Rs 500, 10 minutes, and you have access to billion Aadhaar details

It was only last November that the UIDAI asserted that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.” Today, The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion[…]

Insider Allegedly Steals Mental Health Data of 28,000 Patients

The alleged theft of mental health information on more than 28,000 patients in Texas, which went undetected for well over a year, is yet another reminder of the substantial risks that terminated employees can pose as well as the need to take extra steps to protect the most sensitive patient information. Source: Insider Allegedly Steals[…]

Hilton Was Fined $700K for a Data Breach. Under GDPR It Would Be $420M | Digital Guardian

Consider $2 per lost record versus $1,200 per lost record. That’s the difference between what Hilton will pay to New York State versus what it will pay to EU regulators once the GDPR takes effect in May. Source: Hilton Was Fined $700K for a Data Breach. Under GDPR It Would Be $420M | Digital Guardian

Uber Paid Hackers to Delete Stolen Data on 57 Million People – Bloomberg

PII data at a premium in the dark web… Many more to follow, watch your credit cards. Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. Source: Uber Paid Hackers to Delete Stolen Data on 57 Million[…]

Serious flaw in WPA2 protocol lets attackers intercept passwords and much more 

The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness. Source: Serious flaw in WPA2 protocol lets attackers intercept passwords and much more | Ars Technica

NYTimes: A Cyberattack The World Isn’t Ready For’

But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually[…]

Global Cyber Alliance Finds U.S. Healthcare Providers’ Email Security in Critical Condition

The Global Cyber Alliance (GCA) found that only 6 of the 50 largest public hospitals in the U.S. are protecting their email domains. Net, deploying DMARC can protect your employees and customers from e-mail phishing attacks. It can also deliver tangible metrics including the number of malicious e-mails stopped per month, as well as reduced[…]

Crooks Steal, Sell Verizon Enterprise Customer Data

Verizon Enterprise Solutions, a B2B unit of the telecommunications giant that gets called in to help Fortune 500’s respond to some of the world’s largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned. Earlier this week, a prominent member of a closely guarded underground[…]

Ashley Madison Breach – Eight Takeaways for Security Professionals

Source: Bank Info Security Warnings about new data breaches being discovered now appear to arrive daily, if not faster. But this week’s mega-dump of hacked Ashley Madison data shows how this hacking incident differs from run-of-the-mill data breaches in numerous ways (see Ashley Madison Hackers Dump Stolen Data). For starters, the self-described “world’s leading married[…]