Tagged Articles

cybersecurity 27 articles

Uber Agrees to Pay Record $148M To Settle Data Breach Coverup

Uber will pay $148 million to settle an investigation into a massive 2016 data breach that the ride-hailing company allegedly covered up by paying off the hackers. The nationwide settlement, led by California, is the largest-ever multi-state data breach settlement. The settlement funds will be divided equally among all 50 states and the District of Columbia. The data breach exposed the names, email addresses, phone numbers, and other personal information of 57 million Uber users, but the company did not disclose the hack until late 2017. Uber managed to keep the data breach out of public view until late 2017, ... Read More

Facebook Bars 200 Apps For Data Security Threats

Facing investigations on both sides of the Atlantic for its role in the Cambridge Analytica scandal, Facebook said it is barring about 200 third-party apps to resolve data security problems. The move is part of Facebook’s broader efforts to better protect the personal data of its users and mop up its image after it was revealed that Cambridge Analytica acquired data harvested by a Facebook quiz called “This is Your Digital Life,” which asked users to provide personal details about themselves. The social media giant estimated that the Cambridge Analytica debacle exposed the personal data of about 87 million Facebook ... Read More

Inside Data Security Threats Present in All Companies

The words “cyberattack” and “data theft” may conjure images of outside hacker jobs for most, but a new study has found that 100 percent of businesses and other organizations face active threats from the inside. Data leaks and breaches caused by employees were present in some form in all the organizations studied by Dtex Systems, an analytics company specializing in user behavior intelligence and insider threat detection. According to the report, inside threats stem from both negligent employees and malicious employees. Negligent employees pose a risk to their organization’s data security due to their lack of awareness, carelessness, or error. ... Read More

Altaba To Pay $35 Million for Yahoo’s Mishandling of Data Breach

Altaba, the name given to Yahoo! Inc. after Verizon acquired the company, will pay a penalty of $35 million to settle charges that it misled investors by concealing a massive data breach that exposed the sensitive information of hundreds of millions of users to Russian hackers, the U.S. Securities and Exchange Commission (SEC) announced. Within days of the Dec. 14 data breach, Yahoo’s cybersecurity team discovered that the hackers had accessed what the company called internally its “crown jewels – the most sensitive user-account data consisting of usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers ... Read More

Panera Bread Data Breach Exposed 37 Million Customer Accounts

Customers who have used Panera Bread’s online ordering system are advised to monitor their credit reports and banking accounts for suspicious activity after a data breach exposed the account information of at least 37 million consumers. According to KrebsOnSecurity, security lapses in Panera’s website had been leaking customer data for eight months before the company pulled it offline on Sunday, April 1, for several hours. The leaked data includes customer names, email addresses, birthdays, phone numbers, mailing addresses, and the last four digits of the customer’s credit card. Panera loyalty card numbers were also leaked. Because the cards are linked ... Read More

Meltdown and Spectre Processor Flaws Expose Everyone to Data Theft

Meltdown and Spectre, the names given to recently detected hardware vulnerabilities in microprocessors that expose nearly every computer, smartphone, and server to potential data theft, have hardware and software developers scrambling to develop protective patches. Consumers of both Windows and Mac computers are being urged to update their operating software immediately. While many Windows and Mac updates are automatic, many computer users may have their devices configured to refuse automatic updates. Researchers say that Meltdown, a flaw that affects the communication between applications and the operating system, affects nearly every Intel central processing unit (CPU) made since 1995, with the ... Read More

Whole Foods latest company to announce Data Breach

Whole Foods is the latest U.S. company to acknowledge that its customers’ credit and debit card information may have been stolen in a data breach. In a Sept. 29 statement online, the national organic and all-natural grocery chain said hackers had broken into some of its “point of sales” (POS) systems that process customer card payments. They are the machines that customers use to swipe or insert their cards. For reasons on which Whole Foods did not elaborate, the data breach involves in-store venues such as beer taprooms, restaurants, delis and pubs but does not appear to affect the main ... Read More

Equifax tried To Weaken Consumer Protections Before Data Breach

Before hackers broke into Equifax’s database and stole the personal and credit information of millions of Americans, the company lobbied Congress to weaken consumer protections with laws that would cap the amount credit reporting agencies would have to pay in the event of a serious breach or similar disaster. Last year, Equifax spent $1.1 million courting legislators, a peak since it started its push to limit its liability in 2015 or earlier. This year it had already invested about half that much to ensure anti-consumer laws dealing with “data security and breach notification” and other issues made it through the ... Read More

Cybersecurity vulnerability identified with certain St. Jude Medical heart devices

Heart patients with St. Jude Medical-brand implantable pacemakers, defibrillators and resynchronization devices that provide pacing for slow heart rhythms and electrical shock or pacing to stop dangerously fast heart rhythms, that use radio frequency (RF) and Merlin@home Transmitters are at risk of harm due to cybersecurity vulnerabilities, the Food and Drug Administration (FDA) warned in a Safety Communication. The cardiac devices are implanted under the skin in the upper chest area with connecting insulated wires called “leads” that go into the heart to deliver pacing or shock. They are used to treat patients with bradycardia, tachycardia, and heart failure. The ... Read More

Cybersecurity in medical devices: FDA addresses device manufacturers in updated guidance

As more cybersecurity concerns continue to threaten our country, the U.S. Food and Drug Administration (FDA) has updated its guidance on how medical device makers can ensure their approved products are safe from cyberattacks and report any post-approval fixes. According to Law360, the FDA’s announcement adds to a prior document highlighting the dangers associated with medical device software. The agency also held a public workshop Jan. 20-21 at its Silver Spring, Md., campus to discuss how different sectors can work together and reduce risks with Internet-connected medical devices. The FDA is emphasizing the importance of post-approval vigilance due to the growing tactics used by ... Read More