LATEST POST
Cyber insurance audit: Painful necessity, or a valuable opportunity?
Not that long ago, few companies even considered purchasing insurance to mitigate their financial exposure from a cyber incident, and for those that did, obtaining a policy was as easy as filling out an application and writing a check. Those days are now squarely in the rearview mirror. Today, companies everywhere are rushing to get cyber […]
MLB Hall of Famer David Ortiz reveals he is the victim of an extortion plot by hackers
Boston Red Sox legend David Ortiz has revealed that he is victim of an extortion plot by criminal network that has threatened to spill details of his personal life. The Hall of Famer posted a video to Instagram explaining that the the suspects had broken into an old cellphone, where they gained access to his […]
Prime Therapeutics/Magellan Rx discloses breach affecting BCBS of Minnesota members
Prime Therapeutics LLC / Magellan Rx has disclosed a breach that may have affected a subset of covered Blue Cross and Blue Shield of Minnesota members. According to their press release, on July 11, they became aware that an unauthorized actor obtained access to an employee’s mobile email account. That email account contained documents that included members’ personal […]
A California bill under consideration could make it easier for consumers to scrub our personal data from the web. Guess who’s fighting it.
The Los Angeles Times reports that legislation being considered in California would make it easier for consumers to get every data broker to delete their personal information with just one request. Tech companies and other big businesses are fighting the bill. The bill, known as the Delete Act, faces a critical vote this Friday as […]
MOVEit Was a SQL Injection Accident Waiting to Happen
Omkhar Arasaratnam writes that the same type of attack that took advantage of poor security in 1998 is still taking advantage of poor security in 2023. He writes: SQL injection — among the lowest hanging of security fruit — is still included in the Open Worldwide Application Security Project (OWASP) Top 10 list of security […]
Broward County Declines Investigation into Admin Data Breach
The Florida county’s State Attorney’s office declined to formally investigate former Schools Superintendent Robert Runcie and two other former administrators for attempting to hide a massive March 2021 ransomware attack from the public. Broward County, Fla., prosecutors have declined to launch a formal investigation into former Schools Superintendent Robert Runcie and two other former administrators’ […]
Should senior IT professionals be liable for breaches?
In July, SolarWinds CISO Tim Brown and CFO Bart Kalsu received Securities and Exchange Commission notices of potential enforcement action over alleged violation of securities laws. The issue stems from their response to the Russian hack of the Orion network monitoring software in 2020 — a product used by more than 30,000 organisations. This isn’t the first […]