You are viewing 'breach'
The Office of Personnel Management (OPM) has finished notifying affected individuals
In June of 2015, the Office of Personnel Management (OPM) announced a massive data breach due to attackers breaching their networks and stealing sensitive data. By the time the OPM completed the investigation, they revealed that the attackers had made away with a significant amount of personal and private data, including data for many people who applied for government clearances as far back as 2000, and in some cases, even earlier. The official count is about 21.5 million affected individuals, but that number may be misleading since the forms can include details on people listed on an applicant’s form, such as a spouse, ex-spouse and others. In the end, if you consider the total number of people affected and the quality of the stolen data, the OPM breach was one of the worst breaches ever witnessed. In fact, the OPM breach may actually have been THE worst. Solutionary discussed the OPM breach in detail in the... read more >
Typically, when it comes to gauging how a year is shaping up regarding cybersecurity, it is a straight count of breached enterprises or records exposed that contain sensitive personally identifiable information. Some years, there are more breaches than others, just as some years there are breaches involving bigger household names and other years are relatively ho-hum. Rarely do we see pivotal years in cybersecurity, but I’m convinced we are witnessing one now.
One of the biggest years, for me, was 1999. It became crystal clear that year that all of the Web applications that were sprouting up were exposing backend systems and databases to new attack vectors, and highly vulnerable endpoints never designed to be connected to the Internet were connecting in great numbers.
This year is looking like another pivotal year. It’s not that the number of breached records isn’t high – it is – and it certainly matters, especially if your record is... read more >
Users not following security policies, putting themselves and their employers at risk
This week, hackers calling themselves Impact Team released two data dumps that are allegedly from the recent breach of cheating website Ashley Madison and its parent company Avid Life Media (ALM). The first data dump contained approximately 10 Gb of data, mostly user information dating back to 2008. This data includes names, street addresses, e-mail addresses and transaction amounts for the 32 million Ashley Madison users. The data also includes financial details, physical descriptions as well as users’ sexual preferences and fantasies.
Many government and corporate domains are included in the data. This means that many users used their work e-mail address to access this site. Most organizations have clear security policies in place that prohibit the use of work e-mails and equipment to access any websites that are not work related. A... read more >
Breach provides government-quality surveillance tools to just about everyone
On Sunday, July the 5th, the proverbial crap hit the fan.
Hacking Team was…
…wait for it…
When most people saw the headlines the following day they didn’t even know who Hacking Team was. Hacking Team, based in Milano, Italy, specializes in surveillance technology, but also maintains its own private attacks and exploits. Well, they were private. Attackers released a 400GB torrent file containing everything from hacking/surveillance tools to administrative documents and emails. The source code is available in a Github repository. This brought a level of public scrutiny I’m sure the company did not desire, nor anticipate.
Surveillance software. Does that mean they spy on people? No, but they create software for people who do. And yes, that puts them in the business of violating your... read more >
Be Your Own Personal Security Expert
Security breaches seem to be all over the headlines these days. In the last year we've seen Anthem, JP Morgan Chase, E-bay, Target and many more have security breaches which have resulted in the disclosure of personal information to unknown groups and people.
What do you do in that situation? Call the breached company and complain? It's too late for that. You need to protect yourself and your information.
Step 1: Change your password(s)
I don't mean change your password from 'password' to 'Password1'. I don't mean take a random password and apply it to all of the websites you use. I mean, replace the password with a strong password on any site that used a password even remotely similar to the one you used with the breached entity. Hopefully you had a strong one in place to begin with. Entropy doesn't forgive you for not wanting to remember random strands of... read more >