Strategies, technologies, and policies for preventing data breaches before they occur. This tag covers access controls, encryption, endpoint protection, incident response planning, vulnerability management, and the human factors that contribute to data exposure in organizations of all sizes.
posts
In 2024, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They simply called IT support, impersonated an employee they found on
The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for nearly every hospital and pharmacy in the United States. UnitedHealth Group later confirmed the breach affected approximately 100 million individuals — making it the largest healthcare
In 2023, MGM Resorts lost roughly $100 million after a social engineering attack bypassed every piece of computer security software they had deployed. The attackers didn't exploit a zero-day vulnerability. They didn't brute-force a firewall. They called the help desk, impersonated an employee, and walked right
A 3-Minute Email Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a deepfake video call with what appeared to be the company's CFO and several colleagues. Every person on that call was AI-generated. The employee transferred $25.6 million (approximately HK$
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past help desk staff with a ten-minute phone call. The attackers didn't exploit some exotic zero-day. They exploited a human being
A Single Phish Email Took Down a $13 Billion Pipeline In May 2021, a single compromised password — likely harvested through a phish — shut down Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The company paid a $4.4 million ransom within hours. That's the
One Phishing Email Cost MGM Resorts $100 Million In September 2023, a single social engineering phone call — preceded by a carefully crafted phishing email reconnaissance campaign — led to the breach that shut down MGM Resorts' operations across Las Vegas. Slot machines went dark. Hotel room keys stopped working. The
In February 2025, the FBI's Internet Crime Complaint Center reported that cybercrime losses in 2024 exceeded $16 billion — a staggering jump from the $12.5 billion reported the year before. That number landed like a gut punch across the security community, but honestly, none of us were surprised.
The Breach That Started With a Single Password In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard accessed corporate email accounts — including those of senior leadership — using nothing more than a password spray attack against a legacy test account that lacked multi-factor authentication. No
The Breach That Started With a Single Click In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard compromised a legacy test tenant account using a password spray attack — no multi-factor authentication, no special exploit. Just a weak credential and an employee environment nobody was watching. The attackers
