The number of data breach notifications jumped 140% in 2020 from the previous year, with a surge in attacks against less-regulated industries, according to Kroll's 2021 Data Breach Outlook. Bryan Lapidus and Heather Williams of Kroll analyze the report's findings.
Title insurance company First American Financial Corp. will pay the SEC a $488,000 penalty as a result of a data breach revealed two years ago. Information security staff members were aware of the vulnerability in the company's EaglePro document-sharing system for five months but failed to fix it, the SEC reports.
Reproductive Biology Associates, an Atlanta-based clinic operator, and its affiliate, MyEggBank North America, report their systems were hit by a ransomware attack in April but say they regained control of their network and data after contacting the attackers.
A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.
For the second time in less than a year, Carnival has informed customers and employees of a data breach after an unauthorized intruder gained access to a portion of its IT network and infrastructure in March.
Volkswagen and its Audi subsidiary are notifying 3.3 million people in the U.S and Canada of a breach of personal information by a marketing services supplier. Volkswagen says 90,000 of those affected may have also had their driver's license number, loan data and other personal information exposed.
Fast-food giant McDonald's is acknowledging a data breach that affected some customer and company data from its locations in Korea and Taiwan. Phone numbers, delivery and email addresses were exposed. Payment data, however, has not been compromised.
The Qatar-based Al-Jazeera news service has said that it was subjected to a series of cyber-hacking attempts to penetrate some of its platforms and websites this week. It did not explain if this was a DDoS attack or something more sophisticated.
Electronic Arts has acknowledged that a threat actor has breached the gaming giant and has posted a huge swath of gaming and corporate data for sale on the publicly accessible leak site RaidForums. The ad claims to have 780GB of data.
A small U.S. nuclear weapons contractor has confirmed that it suffered a ransomware attack, resulting in the theft of data. Credit for the attack has been taken by the ransomware-as-a-service operation known as REvil, aka Sodinokibi, which the FBI recently tied to the attack against meatpacking giant JBS.
A federal court has approved a proposed settlement in a class action lawsuit filed in February against Nebraska Medicine in the wake of a 2020 malware attack and exfiltration of sensitive personal and health data for tens of thousands of individuals.
The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult choices many healthcare entities face in the wake of cyberattacks.
20/20 Hearing Care Network, a vision and hearing benefits administrator, is notifying nearly 3.3 million individuals that their personal and health information contained in an Amazon Web Services cloud storage bucket was accessed or downloaded - and then deleted - by an "unknown" actor.
The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia. Experts say a prolonged outage could have a noticeable impact on the global supply of meat. The company has yet to disclose if the attack involved ransomware.