The FTC Settlement That Should Make You Rethink Your Training Program In January 2023, the FTC finalized a settlement with Drizly and its CEO after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC specifically called out the company's failure
The Framework That Could Have Prevented a $150 Million Mistake When Equifax disclosed its catastrophic 2017 breach affecting 147 million Americans, the postmortem was brutal. The company had failed at the most basic elements of what the NIST Cybersecurity Framework prescribes: asset inventory, patch management, and network segmentation. The FTC
A $1.5 Million Fine for "Reasonable Security" Failures In May 2023, the FTC hit online alcohol marketplace Drizly and its CEO with an enforcement order after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC had warned the company
In October 2023, the healthcare sector reported more data breaches than any other industry — again. Prospect Medical Holdings was still recovering from an August ransomware attack that forced hospitals across four states to divert ambulances and revert to paper records. CommonSpirit Health's 2022 breach affected over 600,000
The Industry That Gets Hit Hardest — and Most Often In January 2023, ION Trading Technologies — a critical software vendor serving derivatives traders worldwide — got hit with a LockBit ransomware attack that forced dozens of financial institutions back to manual trade processing. For days. In one of the most automated industries
In July 2023, a ransomware attack crippled the nonprofit hospital chain CommonSpirit Health, ultimately affecting over 600,000 patients and costing the organization an estimated $160 million. That's not a Fortune 500 company. That's a mission-driven organization built to serve communities — brought to its knees because
The Sector Threat Actors Love to Target In September 2023, the University of Michigan shut down its entire network for days after detecting a significant cybersecurity incident. Classes were disrupted. Hospital systems were affected. Roughly 230,000 individuals later learned their personal data had been compromised. This wasn't
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, security researchers discovered that a misconfigured cloud storage instance at Toyota had been leaking vehicle location data for over a decade — affecting 2.15 million customers. That wasn't a sophisticated nation-state attack. It was a configuration
The $65 Million Misconfiguration Nobody Saw Coming In March 2023, Toyota disclosed that a cloud misconfiguration had exposed vehicle data on 2.15 million customers for over a decade. A single cloud storage bucket, left publicly accessible, quietly leaked data from 2012 to 2023. Nobody noticed for ten years. That&
