We are living in the era of the digital economy where companies are collecting and storing lots of valuable customer data on a daily basis. As it has turned out, data is an important input in the competitiveness, growth, and revenue generation for any company across industries. But every valuable resource has its vulnerabilities, and data is not left out in this unfortunate fact. A notable vulnerability of sensitive data that has left many IT departments scratching their heads is data breaching.

Earlier this week, I heard a fascinating interview with the former Chief Information Officer of Equifax, Graeme Payne. If you are unfamiliar with Graeme, he was the scapegoat for the Equifax breach; described in Congressional testimony as “the human error” that caused the breach. Graeme, however, is a true gentleman who is very gracious about his situation.

Unicredit has reported a breach of its IT systems resulting in the leak of information belonging to over 3 million customers. The bank confirmed on Monday that a file created in 2015 containing three million records involving Italian clients is the source of the security incident. The victims' names, telephone numbers, email addresses, and cities where clients were registered are among the information compromised.

Two U.S. senators have demanded an investigation into Amazon Web Services to determine whether the cloud provider broke the law by failing to secure infrastructure that was compromised in the recent Capital One breach. Paige Thompson, a former AWS software engineer, has been accused of the attack on Capital One and 30 other organizations.

CafePress is being served with a class-action lawsuit in the United States after allegedly failing to update its security software and informing customers of a data breach months after learning of the incident. The online gift shop retailer was criticized earlier this year for its weak cybersecurity and incident response after discovering 23 million customers had their personal information compromised in a data breach thought to have happened in February 2019.

The health data belonging to nearly one million New Zealanders has been accessed illegally after a cyber attack on Tū Ora Compass Health's website. The website was hacked in August 2019, but investigations into the incident have found previous attacks dating as far back as 2016 to March 2019. Neither the firm nor New Zealand's Ministry of Health has been able to determine whether these attacks resulted in any medical information being accessed.

Food delivery service DoorDash announced in a blog post on Thursday that the company has suffered a data breach affecting millions of customers, workers, and merchants. The firm claims that an unauthorized party managed to access data belonging to 4.9 million DoorDash customers through a third-party service provider. An investigation into the security incident has determined that the unauthorized party accessed DoorDash user data on May 4, 2019.

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive types of security incidents.

The phone numbers associated with over 400 million Facebook accounts were exposed online in the latest privacy dilemma for the social media giant. TechCrunch reported on Wednesday that an exposed server storing 419 million records was found online - 133 million belonging to U.S. users, 50 million Vietnamese users, and 18 million U.K. users. This server was not protected with a password, meaning anyone could access the database up until late yesterday evening once the host took down the site.

TechCrunch reports that a security researcher stumbled across an exposed server on the internet containing databases with a total of more than 419 million records related to Facebook users. According to TechCrunch’s reporting, each database record contains a user’s unique Facebook account ID (from which it’s possible to determine a user name) and phone numbers attached to the account.