Computer Security News and Insights
In May 2024, a single employee at a major healthcare provider clicked a phishing link disguised as a routine benefits update. Within 72 hours, the organization lost access to 14 million patient records and ended up paying a multimillion-dollar ransom. The employee had technically "passed" their annual compliance
In 2024, the average cost of a data breach hit $4.88 million globally, according to IBM's Cost of a Data Breach Report. The same report found that organizations with security awareness training programs and extensive security AI saved an average of $2.22 million per breach compared
In January 2025, a finance employee at a multinational firm joined a video call with what appeared to be their CFO and several colleagues. Every face on the screen was a deepfake. The employee transferred $25 million before anyone realized what happened. That incident — reported by CNN and confirmed by
The Breach That Started With a Single Click In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard compromised a legacy test tenant account using a password spray attack — no multi-factor authentication, no special exploit. Just a weak credential and an employee environment nobody was watching. The attackers
Last October Cost Companies $4.88 Million on Average That's the average cost of a data breach in 2024, according to IBM's Cost of a Data Breach Report. And most of those breaches started the same way — a human clicked something they shouldn't have.
The Breach That Cost a 12-Person Company $1.2 Million In early 2024, a small accounting firm in the Midwest lost $1.2 million after an employee clicked a phishing link disguised as a DocuSign notification. The attacker harvested credentials, bypassed the firm's basic email filters, and initiated
The Breach That Started With a 12-Minute Video Nobody Watched In early 2024, a mid-sized accounting firm in the Midwest suffered a ransomware attack that locked 14 years of client tax records. The entry point? A phishing email that an accounts payable clerk clicked without hesitation. The firm had online
In May 2024, a single employee at a midsize healthcare company clicked a link in what looked like a routine Microsoft 365 password reset email. Within 72 hours, a threat actor had exfiltrated 1.4 million patient records, triggered a ransomware payload, and the organization was staring down an eight-figure
In 2024, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into a network reset. No zero-day exploit. No nation-state malware. Just a phone call. That single incident proved what I've been
In February 2024, Change Healthcare — a company that processes roughly one-third of all U.S. medical claims — was hit by the ALPHV/BlackCat ransomware group. The fallout was staggering: $872 million in direct costs reported by UnitedHealth Group in a single quarter, pharmacies unable to process prescriptions, and the personal
