In March 2021, U.S. healthcare provider Elara Caring suffered a data breach thanks to a phishing email sent to two employees. Soon after this initial blitz, additional phishing emails gave attackers further access into the organization’s systems. The results were rather devastating: Personally identifiable information (PII) of more than 100,000 patients was compromised—including names, dates of birth, Social Security numbers, financial accounts, and driver’s licenses.

It would be big news, to say the least, if a large quantity of Google source code found its way into the public domain. Now imagine if the leak also included source code from Amazon and Uber. That’s the scale of the data leak that hit Russian tech giant Yandex. The risk here is that malicious actors could analyze the leaked code and discover exploitable security gaps.

Security teams need to continually bolster their cybersecurity controls and expertise to keep up with the evolving threat landscape. Successful readiness and response to a cybersecurity breach requires the right mix of people, processes and technology. Yet challenges with staffing, technical issues, and budget hamper threat detection and response for too many organizations, creating gaps that threat actors are eager to exploit.

Data breaches have become an unfortunate reality of the digital world we live in. While there is no doubt that efforts can be made to mitigate the chances of a data breach, living in a completely data breach-free world is not realistic. Apart from having processes and technology in place to prevent data breaches, companies should also have a plan of action in case they do suffer a breach. One aspect of being prepared is understanding how vulnerable your industry may be to data breaches.

The January 2022 International Committee of the Red Cross (ICRC) data breach was caused by an unpatched critical vulnerability in the Single Signe-In tool developed by Zoho, a business software development company. After exploiting the vulnerability (tracked as CVE-2021-40539), the cybercriminals deployed offensive security tools to help gain access to ICRC's contact database, resulting in the compromise of more than 515,000 globally.

Few companies expect to be at the center of a newsworthy data breach incident. However, according to some sources, cybercriminals can access 93% of businesses in an average of two days. Around 150 million data records were compromised in the third quarter of 2022 alone. Businesses are increasingly reliant on data systems such as cloud computing and remote working to compete in the modern workplace.

In 2022, cyber incidents in businesses and organizations worldwide have skyrocketed, with data breaches being one of the main concerns. Almost 109 million personal accounts and emails were compromised in Q3 2022 — a 70% increase compared to Q2. Particularly, Australia has seen a significant rise in data breaches, especially in its financial services and healthcare sectors.

Your organization could be at risk if you’re not handling hard-coded secrets properly. The Synopsys AST portfolio has you covered at every stage of the SDLC. By: Ksenia Peguero, Naveen Tiwari, Lijesh Krishnan, and DeWang Li The most severe vulnerabilities in a system or application can be caused by an easily overlooked issue—for example, a leaked hard-coded secret can allow an attacker to steal data or compromise a system.

A thriving hacker has been found to be posting a college database showcasing it to be a breach. This happened to one of the colleges in the southern region of India, Kerala. Necessary measures have been taken to keep them up to date! The college’s information was found to be floating around on the Dark Web. These data seem to be highly sensitive. These data could be acquired by any human being for just a few thousand.