Five Guys says breach may have compromised applicant data

The fast food chain said in letters to consumers that it first became aware of the breach in September 2022.

By Ryan Golden • Jan. 10, 2023

CircleCI incident raises further concerns about security of software development

Customers expressed frustration after an apparent breach with few details forced engineers to rotate secrets stored on the CI/CD platform. 

By David Jones • Jan. 9, 2023

Explore the Trendline➔

Securing the cloud

A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider. 

By Cybersecurity Dive staff

What’s at stake for 33M compromised LastPass users?

Cybersecurity professionals criticized the password manager's response to an incident that escalated to alarming levels. “This is about as bad as it gets,” one researcher said.

By Matt Kapko • Jan. 6, 2023

6 security experts on what cyberthreats they expect in 2023

Organizations will keep a close eye on geopolitical tension and supply chain attacks. But at the core, the biggest threats are built on mistakes.

By Naomi Eide , Matt Kapko , David Jones • Jan. 6, 2023

What we know about the LastPass breach (so far)

The blast radius from a breach at LastPass grew from bad to worse during a four-month period. Most of the data held by the password manager is now compromised.

By Matt Kapko • Jan. 5, 2023

Slack employee tokens stolen, GitHub repository breached

The firm said the threat actor downloaded private code repositories, but none had customer data or the company’s code base.   

By David Jones • Jan. 5, 2023

After LastPass hack, only its master passwords remain uncompromised

The password manager warned customers to lookout for brute force attacks, phishing or credential stuffing.

By Matt Kapko • Dec. 27, 2022

Okta’s GitHub source code stolen, company downplays impact

The identity and access management platform has been hit by three major security incidents this year.

By Matt Kapko • Dec. 22, 2022

Remote, third-party workers raise security risks for enterprises: report

A study on behalf of Talon shows third-party contractors are often engaged in risky behavior, using unmanaged devices or high-risk desktop technologies. 

By David Jones • Dec. 21, 2022

CommonSpirit ransomware attack exposed personal information of 623K people, system says

This is the first time that the health system has disclosed the number of people potentially affected by the cyberattack.

By Samantha Liss • Dec. 12, 2022

Rackspace says ransomware disrupted its Hosted Exchange business

The incident could lead to further interruptions and a loss of revenue at its Hosted Exchange business, the company warned. 

By David Jones • Dec. 6, 2022

7 of this year’s biggest cybersecurity stories

From vendor evolution to the long-term effects of high-profile attacks, the cybersecurity industry is rapidly evolving. Take a look at our top stories to understand just how much has changed.

By Naomi Eide • Dec. 5, 2022

LastPass breach fallout spreads to expose customer data

Details are scant but since the breach is a continuation from an attack on the company’s development system, “the keys to the kingdom” might be in the wrong hands, one expert said.

By Matt Kapko • Dec. 1, 2022

Nokia warns 5G security ‘breaches are the rule, not the exception’

A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.

By Matt Kapko • Nov. 16, 2022

No, your CEO is not texting you

Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.

By Matt Kapko • Nov. 3, 2022

Bed Bath & Beyond reviewing data breach

The home goods retailer doesn’t believe sensitive or personal data was accessed by the third party.

By Caroline Jansen • Nov. 2, 2022

U.S. Bank data breach impacts 11K customers

A third-party vendor accidentally shared the names, addresses, Social Security numbers, birthdays, closed account numbers and outstanding balances, the bank said.

By Gabrielle Saulsbery • Oct. 31, 2022

Cybersecurity quarterly benchmarks: Q1, 2022

Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

Oct. 24, 2022

As cybersecurity threats rage, colleges invest in risk prevention and pay higher insurance premiums

Cyber insurance policy renewal price increases are typically between 40% and 60%, with some increases hitting the triple digits, S&P said.

By Rick Seltzer • Oct. 14, 2022

CommonSpirit’s ‘IT security incident’ was likely cyberattack, security experts say

Experts view moving systems offline and interrupting access to electronic health records as a defensive move.

By Samantha Liss • Oct. 7, 2022

American Airlines phishing attack involved unauthorized access to Microsoft 365

The airline has begun disclosing additional details to state regulators, confirming more than 1,700 people were impacted.

By David Jones • Sept. 26, 2022

Morgan Stanley fined $35M by SEC over improper data disposal

The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

By Gabrielle Saulsbery • Sept. 21, 2022

Stolen single sign-on credentials for major firms available for sale on dark web

Stolen SSO credentials are available for half of the top 20 public companies, and 25% of the entire S&P 500, BitSight found.

By David Jones • Sept. 21, 2022

American Airlines targeted by threat actor in July data incident

The airline has notified customers about the potential release of personal data, but said there is no evidence of the data being misused. 

By David Jones • Sept. 20, 2022

Capital One freed from consent order tied to 2019 breach

The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

By Gabrielle Saulsbery • Sept. 20, 2022