Panera Bread appears to have failed to fix a customer data leak for more than eight months after getting a heads-up from an independent security researcher. Here's what others should learn from the bakery café chain's mistakes.
Panera Bread is warning that information on 10,000 customers has been inadvertently exposed. The data leak, however, persisted despite the company being alerted to the problem eight months ago, and there are signs that the victim tally may be much higher.
Russian national Yevgeniy Nikulin, 30, has been extradited to the U.S. from the Czech Republic to face charges that he hacked LinkedIn, Dropbox and Formspring, offering at least some stolen data for sale.
Cyber SOCs, the next generation of security operations centers, need to use a new approach to detecting emerging attacks, says Aadesh Gawde of the IT risk consultancy ProVise Consulting, who offers implementation tips.
Malaysia's central bank, Bank Negara Malaysia, says it detected and successfully blocked an attack that attempted to steal funds via fraudulent SWIFT interbank money-moving messages. The attack against BNM led the central bank of the Philippines to issue an alert to banks in that country.
Department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor have suffered a data breach that apparently exposed details on 5 million payment cards. Cybersecurity firm Gemini Advisory says the JokerStash syndicate - aka Carbanak gang - is selling the stolen card data.
Under Armour says an unauthorized intruder gained access to information for the accounts of 150 million users of its MyFitnessPal mobile app and website. Learn why some fear the breach could lead to a massive phishing campaign.
With the explosion of laptops, IoT, tablets, smartphones and other smart technologies, endpoints are the single largest group of devices inside your network today. Managing all of your assets and their software requires three foundational steps.
Ecuador's embassy in London has again revoked internet access for seven-year houseguest Julian Assange, saying the WikiLeaks chief violated an agreement to not interfere in other countries' matters. WikiLeaks' star has continued to fall since it's been revealed to be an apparent Russian stooge.
Five days after a ransomware outbreak crypto-locked city systems, Atlanta has advised its 8,000 employees that they can once again boot their PCs and printers. But information security experts warn that the city's infrastructure still appears to have easily exploitable misconfigurations.
Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation's top HIPAA enforcer. So, what changes are being considered?
A medical practice's misconfigured database server that allegedly exposed information about thousands of patients plus staff serves as another reminder about the importance of safeguarding sensitive data from exposure on the internet.
Evidence continues to mount that Russian intelligence created the "Guccifer 2.0" hacker online persona as a "plausible deniability" cover for dumping information stolen from the U.S. Democratic National Committee, among other targets, says cybersecurity expert Alan Woodward.
Despite the White House's request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
The U.K. government concurs with allegations contained in a U.S. Department of Justice indictment, which charges nine Iranians, plus the Mabna Institute, with perpetrating a five-year hacking campaign designed to steal scientific secrets for Iran's military and private industry.