches.  In the latter, Uber has admitted to covering up its 2016 data breach in testimony to the Department of Justice (DOJ), reaching a deal with the agency to escape prosecution.  The… Read More

Log4J Bug Still a Major Risk

Last December, we discussed the recently disclosed Log4j vulnerability – a severe exploit that resided within the Java programming language.  It was described at the time as perhaps the most serious vulnerability seen by the U.S. Cybersecurity and Infrastructure Security Agency, due to the countless applications that used the Log4j code.  Some even went so… Read More

Wedding planners and medical device security

Sometimes, hackers don’t need to literally breach a company’s systems in order to do damage.  In the case of Zola, a wedding planning startup, all the hackers needed was access to user accounts to steal funds or charge thousands of dollars to their credit cards (which is still considered a data breach).  Existing accounts that… Read More

Managing talent shortages in data security

Prior to the pandemic, the IT field was already experiencing a shortage of cybersecurity skills and struggling to fill in the gaps.  The evolving patterns of remote work, along with the sophistication of cyber criminals, have only exacerbated the challenges.  Trust issues can arise for organizations bringing freelancers aboard, outsiders who will be handling sensitive… Read More

Bolstering cyber defenses to deal with evolving threats

Cyber criminals continue to get more sophisticated in their attacks.  We have alluded to this before, but the cost of data breaches rises each year.  This is especially true for the healthcare industry, where a breach can incur a cost of over $6 million and counting.  Schools and government agencies have likewise found themselves targeted… Read More

Data security risks targeting all industries

The eSports market is one of the fastest growing among entertainment industries.  In 2019, worldwide revenues of virtual or in-person video game competitions, totaled $957.5 million, a number which is expected to exceed $1.6 billion by 2024.   Like any online medium, however, this still fledgling enterprise finds itself having to contend not just with cheating… Read More

Student data breaches and expanded guidelines for health information

Any company engaging in the sharing of personal health information (PHI) for advertising purposes may soon find itself subject to new Federal Trade Commission (FTC) rules.  New guidance extends previous controls to the formerly ambiguous domain of applications and devices that share health data.  Failure to comply looks to invite agency enforcement in the future…. Read More

Protecting Intellectual Property From Hackers

Last week saw a data breach announcement from Samsung, which the company publicly acknowledged and for which the hacking group Lapsus$ claimed responsibility.  Luckily for Samsung customers, this does not appear to have been a case of compromised user data.  Rather, the hackers posted that they had stolen 190 gigabytes of company source code for… Read More

Protecting Critical Services from Cybercriminals

Last year’s targeted attack against the Colonial Pipeline brought into sharper focus the risk utilities face from cyber crime.  Data has always been a valuable resource for those who possess it, now more so than ever; as breaches of critical utilities show, it can also be a weapon.  If a retailer’s online platform gets breached,… Read More