Tatyana Shumsky reports: Companies are getting hacked more frequently but aren’t disclosing the incidents in their regulatory filings, a trend that worries investors. Just 95 of the nation’s roughly 9,000 publicly listed companies have informed the Securities and Exchange Commission of a data breach since January 2010, according to an analysis of their filings by…
Category: Commentaries and Analyses
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
Nearly 800,000 FTP Servers Accessible Online Without Authentication
Catalin Cimpanu reports: A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials. The perpetrator of this scan is a security researcher that goes by the name of Minxomat, owner of a cyber-security firm that performs these types of…
Adventures in breach notification, Saturday edition
Someone should start a web site archiving the inappropriate responses we get when we try to notify entities that they’ve had a data breach. This would be my entry for today: I tried to alert an entity that they’d been hacked and data had been exfiltrated. It was after normal business hours, and I could find only one…
The Breach That Supposedly Isn’t a Breach
Discussing an incident disclosed by Troy Hunt this week, Jeremy Kirk reports: The handling of a recent data breach – the details of which are still unfolding – by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck. Read…
New York State Proposes Cybersecurity Regulation for Financial Services Institutions
Micaela McMurrough, Ashden Fein and Catlin Meade write: On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State…