In-depth coverage of data breach causes, consequences, and prevention tactics. These posts examine real-world breach incidents, regulatory requirements for breach notification, steps to contain and recover from breaches, and proactive measures organizations can take to reduce exposure.
posts
In December 2017, AOL officially shut down AIM — AOL Instant Messenger — after two decades of dominance. But here's what most people don't realize: millions of old AIM email addresses and their associated credentials are still circulating on dark web marketplaces in 2024. I've personally
One Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation — a major Toyota parts supplier — lost $37 million after an employee wired funds to a fraudster posing as a legitimate business partner. That same year, Nikkei's American subsidiary lost $29 million to a nearly identical scheme.
In September 2023, a teenager used a phone call to trick an MGM Resorts employee into resetting credentials. That single social engineering attack cost MGM an estimated $100 million. No malware exploit. No zero-day vulnerability. Just a convincing voice on the other end of a help desk line. If you
In September 2023, MGM Resorts watched its slot machines go dark, hotel room keys stop working, and reservation systems crash — all because a threat actor social-engineered the company's help desk with a ten-minute phone call. The attackers deployed ransomware that cost MGM an estimated $100 million in lost
The Ransomware Landscape Right Now Is Brutal In January 2024, the Hive ransomware group's infrastructure had barely been dismantled by the FBI before new ransomware gangs filled the vacuum. If you searched for ransomware examples hoping to understand what's coming next, the best place to start
In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered a help desk employee with a single phone call. One conversation. That's all it took to cripple slot machines, hotel check-in systems, and digital room keys across Las Vegas for over a
In September 2023, MGM Resorts International watched helplessly as a single social engineering phone call spiraled into a cyberattack that cost the company over $100 million. Slot machines went dark. Hotel room keys stopped working. Reservations collapsed. And it all started because a threat actor called the help desk and
A Single Stolen Password Cost One Company $4.4 Million In May 2021, a threat actor used a single compromised password to shut down Colonial Pipeline — the largest fuel pipeline in the United States. The company paid a $4.4 million ransom. Gas stations across the southeastern U.S. ran
In December 2020, security firm FireEye discovered that SolarWinds — a company most people had never heard of — had been compromised by a threat actor who injected malicious code into a routine software update. That single update shipped to roughly 18,000 organizations, including the U.S. Treasury, the Department of
In January 2023, the FBI and international law enforcement took down the Hive ransomware group's dark web infrastructure, seizing servers that had processed over $100 million in ransom payments from hospitals, school districts, and financial firms. That operation gave the public a rare, concrete look at what the
