Security Awareness Training Blog

Data Breach Blog

Technical reporting and analysis on high-profile data breaches, how they happened, and how hackers are using the information mined from breaches.

New Modular Attack Chain Found That Allows Attackers to Change Payloads Mid-Breach

We’ve long known developers of cyberattacks to be crafty and focus a lot of energy on obfuscation, but a new attack can shift gears midstream, delivering just the right malware.
Continue Reading

[Eye Opener] Work In IT? You Get Attacked Much More Than Other Employees

We received an interesting email from Elevate Security you need to be aware of. Their recent research showed: "Social engineering attacks are growing more sophisticated every day, ...
Continue Reading

Recent Optus Data Breach Teaches the Importance of Recognizing Social Engineering

Optus, one of Australia's largest telecommunications companies, recently suffered a data breach that affected over 9.8 million customers.
Continue Reading

Phishing-Based Data Breaches Take 295 Days to Contain and Breach Costs Soar to $4.91 Million

Fresh data on data breach costs from IBM show phishing, business email compromise, and stolen credentials take the longest to identify and contain.
Continue Reading

All it Takes is “Free” Beer to Steal Your Personal Data

A recent phishing scam impersonating the Heineken beer brand demonstrates how very little effort is needed by scammers to convince victims to give up all kinds of personal information.
Continue Reading

Nearly all Data Breaches in Q1 2022 Were the Result of a Cyber Attack

New data from the Identity Theft Resource Center shows rises in the number of data compromises following 2021’s record-setting year, all stemming from cyber attacks.
Continue Reading

Data Breach Volumes in the U.S. Grow by 10% in 2021

New data shows despite decreases in global data breach levels (-5%) in 2021, the U.S. experienced proportionally more data breaches than in the previous year.
Continue Reading

Irish Teaching Council Fined €60,000 for Phishing-Induced Breach

Ireland’s Teaching Council has been fined €60,000 by the country’s Data Protection Commission (DPC) over a breach of nearly ten thousand teachers’ data, the Irish Examiner reports. An ...
Continue Reading

2022 Continues The New Decade of Privacy

Privacy issues came about all across the board in 2020, 2021, and 2022 will be no different. From WhatsApp updating their terms of service and losing millions of users to countless ...
Continue Reading

New “Karakurt” Threat Group is Gaining Attention Through Multiple and Frequent Extortion Attacks

A new warning from Accenture Security highlights this new cybercriminal group making waves that focuses on a "data breach and extortion” MO rather than relying on ransomware.
Continue Reading

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.
Continue Reading

Data Breach Costs Increase by $1 Million When Remote Workers Are Involved

You already knew remote workers increase the risk of cyberattack. New data spells out exactly what the impact of a remote workforce is on data breaches and the cost to remediate.
Continue Reading

[HEADS UP] Popular Stock Trading Platform Becomes Next Victim of Data Breach

Bleeping Computer recently reported a data breach from popular stock trading platform Robinhood. This breach has impacted over 7 million of their customers.
Continue Reading

Cybercriminal Group SnapMC Takes a Page from Ransomware Gangs in Data Breach-Turned-Extortion Attacks

New analysis of attacks shows threat actors that traditionally focus on stealing data are now utilizing extortion as their monetization strategy, converging tactics with ransomware ...
Continue Reading

Telecom Company Responsible for Routing Billions of Text Messages Annually Acknowledges Multi-Year Breach

Mentioned in passing as part of a Securities and Exchange Commission (SEC) filing, Syniverse admits to hackers having access for five years, potentially impacting millions of mobile phone ...
Continue Reading

Egress: 73% of Orgs Were Victims of Phishing Attacks in the Last Year

A survey sponsored by Egress found that 94% of organizations suffered insider data breaches over the past year. The survey offers the following results:
Continue Reading

Nearly Every Organization Has Had an Insider-Caused Data Breach in the Last Year

Whether it’s from an accidental leak of data or falling victim to a phishing attack, new data from email security vendor Egress puts the insider’s role in breaches into critical ...
Continue Reading

UK IT Decision Makers Fear Their Remote Workers Put Company Data at Risk for Data Breach

According to an annual survey from Apricorn, UK IT decision makers are fearing the worst as their staff continues to work in a remote environment.
Continue Reading

[HEADS UP] Millions of Facebook Users' Personal Information Has Been Leaked Online

A hacking forum recently published over 553 million personal data of Facebook users. The type of exposed data ranged from phone numbers, Facebook ID's, full names, locations, birthdates, ...
Continue Reading

Data Breach at Dutch Auto Shops Puts 7,3 Million Car Owners at Risk

The Netherlands is dealing with what looks like one of the largest data breaches in the nation so far. Late last week, Dutch public broadcaster NOS revealed that customer data of millions ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews