Here are the top cybersecurity stories of recent weeks:
- 100 million Quora users affected by data breach
- First multi-state healthcare breach impacts 3.9 million
- Australia’s anti-encryption bill becomes law
- Unprotected MongoDB server exposes 66 million
- Malware attack undetected for four years
Quora, a website that allows users to inquire about different topics for credible feedback, was recently attacked by hackers. This website has been trusted by 300 million users, but, due to this immense cyberattack, users are now questioning the safety of their personal data on the site. Last week, Quora discovered that their database had been infiltrated, and that about one-third of their users were affected. The investigation is still ongoing; however, it is certain that user account information has been accessed by an authorized third party.
The news of a healthcare breach is severe enough as is, but the announcement of the first multi-state data breach is nothing short of a cybersecurity disaster. The protected health information (PHI) of 3.9 million people was accessed through this single breach, and the affected healthcare companies failed to disclose the occurrence in a timely fashion. A lawsuit was recently filed against the involved healthcare firms, but the investigation shows that the breach actually happened in 2015.
In Australia, law enforcement can now undermine encryption in order to gain unauthorized access to civilian devices. The government claims this will help stop terrorist attacks, homicides, and other serious crimes. However, this allows for the invasion of privacy and creates a loophole for cyber criminals, causing many concerns about the security of sensitive data. Now that the Australian government has set this law, any company or website operating within the country will have to find a way to preserve the trust between them and their users.
A database with personally identifiable information (PII) of 66 million individuals was found unprotected. This information included full names, contact information, employment history, and more. The availability of this information gives malicious cybercriminals the power to launch targeted phishing attacks that are difficult to recognize. The information seems like it has been scraped from LinkedIn profiles. Fortunately, the data did not fall into the wrong hands and was taken offline before it could affect the users exposed.
The existence of malware within a 1-800-FLOWERS database was recently discovered. The threat was stealing funds from customers’ credit cards for four years before finally being detected. Other information was also collected, including full names, card numbers, expiration dates, and card security codes. More than 500 million California residents have been affected and the state’s attorney general office has filed a legal complaint.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from ransomware, data leakage, misconfigurations, and more, download the Definitive Guide to CASBs below.