Online education site EduCBA discloses data breach and reset customers? pwds

Security Affairs

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident. EduCBA is a leading global provider of skill based education with 500,000+ members across 40+ Countries.

Data breaches grow across UK education sector

IT Governance

A recent freedom of information request by chartered accountants UHY Hacker Young reveals a worrying rise in reported data breaches across the UK education sector. The high-profile GDPR (General Data Protection Regulation) mandates data breach reporting in many cases, and a lot of incidents have been reported since the Regulation came into force, but the numbers shared by the ICO (Information Commissioner’s Office) reveal a growing trend even before then.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fixing Data Breaches Part 1: Education

Troy Hunt

We have a data breach problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification. That was really our mandate - understanding the impact on how we verify ourselves - but I want to go back a step and focus on how we tackle data breaches themselves. Let's get started with one I raised multiple times whilst sitting in front of Congress - education.

Data Breach: Turkish legal advising company exposed over 15,000 clients

Security Affairs

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. How Did the Data Breach Happen? Whose Data was Exposed and What Are the Consequences.

When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. What constitutes a personal data breach. When must breaches be reported?

List of data breaches and cyber attacks in February 2021 – 2.3 billion records breached

IT Governance

In total, we detected 2,323,326,953 breached records. Data breaches. Data breaches. The post List of data breaches and cyber attacks in February 2021 – 2.3 billion records breached appeared first on IT Governance UK Blog.

Cloud computing provider Blackbaud paid a ransom after data breach

Security Affairs

Cloud software provider Blackbaud revealed to have paid crooks to decrypt its data following a ransomware attack that took place in May 2020. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.

Chegg discloses the third data breach in the last two years

Security Affairs

The American education technology firm Chegg discloses a security breach, it already sent notifications to its employees. The US education technology company Chegg discloses a security breach that took place in early April, the firm already sent notifications to its employees.

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach.

List of data breaches and cyber attacks in February 2020 – 623 million records breached

IT Governance

The 632,595,960 breached records accounts for about a third of January’s total, and is considerably lower than the figures for this time last year. Ordinance Survey discovers breach of employee data (1,000). Altice USA employees’ data stolen in phishing attack (12,000).

How to Educate Your Customers When A Data Breach Occurs

Rippleshot

Data breaches are happening more frequently and when they are occurring the number of impacted consumers is growing. Not to mention, the scope is widening as droves of sensitive data is filling the dark web for fraudsters to monetize for their next big fraud scheme. At Rippleshot, we're in the business of proactively protecting our customers from the impact of data breaches, card fraud and other incidents that put your customer's data at risk.

Thinkful forces a password reset for all users after a data breach

Security Affairs

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The online education platform for developers Thinkful has suffered a data breach, just a few days after it has announced it would be acquired by the education tech firm Chegg for $80 million. ” reads the data breach notification sent by the company.

A 6-step guide to surviving data breaches

IT Governance

Any day during which you find out that you’ve been breached will be bad. Under the GDPR (General Data Protection Regulation) , organisations have 72 hours from the moment they become aware of a breach to report the incident. They can do this either by email or telephone, but it’s not as simple as saying “we’ve been breached”. Disclosing a breach promptly can save organisations a significant amount of money and enable those affected to secure compromised accounts.

How should you investigate a data breach?

IT Governance

Digital Guardian recently asked a group of cyber security experts what the most important step is following a data breach. This might seem counterproductive: with so much post-breach chaos, from isolating the incident and letting staff know what’s going on to getting back to work and notifying affected individuals, surely it’s a time to be looking forward, not backward. So how should you approach a data breach investigation?

Personal data breaches in schools, to report or not to report?

IT Governance

Under the GDPR, all personal data breaches need to be recorded by the organisation and there should be a clear and defined process for doing so. In some circumstances, breaches also need reporting to the ICO (Information Commissioner’s Office) and within 72 hours of their discovery. In the third of our #BreachReady blogs for schools, we explore which typical school breaches need reporting. Understanding what constitutes a personal data breach.

Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Hunton Privacy

On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act. Student Data Privacy. Security Breach U.S.

Fixing Data Breaches Part 5: Penalties

Troy Hunt

In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. It was inevitable that we'd eventually end up talking about penalties though because the fact remains that although all the aforementioned recommendations make perfect sense, we're still faced with data breaches day in and day out from companies just not getting the message.

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect. Fixing Data Breaches Security

List of data breaches and cyber attacks in August 2020 – 36.6 million records breached

IT Governance

There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents. Data breaches. The post List of data breaches and cyber attacks in August 2020 – 36.6

Melbourne professor quits after health department pressures her over data breach

The Guardian Data Protection

In 2016, Vanessa Teague, a cryptographer from the University of Melbourne, and two of her colleagues reported on a dataset , published on an open government data website by the federal government, of 2.5m

The enemy within: three types of employees that cause data breaches

IT Governance

Negligent employees are the leading cause of data breaches at small and medium-sized businesses across North America and the UK, according to a recent study from Keeper Security. But his best isn’t good enough, because this year Ian singlehandedly caused a data breach that cost his company more than £20,000. In one fell swoop, the hacker gained access to all of Ian’s user data, including login credentials and company credit card numbers. Education is prevention.

UEA suffers data breach blunder

IT Governance

The University of East Anglia (UEA) has suffered a data breach after an email containing sensitive medical information about a staff member was sent to about 300 students. This is the second breach in five months for UEA, both of which were reported to have been caused by human error. The steps that the university is taking have been imposed upon them by the Information Commissioner’s Office (ICO), and are in response to a breach earlier in the year. Educating staff.

