Articles under this tag address strategies, technologies, and best practices for safeguarding sensitive information from unauthorized access, breaches, and loss. Topics include encryption, data classification, backup protocols, regulatory compliance, and organizational policies that strengthen data security across all environments.
posts
The Breach Nobody Reported — Until It Was Too Late In 2020, the health insurer Anthem agreed to pay $39.5 million to settle claims with 43 state attorneys general over a 2015 data breach affecting nearly 79 million people. The breach itself was devastating. But the lawsuits and regulatory actions
In January 2022, Broward Health in Florida disclosed a breach affecting 1.35 million patients — and they didn't discover the intrusion until months after the threat actor first gained access. The clock on notification didn't start ticking until they actually found it. That gap between compromise
In April 2021, the FBI's IC3 reported a sharp rise in mobile-focused phishing attacks — schemes specifically designed to exploit the smaller screens and always-on nature of smartphones. I've watched organizations pour millions into securing their perimeters while ignoring the devices employees actually use the most. The
The SolarWinds Breach Just Made Notification a National Crisis In December 2020, FireEye disclosed that a sophisticated threat actor had compromised SolarWinds Orion software, giving attackers access to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. Weeks later, we'
A former employee at a financial services firm in Chicago watched his coworker type her password every morning for two weeks. He memorized it character by character. After he was terminated for performance issues, he used those stolen credentials to access the company's client database from a public
A few years ago, a journalist filmed himself reading credit card numbers, PINs, and passwords off the screens of commuters on a London train. No malware. No exploit kit. Just a pair of eyes and a decent camera phone. That's a shoulder surfing attack in its simplest form
