Rules coming in April could require publicly traded companies to disclose a breach within four days of deeming it material as well as board member cybersecurity expertise. The SEC in March 2022 proposed a mandate that companies disclose "material" incidents within four business days of discovery.
In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.
A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple governments' email systems as part of apparent cyberespionage operations in support of Russia's invasion of Ukraine, researchers warn.
A hacking incident at Australian non-bank lender Latitude Financial affected a far greater number of individuals than initially disclosed, the company said Monday. It now estimates that its mid-March cybersecurity incident affected 14 million people although it has just over 2.8 million customers.
Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.
Video piracy is a major concern for security teams in the media industry. Commander Praveen Kumar, global CISO of media conglomerate Zee Entertainment and winner of ISMG's Dynamic CISO Excellence Award for ROI Champion, shares his secret for reducing piracy by 85%.
ISMG presented the 2023 Dynamic CISO Award to Vaibhav Tole, director of global cybersecurity at Cyient, who developed skills internally and created a team to handle incident response in-house. ISMG caught up with Tole at the conference to understand how he is doing more with less these days.
In this week's data breach roundup: medical device manufacturer Zoll, CHU University hospitals, Australian company Latitude Financial, Hawaiian death registry, Los Angeles Housing Authority, Indian Railway ticketing app, updates on U.S. Marshals Service and Congress, and a new ransomware decryptor!
Australian personal lending provider Latitude Financial Services disclosed to regulators on Thursday hacking incidents affecting more than 300,000 consumers. "Sophisticated" hackers made off with nearly 103,000 driver's licenses and an additional 225,000 "customer records," the company said.
Community Health Systems will soon begin notifying up to 1 million individuals estimated to have been affected by data compromise when attackers exploited a zero-day vulnerability in vendor Fortra's GoAnywhere MFT, which is secure managed file transfer software.
Hackers disrupted medical care at a major Barcelona hospital, found out the wireless plans of 9 million AT&T users and stole data of almost 140,000 Hatch Bank customers. Patrons of Chick-fil-A got a nasty surprise. Plus, a breach hit Acer and another one affected members of the U.S. Congress.
A French law requiring companies to report cyber incidents to authorities within 72 hours or lose their eligibility for cyber insurance reimbursement has practitioners scratching their heads. Global companies with headquarters in France will have the most uncertainty, experts say.
Arctic Wolf has expanded its security operations platform into threat intelligence, incident response and cyber insurance, says CEO Nick Schneider. The company has focused on putting businesses in the best possible position to answer questions from insurance carriers following a security incident.
Summa Equity bought a majority stake in Logpoint to help the security operations firm expand in areas such as automation, detection and response, and attack surface management. The sustainable growth fund says the acquisition will allow the company to acquire technologies in adjacent areas.
The situation at LastPass keeps getting worse: The company says hackers implanted keylogger software on a DevOps employee's home computer to obtain access to the corporate vault. Customer vault data can be decrypted only with the end user master password, which LastPass doesn't store.