The Consumer Financial Protection Bureau (CFPB) is in the hot seat this week after it came to light an employee forwarded the sensitive data of over 250,000 consumers to their personal email account. But this wasn’t just an isolated incident. The employee responsible exfiltrated sensitive information numerous times, sending over 60 emails to his personal […]
Data security news & resources
What are the HIPAA Privacy Rule changes for 2023?
Is insurance industry data safe in cloud apps?
Mastering GLBA Compliance 2.0: How to Safeguard Customer Data with Polymer DLP?
What you need to know about the US National Cybersecurity Strategy
How to protect patient data against insider threats?
Over 4 million individuals impacted by Independent Living Systems breach
Miami-based healthcare software provider, Independent Living Systems, is in the hot seat this week, after announcing a data breach that impacted over 4.2 million individuals. The incident, which is the largest healthcare breach of the year so far, came to light on March 14, when the company shared an announcement stating it experienced an “incident […]
What must companies disclose to the Securities and Exchange Commission (SEC) in the event of a data breach?
Over the past 18 months, the Securities and Exchange Commission (SEC) has levied an onslaught of fines against public companies for inadequate disclosures of cybersecurity issues. In the latter half of 2021, British company Pearson agreed to pay $1 million, while First American Financial agreed to a settlement of $500,000. Then, just last week, the […]
LastPass owner GoTo says hackers stole customer backups
News just in. LastPass’ parent company, GoTo, has revealed malicious actors stole encrypted customer information – and, more troublingly, a decryption key – in a November 2022 attack. While you might not have heard of GoTo, your company will probably use at least one of its digital tools. There’s the communications platform Central, the online […]
Atlassian data breach highlights crucial SaaS security learnings
Atlassian received a nasty surprise late last week, after the hacking group SiegedSec leaked stolen company data on Telegram, including confidential floor maps of its offices in Sydney and San Francisco and, more concerningly, sensitive information about its employees. Like quite a few recent breaches, the hacking group didn’t actually break into Atlassian’s IT infrastructure. […]
Lessons from Reddit data breach of internal documents and source code
News just in! Reddit, the hugely popular social news website and forum, has suffered a data breach. How did it happen? What did hackers steal? Should you be worried? We’ll answer all that and more below. Let’s dive in. How did the Reddit breach happen? As with many breaches these days, the Reddit incident has […]
Top SaaS breaches of 2022
What do Uber, LastPass and Marriott have in common? They all suffered pretty huge cloud data breaches in 2022. Read on to discover how these incidents–and more–happened, and how you can stop the same thing from happening to your organization. Uber How it happened On 15th September 2022, Uber employees received a Slack message from […]
AstraZeneca breach exposes sensitive patient data
This week, the pharmaceutical giant, AstraZeneca, hit the headlines after security researchers discovered credentials for one of the company’s internal servers on the code sharing platform, GitHub. While this is a relatively small-scale breach, there are a lot of lessons here about the risks of data exfiltration across SaaS environments. Here’s everything you need to […]
GitHub security best practices you need to know
What software developer doesn’t love GitHub? This amazing—and free—platform is a fantastic way to share code files, connect with fellow developers and collaborate on projects seamlessly. It’s no wonder that the platform has over 32 million monthly users. But, unfortunately, many people aren’t using the platform securely. Just recently, security researchers scanned GitHub for sensitive […]
What is the cost of PII on the dark web in 2022?
How much money do you think a cybercriminal needs to steal your identity on the dark web? $1000? $2000? Maybe less; $800? Actually, the figure is much, much lower. According to recent research, cybercriminals can start purchasing personally identifiable information (PII) for as little as $15. That would buy you a hacked credit card with […]
How did Dropbox data breach of 100 GitHub repositories occur?
It looks like Dropbox has dropped the ball. In a blog post published on November 1st, the company revealed that it had suffered a data breach after a successful phishing lure fooled numerous employees. Read on to discover how this breach happened, and the critical learnings to apply to your organization. What’s Dropbox? For those […]