Commentaries and Analyses, Vendor News
December 03, 2024
152 views 12 secs 0

Tips for Vacation Rental, Property Mgmt. Businesses Facing Vendor Cybersecurity Risk

Lawyers at JacksonLewis write: Last year, as reported on the Maine Attorney General’s Office website, Resort Data Processing (RDP) experienced a data breach affecting over 60,000 individuals caused by a “SQL injection vulnerability which allowed an unauthorized third party to redirect payment card information from in-process transactions on our RDP’s clients’ on-premises Internet Reservation Module (“IRM”) […]

Data Breach News, Vendor News
November 12, 2024
207 views 8 secs 0

Form I-9 Compliance updates its breach report once again; number affected keeps climbing

Employee eligibility verification solutions provider Form I-9 Compliance suffered a data breach on February 5, 2024. Its impact is way, waaaaay bigger than initially reported. Security Week reports: In late May, the company started informing customers that someone had gained unauthorized access to its network in early February. The intrusion was detected on April 12 […]

Data Breach News, News, Vendor News
November 12, 2024
111 views 47 secs 0

Amazon confirms employee data compromised amid 2023 MOVEit breach; dozens of other companies also affected

The MOVEit breach was one of the biggest breaches of 2023. Cl0p threat actors exploited vulnerabilities in the file transfer software and exfiltrated massive amounts of data from entities in all sectors. Now data from Amazon and almost three dozen other MOVEit victim entities is being leaked on BreachForums by a forum user calling themself […]

News, Vendor News
October 29, 2024
217 views 22 secs 0

Right back atcha: CrowdStrike sues Delta Air Lines

Days after Delta Air Lines sued cybersecurity vendor CrowdStrike for $500 million in losses that it attributes to the vendor’s outage, CrowdStrike countersued its customer. CyberDaily reports CrowdStrike’s statement, previously reported by The Times of India, but adds CrowdStrike’s counterclaim that Delta delayed its own recovery by refusing assistance from it and its partner, Microsoft: […]

Vendor News, News
October 28, 2024
210 views 53 secs 0

Delta sues CrowdStrike over “catastrophic” software update that prompted mass flight disruptions

The Times of India reports that Delta Air Line sued CrowdStrike over the firm’s faulty software update in July that resulted in widespread outages for CrowdStrike customers. Delta had to cancel 7,000 flights for 1.3 million customers and suffered $500 million in losses. CrowdStrike responded to the lawsuit, which was filed in Georgia state court […]

Vendor News, Legal News, News
October 22, 2024
240 views 4 secs 0

Four cyber companies fined for SolarWinds disclosure failures

The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s  announcement is  the result […]

Vendor News, Commentaries and Analyses
October 10, 2024
243 views 44 secs 0

The problem with third-party breaches – a data protection dilemma

Commentary by Clyde Williamson, Security Architect at Protegrity. There has been a notable increase in third-party breaches, with headlines featuring Snowflake, Santander and Ticketmaster as recent victims. These incidents highlight that vulnerabilities are inherent in our systems, making no organisation immune to such attacks. Unsurprisingly, 98% of organisations have experienced a third-party breach within the past two years. These breaches […]

Data Breach News, Healthcare, Vendor News
September 07, 2024
323 views 27 secs 0

Another 947K patient records found to be hacked in MOVEit breach

More than a year after other victims of the MOVEit hacking incident notified people, the the Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information was acquired by the Clop gang: The MOVEit data breach may be long in the rear-view mirror, but […]