We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
In September, Amazon started investigating reports that some of its employees in the US and China have been leaking data to third-party sellers in exchange for money. Now, the e-commerce giant has notified affected customers that an employee shared their email addresses with a third-party seller.
Independence Blue Cross, a Philadelphia-based health insurer notified thousands of its members this week that a data breach had exposed some of their protected health information (PHI), according to Healthcare Informatics.
UK officials have slapped Equifax with a £500,000 (US$660,000) fine for failing to protect up to 15 million citizens' personal data. The Information Commissioner's Office (ICO) has announced its verdict after almost a year-long investigation with the Financial Conduct Authority.
The ICO has received 500 calls each week to its breach reporting helpline since the GDPR came into force in May, but around a third of these don’t meet the minimum threshold, according to the deputy commissioner of operations.
BA has been contacting customers after revealing a two-week raid on passengers’ personal and financial details which was finally spotted on Wednesday.
The process was smooth enough, with the right safeguards apparently in place.
In yet another case of unpatched consumer devices representing a threat to the security and privacy of users, thousands of MikroTik have been uncovered which are eavesdropping on users.
Air Canada has alerted users of its mobile app of a data breach that exposed personal information – including stored passport numbers – of some 20,000 users.
Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.
Election security has again been called into question after millions of Texas voter records were left exposed. A file discovered by Flash Gordon, a New Zealand-based data breach hunter, was left on an unsecured server without a password, according to TechCrunch.
The race to comply with the European Union's General Data Protection Regulation (GDPR) by the May 25 deadline is over, but data security and privacy is a marathon, not a sprint. If the ever-evolving regulatory compliance landscape is any indication, GDPR is just the first of many mandates to come.
A data breach has taken place at a Melbourne high school which resulted in the confidential healthcare records of students being published online.
It’s not great when any organisation loses a laptop, but if the contents of the computer’s hard drive have been fully encrypted and a strong password has been used it’s hardly the end of the world. After all, the chances of a criminal being able to access any sensitive information on the mislaid or stolen device is remote – and the cost should be limited to the purchase of a replacement.
The idea that organizations should be doing more to protect the personal data they hold about individuals has been gaining ground in recent years. The European Union’s General Data Protection Regulation (GDPR) sparked a scramble to operationalize data management and security.
A historic breach at a third-party supplier has put the data of countless NHS patients at risk, according to a new report.
Tens of thousands of holidaymakers may be at a heightened risk from phishing attacks after Butlin’s admitted a data breach affecting customers’ personal information.
There is no comfortable way for an organisation to learn that its website is leaking customer data but one of the most alarming must surely be getting that bad news from a journalist.
Highly sensitive data on over 2.3 million Mexican patients has been exposed via a misconfigured MongoDB installation.
Privacy International has written to the investigatory powers commissioner (IPC) requesting an urgent review into potentially unlawful use by the UK police of mobile phone extraction (MPE) technology.
The European Commission's General Data Protection Regulation (GDPR) officially came into force across the European Union on 25 May, with the aim of bringing laws and obligations around personal data, privacy and consent up to date for the internet age.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
