Computer Security News and Insights
The Framework 87% of Organizations Reference — But Most Implement Poorly When Change Healthcare suffered its catastrophic ransomware attack in early 2024 — ultimately affecting an estimated 100 million individuals — the post-incident analysis pointed to failures that the NIST Cybersecurity Framework was specifically designed to prevent. Missing multi-factor authentication on a critical
In January 2024, CISA itself disclosed that a threat actor had exploited vulnerabilities in Ivanti products to breach two of its own systems. Let that sink in. The federal agency responsible for setting cybersecurity standards for the entire nation got hit. If that doesn't convince you that simply
The FTC Just Fined a Company $1.5 Million — Here's What They Missed In 2023, the FTC finalized its order against Chegg, Inc. for repeated data breaches that exposed personal information of roughly 40 million customers and employees. The company's failures weren't exotic. They
In 2024, the average cost of a data breach in the financial sector hit $6.08 million — the second-highest of any industry, trailing only healthcare. That number comes straight from IBM's Cost of a Data Breach Report. I've spent years working with banks, credit unions, and
Why Threat Actors Treat Law Firms Like ATMs In 2023, the international law firm Bryan Cave Leighton Paisner disclosed a breach that exposed the personal data of over 51,000 individuals — including clients of major corporations like Mondelēz. That same year, an Am Law 100 firm paid a multimillion-dollar ransom
The Breach That Cost a Children's Charity Everything In 2023, Save the Children International confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with substantial resources still
The District That Lost 81,000 Student Records in a Single Weekend In 2023, the Minneapolis Public Schools district suffered a massive ransomware attack that exposed over 300,000 files — including sensitive records for tens of thousands of students. Psychological evaluations, sexual assault reports, Social Security numbers, and disciplinary records
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In 2023, researchers at Cybernews discovered what they called one of the largest data exposures ever — over 3 billion records sitting in an open cloud storage instance. No sophisticated hack. No zero-day exploit. Just a misconfigured Amazon S3 bucket with public
A Single Misconfigured Bucket Cost Them Everything In 2023, Toyota disclosed that a cloud misconfiguration had exposed the vehicle location data of 2.15 million customers for over a decade. The root cause wasn't a sophisticated threat actor. It was a single storage bucket set to public instead
The Misconfiguration That Exposed 100 Million Records In 2019, a former Amazon Web Services employee exploited a misconfigured web application firewall to breach Capital One's cloud infrastructure. The result: over 100 million customer records exposed, a $190 million class-action settlement, and an $80 million fine from the OCC.
