SaltStack: 20 Breaches Within Four Days

Since 2017, I’ve reported in our annual State of the Software Supply Chain Report that the average time between an open source vulnerability being announced and subsequently exploited was three days.  We saw this exploit time with Equifax, GMO Payment Gateway, Canada Revenue Agency and several more.  

Then our CTO, Brian Fox, started chronicling a disturbing turn of events that showed that a shifting landscape of attacks based on OSS consumption was emerging. In the past three years, we’ve seen a consistent increase in open source and supply chain attacks that make one thing clear: adversaries are not slowing down.

Twenty more […] Read more

California tops states with highest number of data breaches and records lost

A new compilation of data says the home of Hollywood and Silicon Valley has seen nearly 19 million records lost in attacks since 2005.

A new report compiling information from on data breaches in the United States found that California has had the highest number of documents lost during attacks since 2005.

Using data on the total number of records lost per breach from 2005 to 2019, email marketing company Omnisend compiled a study ranking US states and companies. It found that California topped the list with 18,921,723 […] Read more

Hack Attack: Tips on Preventing Data Breaches

The past decade has seen some of the worst security breaches imaginable. From Yahoo’s breach in 2013 that impacted three billion people to the Equifax breach that exposed the personal credit information of 143 million people, it’s clear that hackers are working hard to overcome security systems.

Given the amount of data available and the hyper-personalization of said data, the onus for security is on companies that collect and use data. Not only is it the right thing to do and the most business-savvy, but it is increasingly becoming a legal obligation. Failing to prevent a data breach, particularly as a […] Read more

The toll data breaches take on your mental health


To prevent criminals from opening bank, utility and phone accounts in your name, you need more than a credit freeze. Here’s what to do.


After a restorative getaway last July – a week in Stockholm, another exploring Norway’s fjords and a picturesque hike deep into the peaceful wilds of western Sweden’s forests – Christopher Lane returned home to his Chicago condo and an overflowing mailbox. 

A nondescript envelope stamped “Important Update – Open Immediately” caught his attention. Inside was an alarming notice that his medical […] Read more

The Consequences of Security Breaches Are Becoming More Severe

With the prevalence of cyberattacks, breaches, and data leaks heading into 2020, it’s becoming commonplace for employees to part ways with their organization after a security incident. Although the consequences from a breach were less severe in the past, reactions are shifting as data leaks are deemed more dire than ever before.

A 2018 report from Kaspersky Lab surveyed 6,000 people in 29 countries and found that, globally, 31 percent of cybersecurity incidents resulted in the layoff of employees at impacted companies. In roughly a third of these cases, those employees holding senior IT positions were most often let go from […] Read more

The 2010s’ biggest flops, from breaches to impeachment

Part of the Decade Issue of The Highlight, our home for ambitious stories that explain our world.

Call them whiffs, or glaring failures: These four episodes from the 2010s had effects we may not even register a decade from now.

Millions lost their grip on their private data

The extensive theft in 2013 of Target customers’ sensitive data began nearly a month before the company confirmed to the public, at the height of holiday shopping season, that criminals had made off with the credit card numbers, PINs, and email addresses of […] Read more

These are the worst hacks, cyberattacks, and data breaches of 2019

What happens after a data breach in a major company? Nothing good, says Wall Street
The stock market does not take cybersecurity incidents kindly, it seems.

The blight of cyberattacks, criminal hacking groups, and data breaches is not going away anytime soon.

For the past few years, there has been a constant stream of data breaches that have hit the headlines, ranging from the theft of medical information, account credentials, corporate emails, and internal sensitive enterprise data. 

When a data breach occurs, companies will usually haul […] Read more