Rackspace says the ransomware-wielding attackers who disrupted its hosted Microsoft Exchange Server environment last month wielded a zero-day exploit, described by CrowdStrike as being "a previously undisclosed exploit method for Exchange," to gain remote, direct access to servers it hosted.
The prospect of class action lawsuits being filed in the aftermath of a major data breach often has more impact on breached healthcare organizations than the potential for fines and enforcement actions by government regulators, says attorney Jeff Westerman of Westerman Law Corp.
Belgian banking giant Degroof Petercam is warning hundreds of clients that their employees are at risk of fraud after personal details tied to their stock option plans were accessed, potentially by an ex-employee. The bank has reported the data breach to the Belgian Data Protection Authority.
The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed. LastPass says the attacker downloaded from the cloud backups of multiple users' encrypted password vaults, as well as unencrypted URLs.
Identity and access management company Okta revealed that its private GitHub repositories were accessed earlier in the month, resulting in the theft of its source code in its Workforce Identity Cloud code repositories. "No customer data was impacted," Okta says.
In a surprise move, Britain's Information Commissioner's Office recently named names - lots of names - on the data breach front. The ICO has published detailed information about breaches of personal data, complaints and the civil investigations. Attorney Edward Machin explains the implications.
Stop the presses: Britain's Guardian Media Group has been hit by a "serious IT incident," believed to be ransomware, that appears to have encrypted numerous systems. Experts say ransomware groups love to strike over the holidays, adding pressure on victims to pay a ransom quickly and quietly.
The latest edition of the ISMG Security Report discusses why it is always a bad idea for organizations to pay hackers for data deletion, practical steps organizations can and should take to avoid being at the heart of a data subject complaint, and the latest efforts to tackle the ransomware threat.
A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.
Australian telecommunications provider Telstra apologized for accidentally publishing names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company apologized for the error and blamed a "misalignment of databases."
In the latest weekly update, ISMG editors discuss ways organizations commonly founder when implementing a zero trust strategy, what the latest version of India's digital data protection bill means for CISOs, and how a 2022 data breach confirmed by Twitter may be worse than initially thought.
Is a four-month delay between learning your systems were breached and notifying affected customers acceptable? After spotting an attack in August, private utility South Staffordshire Water in England is only beginning to alert customers that they're at risk of identity theft.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
What does the latest version of India's data protection bill mean for CISOs, and what impact does it have on security practitioners? Khushbu Jain, advocate, of the Supreme Court of India, shares some of the fine print in the draft legislation and discusses some changes that CISOs may need to make.
India's current Data Protection draft bill is a sea change from its earlier version. What works in the new bill and what does not work? Three experts share their views on the expected practical implementation of some of the requirements of the bill.