A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider 7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
Panera Bread is warning that information on 10,000 customers has been inadvertently exposed. The data leak, however, persisted despite the company being alerted to the problem eight months ago, and there are signs that the victim tally may be much higher.
Malaysia's central bank, Bank Negara Malaysia, says it detected and successfully blocked an attack that attempted to steal funds via fraudulent SWIFT interbank money-moving messages. The attack against BNM led the central bank of the Philippines to issue an alert to banks in that country.
Five days after a ransomware outbreak crypto-locked city systems, Atlanta has advised its 8,000 employees that they can once again boot their PCs and printers. But information security experts warn that the city's infrastructure still appears to have easily exploitable misconfigurations.
Recent financial reports from three healthcare sector organizations that suffered cyberattacks demonstrate how costly data breaches can be for not-for-profit healthcare providers and for-profit companies alike.
Regulators, attorneys general and lawmakers in the U.S., U.K. and Canada are attempting to unravel the events that led to the personal information of as many as 60 million Facebook users leaking to a London-based voter-profiling firm.
Expedia's Orbitz travel fare search engine says it may have suffered a breach that resulted in 880,000 payment cards being compromised, along with other customer data, over a two-year period. Orbitz says the apparent breach involved a legacy system no longer connected to its site.
Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case.
Whoever unleashed malware built to disrupt last month's Winter Olympics in Pyeongchang, South Korea, designed it to look like it had been executed by a group of hackers tied to North Korea. But researchers at the security firm Kaspersky Lab say any such attribution would be false.
The U.S. Senate is considering a banking reform bill that would ban credit agencies' practice of charging for a credit freeze, one of the crucial steps experts say can help pre-empt identity theft. Lawmakers have been under intense pressure to create laws that better protect consumers following Equifax's data breach.
The attorney general of Pennsylvania has filed a lawsuit against Uber for allegedly violating the state's mandatory breach notification law. It's the latest in a long string of legal and regulatory repercussions Uber is facing after waiting more than a year to disclose a serious breach.
The U.K.'s National Cyber Security Center and Australian Cyber Security Center are using the "Have I Been Pwned" breach-monitoring service to centrally monitor for email addresses registered to government domains that appear in data breaches.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
The U.S. Securities and Exchange Commission has released revised guidance "to assist public companies in preparing disclosures about cybersecurity risks and incidents." It includes new prohibitions on trading in corporate shares after a breach has been discovered but before investors have been notified.