Upscale supermarket chain Whole Foods Market says it's investigating a payment card breach affecting dozens of taprooms and an unspecific number of restaurants located inside its stores. But it says no point-of-sale systems at checkout lanes were compromised.
Fast-food chain Sonic Drive-In is investigating a potential breach involving customers' payment card data. Its alert follows a large, potentially related batch of stolen card data appearing for sale on a cybercrime "carder" marketplace called "Joker's Stash."
Publicly traded companies should do a better job of disclosing cyber risks they face in their filings with the Securities and Exchange Commission, SEC Chairman Jay Clayton says.
"Big four" accounting firm Deloitte suffered a breach last year that may have exposed 5 million internal emails as well as usernames and passwords, client information and health details, the Guardian reports.
The chairman of the U.S. Securities and Exchange Commission will face the Senate Banking Committee next week following the agency's belated disclosure that in May 2016, hackers stole secret market data from the SEC's systems and apparently used it for "illicit gain through trading."
Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.
Canada had been lagging behind the U.S. and some other nations in terms of breach notification regulations, but now it's catching up, says attorney Imran Ahmad, who explains new regulations that are going into effect.
Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.
Will the Equifax breach upend the rules of the data breach notification game? Will it even be discussed in another year? Already, the breach is leading to tough questions about how personal data gets stored, sold and secured - or not - in the United States. Equifax also should consider itself lucky that it didn't lose...
Equifax is disputing Bloomberg's report that it suffered an undisclosed data breach, discovered in March, that predates the massive breach that began in May. Instead, Equifax says the March incident involved its payroll service and that it notified all victims and required regulators.
Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner.
Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.
What do you do if you're the CEO of a credit bureau that's suffered a massive breach, leading to Congressional probes, dozens of lawsuits, formal investigations by state attorneys general and calls for your resignation? Answer: Issue an apology via USA Today.
A detailed analysis of the Equifax breach highlights the latest edition of the ISMG Security Report. Also, an update on Russia exploiting social media to influence the 2016 presidential vote.
To prepare to comply with Australia's new breach notification law, which goes into effect in February, organizations should start reviewing their cybersecurity posture and incidence response mechanisms, says Leonard Kleinman, RSA's chief cybersecurity advisor-APJ.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.