First American Financial takes systems offline after cyber incident

The incident comes just weeks after the title insurance firm reached a $1 million settlement with New York state financial regulators for a massive 2019 data breach that impacted 885 million customer records.

By David Jones • Updated Dec. 27, 2023

Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability

The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw.

By David Jones • Dec. 19, 2023

Explore the Trendline➔

Securing the cloud

A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider. 

By Cybersecurity Dive staff

Henry Schein says 29K people affected in September cyberattack

The ransomware group AlphV/BlackCat claimed responsibility for the data breach and a second incident involving the company.

By Susan Kelly • Dec. 11, 2023

Norton Healthcare ransomware attack exposes 2.5M people

Ransomware attacks are soaring in the healthcare sector, impacting more than 88 million people in the first 10 months of 2023, according to HHS.

By Matt Kapko • Dec. 11, 2023

Data breaches fallout reach new heights as the number of exposed records soars

The increased threat to and exposure of personal data is linked to two key factors: a rise in ransomware and attacks against vendors, an MIT study found.

By Matt Kapko • Dec. 8, 2023

North Texas water utility the latest suspected industrial ransomware target

Federal authorities are investigating multiple attacks against water and wastewater treatment facilities in the U.S. following an Iran-linked attack in Pennsylvania.

By David Jones • Nov. 30, 2023

MGM CFO expects insurance to cover cyberattack costs

The Las Vegas-based casino and resort operator has pegged the costs of the September cyberattack that temporarily impeded operations at about $100 million. 

By Suman Bhattacharyya • Nov. 29, 2023

All Okta support system customers caught in previously disclosed breach

The single sign-on provider significantly widened the scope of the attack two months after customers first reported suspicious activity on their Okta environments.

By Matt Kapko • Nov. 29, 2023

NY reaches $1M breach settlement with First American Title Insurance

The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.

By David Jones • Nov. 28, 2023

Fidelity National Financial investigating cyberattack that led to service disruption

AlphV/BlackCat claimed responsibility for the attack on the title insurance giant, which is trying to determine whether the attack will have a material impact.

By David Jones • Nov. 27, 2023

Stanley Steemer hack breached data of almost 67K customers

The cleaning company said attackers gained access to its systems nearly a month before the intrusion was discovered in March.

By David Jones • Nov. 17, 2023

File-transfer services, rich with sensitive data, are under attack

A trio of supply-chain attacks in 2023 created turmoil for thousands of corporate victims and their customers.

By Matt Kapko • Nov. 14, 2023

For Maine, the MOVEit attack is personal

With 1.3 million individuals compromised, the level of exposure on an individual basis is one that's representative of a compromise of its entire population.

By Matt Kapko • Nov. 10, 2023

MGM Resorts anticipates no further disruptions from September cyberattack

The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.

By David Jones • Nov. 9, 2023

5 Okta customers snared in attack on the provider’s support system

The IAM provider says the attack was most likely linked to a compromised employee’s personal Google account or personal device.

By Matt Kapko • Nov. 3, 2023

Okta employee data breached in third-party healthcare attack

An incident at Rightway Healthcare resulted in a breach of sensitive health information of almost 5,000 Okta employees. It’s the latest in a series of security woes for the IAM provider.

By Matt Kapko • Nov. 2, 2023

Non-bank financial institutions must report data security breaches: FTC

The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.

By Rajashree Chakravarty • Nov. 2, 2023

BeyondTrust, Cloudflare averted Okta attacks thanks to security chops

With details scant, worries remain about how the attacks might have played out for less security-focused businesses that were impacted.

By Matt Kapko • Nov. 1, 2023

Five Guys discloses hack of 2 employees’ emails

The disclosure comes weeks after the company agreed to settle a federal class action suit stemming from a 2022 attack.

By David Jones • Oct. 30, 2023

Philadelphia discloses email compromise 5 months after initial detection

An ongoing investigation uncovered a two-month dwell time in the city’s email system that exposed some individuals’ sensitive information.

By Matt Kapko • Oct. 26, 2023

LastPass working through ‘systemic’ security overhaul

“We didn’t just address the issues that were the cause of the breach,” CEO Karim Toubba said. Still, nearly 1 in 10 customers are fleeing the password manager.

By Matt Kapko • Oct. 25, 2023

1Password caught in Okta breach, impacting employee-facing apps

The password manager came forward after BeyondTrust and Cloudflare disclosed similar Okta environment breaches. All three victims claim no data was compromised.

By Matt Kapko • Oct. 24, 2023

Okta attacked again, this time hitting its support system

A threat actor accessed customer support tickets and files containing sensitive data. Okta declined to say how many customers are impacted.

By Matt Kapko • Updated Oct. 23, 2023

Almost 42K Cisco IOS XE devices exploited, no patch available

Security researchers warn the number of infected hosts grew after a critical zero-day vulnerability was found.

By David Jones • Oct. 19, 2023

US data compromises hit all-time high

Supply-chain attacks and zero-day exploits, such as the widespread attacks against the MOVEit file-transfer service, are surging, according to the Identity Theft Resource Center.

By Matt Kapko • Oct. 16, 2023