The costs of hacks are rising, the amount of ransomware is rising, and the number of organizations that have been breached will also rise unless organizations take action.
ENISA’s new "Threat Landscape for Ransomware Attacks" report analyzes 623 ransomware incidents in the EU, U.K. and U.S. from 2021 to 2022. ENISA cybersecurity officer Ifigeneia Lella shares how attacks have evolved and how 95% of reported incidents lack key data about how the breaches occurred.
Cisco says it fell victim to a successful hack attack and data breach in May. While an attacker wielding Yanluowang ransomware claimed to have exfiltrated data and crypto-locked systems, Cisco says nothing sensitive was stolen and no systems were infected by ransomware.
Data breaches in the healthcare sector cost about $10.1 million - more than double the average cost of breaches across other industries - once again ranking the sector as having the most expensive data breaches, says Limor Kessem, principal consultant of cyber crisis management at IBM Security.
The ISMG Security Report analyzes a settlement with the U.S. Justice Department, in which Uber accepts responsibility for a data breach cover-up to avoid criminal charges. It also discusses why early-stage startups are conserving cash and recent initiatives from the U.S. Federal Trade Commission.
Ride-sharing service Uber has reached an agreement with the U.S. Department of Justice to resolve a criminal investigation into its massive 2016 data breach. After Uber admitting to covering up the data breach, as well as several other factors, the government has ended its prosecution.
A proposed $350 million settlement of a consolidated class action lawsuit against T-Mobile, after a 2021 data breach that affected nearly 77 million people, includes breach victims and related legal costs. The settlement requires T-Mobile to invest $150 million to bolster data security.
A misconfigured Alibaba private cloud server has led to the leak of around 1 billion Chinese nationals' personal details. An unknown hacker, identified as "ChinaDan," posted an advertisement on a hacker forum selling 23 terabytes of data for 10 bitcoins, equivalent to about $200,000.
India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.
Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines that would mandate more stringent oversight of cyber risk, says Roger Sels, former vice president of cyber solutions for BlackBerry.
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
CERT-In has mandated that starting June 28, both government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident. What do CISOs feel about this, and how are they planning to approach this new requirement?
The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Allie Mellen describes the trend as "disappointing" and discusses the misaligned expectations some organizations have about breaches, as well as other report findings.
New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours after an organization suffers a qualifying "computer-security incident." What does this mean for banks, and what are the likely challenges?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.
