Data Security

Insider risk, supply chain vulnerability and vendor risk all boil down to the same thing: the more people have access to your data, the more vulnerable it is to being leaked or breached. This summer brought an interesting twist to that straight-forward situation: Can data leaked by an employee or a contractor be a good thing? In July, a Belgian contractor who had been hired...

19 million Canadians are estimated to have been affected by data breaches between late 2018 and 2019, slightly more than half the population of the country.  The news was released by the Office of the Privacy Commissioner of Canada after the passage of the Personal Information and Electronic Documents Act (PIPEDA). Data breach reports have nearly sextupled since PIPEDA went...

As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to...

The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to...

According to IBM Security's 2019 Cost of a Data Breach Report, the average time to identify and contain a breach was a whopping 279 days, and it took even longer to discover and deal with a malicious attack. The average cost of an incident was $3.9 million, and the average cost per record, $150. A malicious hacker can do serious damage to an organization....

Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites. “There was...

The data breach of Capital One was big news, but it was also a familiar story: a major financial company with the budget and means to secure its data didn't bother to do so, and the personal information of over a hundred million of its customers and applicants was exposed. The discovery, announcement, and subsequent arrest of the alleged perpetrator all...

MoviePass confirmed a data breach that exposed customer data on an unprotected database. The incident included credit card numbers Researchers discovered the database online on a subdomain of MoviePass with no password protection. The subdomain contained 161 million records. At least 58,000 records on the database contained customer card and credit card information, as well as names, email addresses, and...

Capital One's announcement of a hack that affected more than 100 million people should have you asking not what, but who's in your wallet. The company estimated a year-one expense ranging from $100-$150 million. Equifax settled recently on a penalty of more than $700 million. Getting cyber wrong is expensive. Getting cyber wrong--i.e., all the ways that can become manifest--is of course also...

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week.  The Texas Department of Information Resources (DIR) became aware of the ransomware campaign after being contacted by the municipal governments of several towns that were unable to access critical files. The DIR has yet to identify the affected government entities and is...