Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.
Darktrace has brought in Ernst & Young to review the cybersecurity AI vendor's financial process and controls following bombshell allegations from short seller Quintessential Capital Management. The review comes weeks after QCM claimed that Darktrace overstated its sales, margins and growth rates.
Although small to medium enterprises - SMEs - do not have the security resources larger enterprise possess, they face the same risks. Here are five reasons you should consider consolidating your tech as you strive to find an effective, sustainable security stack that also keeps costs in check.
Unifying decision-making about privacy, security, ethics and governance poses a huge challenge from a regulatory and operational perspective, says OneTrust CEO Kabir Barday. OneTrust has created a network of 900 lawyers across 300 jurisdictions that feed intelligence into the company's platform.
Embattled social media platform Twitter lost its chiefs of security, privacy and compliance, and the resignations put the company and its new owner, Elon Musk, at greater risk of regulatory enforcement. The company signed a binding two-decade agreement with the U.S. Federal Trade Commission in May.
The chief executive of alcohol delivery app Drizly is set to come under a decadelong requirement imposed by the U.S. Federal Trade Commission to ensure whatever company he oversees has an information security program. A hacker stole customer records of 2.5 million individuals from Drizly in 2020.
Twitter security exec-turned-whistleblower Peiter Zatko today listed alleged security and privacy shortcomings of the social media company for a Senate panel. "It's not farfetched to say that an employee inside the company could take over the accounts of all of the senators in this room," he said.
The national network for connecting medical centers with donated human organs faces doubts about its ability to secure data amid concerns about its IT infrastructure. A federal watchdog has reviewed the Health Resources and Services Administration and United Network of Organ Sharing.
Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.
Supply chain risk must be part of an enterprisewide risk management program framework, says information security manager Matt Marciniak of financial service firm Quantile. Reducing risk requires an agile approach to supplier management, he says.
Britain's Conservative Party is holding a leadership contest, with the winner set to become the country's next prime minister. But the balloting process has been delayed after the National Cyber Security Center warned that hackers could abuse a process allowing members to change their online vote.
Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.
Our security experts predict an action-packed year, and suggest you buckle your seatbelt. Get the latest on key trends, including:
Ransomware + supply chain = big new challenges.
Are cloud providers too ripe a target?
Threat intel is in for a makeover.
Most of what you need to know about security you’ve...
As the U.S. Congress continues to push for a strengthening of FISMA, lawmakers held a hearing with former government cybersecurity officials on Tuesday, all of whom expressed a need to update the law, last modified in 2014, and focus more on outcomes than on processes and compliance.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.