Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.
The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.
Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents aimed at gaining access to customer accounts. The impacts of the attacks, however, appear to be limited.
DDoS attacks against healthcare organizations have increased not only in size and scale, but especially in complexity, says Tom Bienkowski of Netscout Arbor. How can enterprises build upon their traditional DDoS defenses?
In the latest edition of the ISMG Security Report, hear prosecutors discuss the indictments of two Iranians in connection with SamSam ransomware attacks. Also: Updates on allegations that Google is violating GDPR and cryptocurrency's impact on crime trends.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
Another day, another "Have I Been Pwned" alert, this time involving 44.3 million individuals' personal details found in unsecured instances of Elasticsearch, which appear to have been left online by Data & Leads, a Toronto-based data aggregation firm.
Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.
Australia's Parliament has passed legislation that strengthens privacy protections for My Health Record, the country's embattled digital medical records program. But questions remain about whether the changes go far enough to restore confidence in electronic health records.
FireEye is in a unique position to see global cybersecurity threats, threat actors and their impact on breached organizations. Grady Summers, FireEye's CTO, discusses how organizations can use staff and intelligence to bolster their cloud security defenses in 2019.
Australian human resources software developer PageUp says it has found "no specific evidence" that attackers removed data after the company warned in May that it had been breached. But investigators have found that attackers installed all of the tools they would have needed to exfiltrate data.
Amazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online. The online retailing giant maintains that its systems were not breached. It says it's sent an email notification to all affected customers and that the problem has been fixed.
For nearly 30 months, internet traffic going to Australian Department of Defense websites flowed through China Telecom data centers, an odd and suspicious path. Why the strange routing occurred is known. But the reasons why it persisted for so long aren't.