Fixing Data Breaches Part 4: Bug Bounties

Troy Hunt

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education ; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws. The Economics of Breaches and Bug Bounties. Fixing Data Breaches Security

2.6 billion records exposed in 2,308 disclosed data breaches in H1

Security Affairs

billion data records have been exposed in data breached in the first half of 2018. According to a new report titled “ Mid-Year 2018 Data Breach QuickView ” published by the cyber threat intelligence company Risk Based Security some 2.6. billion data records have been exposed in the first half of 2018. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information.

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Hunton Privacy

The sanction was imposed following a data breach that took place between April 2016 and July 2017 that the banking institution notified to the Garante at the end of July 2017.

54% of universities reported a data breach in the past year

IT Governance

A survey has found that 54% of UK universities reported a data breach to the ICO (Information Commissioner’s Office) in the past 12 months. The lack of investment in staff awareness training is particularly dangerous when you consider the amount of sensitive data that universities hold.

Prepare for a healthcare data breach this summer

IT Governance

You’ll no doubt be taking measures to protect yourself against sunburn, but don’t forget that your organisation needs to apply its own SPF (security protection factor) to protect itself from data breach damage. Data breaches can occur at any time, but organisations are particularly vulnerable during the summer holidays, when cyber criminals take advantage of lower staffing levels to launch malicious attacks. Data breach statistics.

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? In part 2 of the series, I want to talk about data ownership and minimisation and this is all about reducing the impact on individuals and organisations alike when things do go wrong.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records. Granted, a big chunk of those come from a single incident – a mammoth breach involving a Chinese smart tech supplier – but as unimaginative football commentators say, ‘they all count’. Philadelphia Federal Credit Union confirms security breach (unknown). State-sponsored hackers breach Greece’s top-level domain registrar (unknown).

10 Steps for Data Breach Prevention in the Workplace

Archive Document Data Storage

UK businesses face unprecedented levels of data security threats. How are you protecting your corporate data? Here are ten steps for reducing your data breach exposure: 1. You can’t protect your data without knowing where it’s stored. Locate your document and data storage repositories. A team of dedicated indexing specialists will categorise and label your documents and data so you have a full account of your information.

List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked

IT Governance

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total. which breached sixteen years’ worth of insurance data. That incident accounted for more than 60% of all of May’s breached records. Hackers steal card data from 201 online campus stores in US and Canada (unknown). Binance breached as hackers steal £38 million in bitcoin (unknown). Data breaches.

Sign up for the new education sector email updates

IT Governance

To support the wider education sector with data protection and cyber security, we are launching a sector specific email newsletter and blog series. To sign-up, send us ideas of what you would like us to cover or questions for us to answer, please leave complete this form and choose education as your sector. More about our education sector products and services.

University fundraising under scrutiny after data breach allegations

The Guardian Data Protection

Information Commissioner to look at evidence of wealth screening of former students before approaches made for donations University fundraising is to be examined by the Information Commissioner after allegations emerged that the personal data of some alumni was being misused. Elizabeth Denham has committed to look at evidence which allegedly shows UK universities belonging to the Russell Group sent former students’ data to firms for wealth screening before approaching them for donations.

Inside CUNA's 'Stop The Data Breaches' Congressional Push

Rippleshot

As we approach the 10th month of the year, it's clear that 2019's data breach statistics will once again be one for the record books. Congress to pass meaningful data security legislation. Last month, CUNA created ‘Stop the Data Breaches’ MAP campaign (member activation program) directed " credit unions to make Congress aware that there cannot be data privacy without data security."

5 Ways to Protect Your Small Business from a Data Breach

Archive Document Data Storage

Small businesses are just as vulnerable to data breaches as big corporations. But for many small business owners, investing in breach prevention measures is an afterthought. In this blog, we offer five cost-effective strategies to protect your small business from a data breach. Negligent document disposal habits increase your organisation’s data breach exposure. It’s not just your online data that’s at risk. Educate Your Employees.

List of data breaches and cyber attacks in January 2021 – 878 million records breached

IT Governance

Thankfully, January was relatively quiet on the data breach front, following a chaotic end to 2020 in which we surpassed a thousand security incidents and 20 billion breached records. So far this year, we’ve recorded 82 incidents and 878,168,975 breached records.

Key takeaways from the 2019 Verizon Data Breach Investigations Report

IT Governance

Verizon’s annual DBIR (Data Breach Investigations Report) is among the most valuable studies in the security industry, so the release of the 2019 edition this week is cause for celebration. Unfortunately, the reports don’t speculate on possible interpretations of the data, leaving that to independent experts. Financially-motivated social engineering attacks are behind 12% of all breaches analysed.

What have the ICO said about data breach?

Privacy and Cybersecurity Law

The ICO have been discussing data breach reporting under GDPR in a new webinar. Here are the key points: GDPR introduces mandatory breach reporting. This applies to accidental breaches and internal breaches – not just those that are deliberate or are about losing personal data externally. Don’t forget about integrity and availability breaches (e.g. Temporary loss of data, according to EDPB Guidance can be a personal data breach.

SolarWinds Hack Could Affect 18K Customers

Krebs on Security

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. SolarWinds’ stock price has fallen 25 percent since news of the breach first broke.

Mapping the threat: an insight into data breaches across Europe

Thales Cloud Protection & Licensing

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. A significant amount of money to lose for any business, now the perils of a data breach just got a lot more serious. Fighting breaches with budgets. Data security