Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have … Read More “Former Uber CISO Appealing His Conviction” »
Category: breaches
Auto Added by WPeMatico
New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders … Read More “How Attorneys Are Harming Cybersecurity Incident Response” »
New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020—but the scale and … Read More “SolarWinds Detected Six Months Earlier” »
In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to … Read More “SolarWinds and Market Incentives” »
Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which … Read More “LastPass Breach” »
The company was hacked, and customer information accessed. No passwords were compromised. Powered by WPeMatico
Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary. Powered by WPeMatico
Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked. Powered by WPeMatico
The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have … Read More “Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security” »
South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to … Read More “Bank Card “Master Key” Stolen” »