Ascension cyberattack exposes data from 5.6M people

The breach is the third largest reported to a portal managed by federal regulators this year.

By Emily Olsen • Dec. 20, 2024

Rhode Island officials warn residents as ransomware group threatens social services data leak

The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.

By David Jones • Dec. 18, 2024

Explore the Trendline➔

Securing the cloud

A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider. 

By Cybersecurity Dive staff

US subsidiary of global water treatment firm probes November cyberattack after data encrypted

Kurita America, a subsidiary of a Tokyo-based company, is the latest in a string of companies tied to the water industry targeted by hackers.

By David Jones • Dec. 10, 2024

Blue Yonder investigating data leak claim following ransomware attack

The software supply chain company is widening its investigation after Termite ransomware leaked data it claims is linked to the attack.

By David Jones • Dec. 9, 2024

Morrisons recovers warehouse systems following attack on Blue Yonder

The U.K. supermarket chain was one of several high-profile customers impacted by a ransomware attack against the supply chain management software provider.

By David Jones • Dec. 6, 2024

New York fines Geico, Travelers $11.3M for pandemic-era breaches

The auto insurance companies were penalized for a series of attacks that exposed the personal data of 120,000 people in late 2020 and early 2021.

By Matt Kapko • Nov. 26, 2024

AI training vendor iLearningEngines discloses cyberattack in wake of SEC probe

The company said an attacker stole data, misdirected a $250,000 wire payment and deleted emails.

By Matt Kapko • Nov. 19, 2024

Schneider Electric investigating cyber intrusion after threat actor gains access to platform

The French multinational company has been a previous target of ransomware groups.

By David Jones • Nov. 5, 2024

Change Healthcare data breach officially affects 100M people

The breach is the largest ever reported to a portal managed by federal regulators.

By Emily Olsen • Oct. 25, 2024

Where organizations invest after a data breach

Asking customers to foot the bill for data breach remediation will not prevent future data breaches or address the issues that cause costs to increase.

By Sue Poremba • Oct. 14, 2024

FTC settles yearslong investigation into Marriott’s ‘security failures’

The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.

By Matt Kapko • Oct. 10, 2024

FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.

By David Jones • Oct. 1, 2024

Dark web exposure is ‘highly correlated’ with cyberattack risk

Organizations that are mentioned in dark web market listings are more than twice as likely to experience an attack, Marsh McLennan found.

By Alexei Alexis • Sept. 24, 2024

Suffolk County ransomware attack linked to lack of planning, ignored warnings

A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.

By David Jones • Sept. 18, 2024

AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.

Telecom cybersecurity remains a challenge with widespread impacts. AT&T is not alone in experiencing a pattern of extensive breaches exposing customer data.

By Matt Kapko • Sept. 18, 2024

Valid accounts remain top access point for critical infrastructure attacks, officials say

CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.

By Matt Kapko • Sept. 17, 2024

MOVEit victims are still coming forward. This time it’s Wisconsin Medicare.

The delayed notifications underscore the difficulty organizations confront in discovering breaches and attributing compromises to a root cause or source.

By Matt Kapko • Sept. 9, 2024

CISA officials credit Microsoft security log expansion for improved threat visibility

CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.

By David Jones • Aug. 27, 2024

SEC settles cyber case with Equiniti Trust as oversight questions linger

The firm, formerly known as American Stock Transfer, will pay $850,000 to settle civil fraud charges involving the theft of $6.6 million in client funds.

By David Jones • Aug. 26, 2024

Progress Software says SEC declines to pursue action related to MOVEit exploitation spree

The decision comes just weeks after a federal court dismissed most of the SEC’s civil fraud case against SolarWinds.

By David Jones • Aug. 8, 2024

Global data breach costs reach all-time high of $4.9M, IBM says

U.S. organizations led the world with the highest average data breach cost, a dubious distinction it has earned for the 14th straight year.

By Matt Kapko • July 30, 2024

UnitedHealth’s cyberattack response costs to surpass $2.3B this year

The healthcare giant’s new estimate is roughly $1 billion higher than previous forecasts as the cyberattack on subsidiary Change Healthcare continues to hamper its profit outlook.

By Rebecca Pifer • July 17, 2024

Weak credentials behind nearly half of all cloud-based attacks, research finds

Credential mismanagement was the top initial access vector for cloud environment attacks during the first half of 2024, a Google Cloud report found.

By Matt Kapko • July 17, 2024

AutoNation warns CDK cyberattack will dent quarterly earnings

The major North American car dealership estimates the attack will lead to a $1.50 per-share earnings impact.

By David Jones • July 15, 2024

TeamViewer’s IT network breached through compromised employee credentials

The remote access software provider said the impact of the attack from Midnight Blizzard was limited to its internal network and customer environments were not affected.

By David Jones • July 1, 2024