June 24, 2024 at 02:08PM Several US companies filing Form 8-Ks with the SEC have referenced a cyber incident affecting CDK Global, a major software provider for car dealerships. The incident has disrupted business operations, leading affected companies to deploy mitigation strategies. CDK has faced two system shutdowns and is reportedly considering a ransom payment … Read more
April 30, 2024 at 12:56PM The FCC fined top US wireless carriers a total of $200 million for sharing customers’ location information without consent. The investigation, initiated after a sheriff used a location-finding service to access customer data, revealed that the carriers had sold data to two firms. The carriers argue the fines are based … Read more
April 15, 2024 at 11:40AM Roku is requiring 2FA for all accounts after attackers accessed around 591,000 customer accounts through credential stuffing attacks. Users affected by the compromise have been reimbursed, and no sensitive information was accessed. Roku emphasized the need for unique passwords and vigilant monitoring of suspicious activity. All users are encouraged to … Read more
February 12, 2024 at 04:56PM Telecom companies are now required to report data breaches affecting customers’ personally identifiable information within 30 days under the FCC’s updated rule. This follows years of proposals and aims to expand breach notification requirements and hold providers accountable. The stricter rules have been prompted by major breaches at major U.S. … Read more
February 6, 2024 at 11:02AM Verizon Communications warns of an insider data breach affecting nearly half its workforce, involving sensitive employee information. The breach, discovered in December 2023, exposed data of 63,206 employees, including names, addresses, SSNs, and compensation details. While customer data is unaffected, Verizon is enhancing security measures and providing identity theft protection … Read more
January 26, 2024 at 11:03AM 23andMe admitted to failing to detect malicious activity for 5 months while attackers exploited user accounts using credential stuffing techniques. The breach exposed data from 6.9 million individuals with DNA Relatives enabled. The company started mandating two-factor authentication only after the breach, and blamed users’ negligence for the incident. The … Read more
November 10, 2023 at 11:24AM The State of Maine suffered a breach after threat actors exploited a vulnerability in the MOVEit file transfer tool. Approximately 1.3 million individuals’ personal information was accessed, including names, Social Security numbers, birth dates, driver’s licenses, and health insurance details. Maine’s Department of Health and Human Services and Department of Education were … Read more
November 2, 2023 at 10:11AM Cloud identity and access management solutions provider Okta has notified nearly 5,000 employees of a data breach affecting Rightway Healthcare, which provides healthcare coverage for Okta employees and families. The breach exposed personal information, including names, Social Security numbers, and health insurance plan details. Okta has no evidence of misuse … Read more