The severity of the U.S. Office of Personnel Management breach continues to grow, with investigators now reporting that hackers stolen 5.6 million people's fingerprint data. The theft may have security implications well into the future.
The attacks have evolved, breaches have multiplied, and serious security gaps have been exposed. But what most concerns FireEye President Kevin Mandia? The rise of nation-states as leading threat actors.
A former wealth management adviser at Morgan Stanley pleaded guilty this week to stealing confidential client information. Some fraud-prevention experts say the investment banking firm could have taken steps to detect the suspicious insider activity sooner.
For years, information security experts have been warning users to create complex, unique passwords, and organizations to secure them properly. But an analysis of 12 million cracked Ashley Madison passwords shows how much we're still failing.
A lawsuit has been filed in the aftermath of a hacker attack on Excellus BlueCross BlueShield that potentially exposed information on 10.5 million individuals. Meanwhile, an Illinois court has dismissed more claims in the consolidated case against Advocate Health in the wake of a 2013 breach.
Building better relationships between organizations' privacy and security teams and the workforce, as well as between covered entities and their business associates, is essential to improving patient data security. That was a key theme at last week's Healthcare Information Security Summit in San Francisco.
Too often, individuals who fail to take the proper steps to secure IT aren't punished for their reckless behavior. But should those who consistently fail to follow safe cyber hygiene be severely penalized for repeatedly falling for phishing attacks?
The insider threat is one that organizations often want to overlook. But it's hard to ignore when they are losing critical assets. Lockheed Martin's Douglas Thomas tells how to sell an insider threat program.
In light of the uptick in hacker attacks on the healthcare sector, Everett Clinic in Washington is making a number of additional moves to bolster its cybersecurity, says CIO Becky Hood. Find out about the top priorities.
A second Russian has pleaded guilty in connection with the largest U.S. hacking scheme, which compromised more than 160 million payment card numbers. But three other alleged conspirators have yet to be arrested.
President Obama characterizes hacks of American businesses by Chinese hackers as an "act of aggression" against the United States and promises his administration will take action against the Chinese if they don't stop.
A Russian hacker who was extradited to the United States earlier this year has admitted his role in the largest hack attack in U.S. history, which resulted in the theft of 160 million payment card numbers. Find out how much time he could spend in prison under his plea agreement.
Sutter Health's revelation that a former employee inappropriately sent patient information to a personal email account in violation of the organization's policy is yet another reminder of the privacy risks posed by email communication.
If the Chinese government hacked the U.S. Office of Personnel Management for espionage purposes, then the U.S. government's $133 million contract to provide ID theft monitoring services is a waste of money. Instead, the agency could have used the funds to safeguard its systems against future attacks.
Security experts trace many of the world's cybercrime attacks to Russia. But Russian authorities never extradite suspects, and they allow hackers to operate with impunity - if they play by some ground rules.