In-depth coverage of data breach causes, consequences, and prevention tactics. These posts examine real-world breach incidents, regulatory requirements for breach notification, steps to contain and recover from breaches, and proactive measures organizations can take to reduce exposure.
posts
In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase in losses from the year before. Yet the FBI estimates a massive number of cyber incidents still go unreported. That gap between what happens and
A Ransomware Attack Every 11 Seconds — and Most Victims Had No Plan When Colonial Pipeline got hit in May 2021, the company paid a $4.4 million ransom within hours. Their CEO later told a Senate committee that the decision was made under extreme pressure, without a well-rehearsed playbook. If
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state tooling. Just a phone call. If you want to understand what causes a data breach,
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past an IT help desk — with a single phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital key cards across Las
In February 2024, Change Healthcare — a subsidiary processing roughly one-third of all U.S. medical claims — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted pharmacy operations nationwide for weeks, cost UnitedHealth Group an estimated $872 million in the first quarter alone, and exposed the personal health data
In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems for hospitals and pharmacies nationwide for weeks. UnitedHealth Group later confirmed the breach affected approximately 100 million individuals. If you think your organization
The Clock Starts the Moment You See the Ransom Note In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted pharmacy operations, delayed insurance claims, and affected an estimated one-third of all Americans&
Last year, a hospital administrator told me she ignored an alert about a credential stuffing attack because she didn't know what that phrase meant. Three days later, her organization was dealing with a ransomware incident that shut down patient scheduling for two weeks. The jargon gap in cybersecurity
In March 2025, the FBI's Internet Crime Complaint Center reported that phishing remained the number one reported cybercrime for the fifth consecutive year. That stat alone should tell you everything about where threat actors are focusing their energy. But raw numbers don't teach your employees what
In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of
