Computer Security News and Insights
In March 2023, the FBI's Internet Crime Complaint Center reported that business email compromise alone cost organizations $2.7 billion in 2022 — and the vast majority of those losses started with a single employee clicking, replying, or trusting the wrong message. I've reviewed dozens of incident
In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue
The FTC Settlement That Should Make You Rethink Your Training Program In January 2023, the FTC finalized a settlement with Drizly and its CEO after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC specifically called out the company's failure
The Framework That Could Have Prevented a $150 Million Mistake When Equifax disclosed its catastrophic 2017 breach affecting 147 million Americans, the postmortem was brutal. The company had failed at the most basic elements of what the NIST Cybersecurity Framework prescribes: asset inventory, patch management, and network segmentation. The FTC
A $1.5 Million Fine for "Reasonable Security" Failures In May 2023, the FTC hit online alcohol marketplace Drizly and its CEO with an enforcement order after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC had warned the company
In October 2023, the healthcare sector reported more data breaches than any other industry — again. Prospect Medical Holdings was still recovering from an August ransomware attack that forced hospitals across four states to divert ambulances and revert to paper records. CommonSpirit Health's 2022 breach affected over 600,000
The Industry That Gets Hit Hardest — and Most Often In January 2023, ION Trading Technologies — a critical software vendor serving derivatives traders worldwide — got hit with a LockBit ransomware attack that forced dozens of financial institutions back to manual trade processing. For days. In one of the most automated industries
In July 2023, a ransomware attack crippled the nonprofit hospital chain CommonSpirit Health, ultimately affecting over 600,000 patients and costing the organization an estimated $160 million. That's not a Fortune 500 company. That's a mission-driven organization built to serve communities — brought to its knees because
The Sector Threat Actors Love to Target In September 2023, the University of Michigan shut down its entire network for days after detecting a significant cybersecurity incident. Classes were disrupted. Hospital systems were affected. Roughly 230,000 individuals later learned their personal data had been compromised. This wasn't
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their
