The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.
Organizations in all sectors struggle with mitigating the insider threat, but it's an acute concern in healthcare, where patients' lives are at stake. Pete Nourse of Veriato outlines specific threats to this sector.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
Another day, another "Have I Been Pwned" alert, this time involving 44.3 million individuals' personal details found in unsecured instances of Elasticsearch, which appear to have been left online by Data & Leads, a Toronto-based data aggregation firm.
Consumer organizations in seven countries plan to file complaints alleging that Google is violating the EU's General Data Protection Regulation via its location, web and app activity tracking, in what could be a blow to the search giant's lucrative but data-hungry targeted advertising business.
Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.
Australia's Parliament has passed legislation that strengthens privacy protections for My Health Record, the country's embattled digital medical records program. But questions remain about whether the changes go far enough to restore confidence in electronic health records.
A British lawmaker has obtained sealed U.S. court documents to reveal internal Facebook discussions about data security and privacy controls, as Parliament probes Facebook and other social media firms as well as Russian interference and fake news.
Australian human resources software developer PageUp says it has found "no specific evidence" that attackers removed data after the company warned in May that it had been breached. But investigators have found that attackers installed all of the tools they would have needed to exfiltrate data.
Amazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online. The online retailing giant maintains that its systems were not breached. It says it's sent an email notification to all affected customers and that the problem has been fixed.
A vulnerability in a U.S. Postal Service application for tracking mail in real time reportedly allowed anyone logged into the service to view personal data, and it persisted for more than a year after USPS failed to heed a warning from an anonymous security researcher.
The 10th annual IRISSCERT Cyber Crime Conference, to be held Thursday in Dublin, promises to round up crime trends and also offer updates on incident response lessons learned, spam fighting and even cybersecurity essentials for children.
An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.
Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible.