T-Mobile USA has confirmed that its systems were breached and that details for 7.8 million current T-Mobile postpaid customers and 850,000 prepaid customers as well as records for 40 million individuals who applied for credit were stolen.
Three banking trade groups are objecting to provisions of a bill now pending in Congress that would require security incident reporting within 24 hours of discovery. They also are raising concerns about other provisions.
When is a data exposure not just a data exposure? According to a U.S. Securities and Exchange Commission order, education publishing giant Pearson misled investors when it failed to proactively inform them that attackers had stolen millions of rows of student information, including poorly hashed passwords.
The ransomware attack that targeted Colonial Pipeline Co. in May compromised the personal information of more than 5,800 individuals, mainly current and former employees, according to a breach notification letter.
Multi-factor authentication (MFA) necessitates the user to provide two or more verification factors to gain access to a
resource such as an application, an online account, or a virtual private network (VPN). It is a core component of a strong
identity and access management policy.
Download this whitepaper for...
A Houston-based gastroenterology practice notified all 162,000 of its patients and employees that their information had potentially been compromised in a January ransomware incident, saying it would have been too costly and time-consuming to pinpoint which individuals had data exposed. Was that the right move?
A Gartner study estimated that 1 in 3 security breaches will come via shadow IT. Shadow IT resources, which are typically in the cloud, are often purchased and used outside IT procurement and support policies. They create double trouble, bloating overall spend and leaving you vulnerable to cyberattacks or data loss....
In the wake of a recent cyberattack on UF Health Central Florida that disrupted access to patients' electronic health records for about a month during recovery, the entity is now reporting the incident also exposed patient information.
What do Facebook, Twitter, and Github all have in common? Data exposure incidents in recent years where even though they had locked down their data stores, credentials leaked into their log files creating painful, public security incidents. Modern software development practices, from microservices to CI/CD, make it...
Several recent health data breaches involving vendors - including more reports related to the Accellion file transfer appliance hack - show that managing vendor security risks remains a difficult ongoing challenge in the healthcare sector.
Another lawsuit seeking class action status was filed last week against San Antonio-based NEC Networks - which does business as CaptureRx - in the aftermath of a hacking incident that now appears to have affected several dozen of the vendor's healthcare clients and at least 2.4 million individuals.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.