The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result […]
More than a year after other victims of the MOVEit hacking incident notified people, the the Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information was acquired by the Clop gang: The MOVEit data breach may be long in the rear-view mirror, but […]
Risky Biz News reports: The FTC has fined security camera firm Verkada $2.95 million for failing to implement cybersecurity measures to protect its systems. The fine is related to a March 2021 security breach when a hacker accessed customer data and video footage from over 150,000 Verkada cameras. The hacker used the cameras to access and leak footage from psychiatric hospitals, […]
After the disastrous CrowdStrike update glitch in July, Microsoft continues to explore ways to prevent another such fiasco. Aidan Marcuss, Corporate Vice President of Microsoft Windows and Devices, announces a summit to address the issues raised and possible solutions: On Sept. 10, 2024, Microsoft will host a Windows Endpoint Security Ecosystem Summit at our Redmond, Washington, headquarters. […]
If you don’t audit your vendors, will you know if they are really adhering to the security provisions of your contract with them? Maybe you’ll get lucky, and disgruntled employees will blow the whistle. The Register reports: The US is suing one of its leading research universities over a litany of alleged failures to meet […]
In April 2024, AT&T learned that its customer data had been exfiltrated from its Snowflake workspace. The breach affected 90 million or more customers’ call and text histories recorded during a six-month period in 2022. The following is a press release from Senator Chuck Grassley:
The 2022 ransomware attack on Advanced, a National Health Service (NHS) vendor, was devastating to patient care. Now the U.K.’s Information Commissioner’s Office has indicated it plans to impose a substantial fine on the vendor. TechCrunch reports: U.K. data protection authorities have issued a provisional fine of more than £6 million to NHS vendor Advanced […]
There seems to be no dispute that CrowdStrike’s botched update created havoc and damage, but CrowdStrike denies claims made by Delta Airlines that CrowdStrike was responsible and liable for their multi-day outage. The Register explains: CrowdStrike says it is “highly disappointed” and rejects the claims made by Delta and its lawyers that the vendor exhibited […]
As if the CrowdStrike debacle with a faulty update wasn’t enough vendor drama in July, then Microsoft managed to make a cyberattack’s impact even worse. AP reports: A global Microsoft Azure outage that impacted a range of services for consumers Tuesday — from reports of stalling Outlook emails to trouble ordering on Starbucks’ mobile app — was […]
The problem with third-party breaches – a data protection dilemma
Commentary by Clyde Williamson, Security Architect at Protegrity. There has been a notable increase in third-party breaches, with headlines featuring Snowflake, Santander and Ticketmaster as recent victims. These incidents highlight that vulnerabilities are inherent in our systems, making no organisation immune to such attacks. Unsurprisingly, 98% of organisations have experienced a third-party breach within the past two years. These breaches […]