Leveraging Knowledge to Manage Your Data Risks
I apologize that this post is not light reading. It’s critically important to know what the threats are so you can avoid becoming a victim.
Although disconcerting, it is crucial to know what has happened in the first half of this year. TechCrunch recently issued a report outlining the worst breaches of 2026—so far:…
According to HaveIBeenPwned, ShinyHunters targeted fashion brand Zara in a cyber-attack and claimed that it had stolen 197,000 unique email addresses, product SKUs, order IDs, and the originating market. The incident involved a former technology provider (AI analytics platform Anodot) for Zara’s parent company, Inditex, which resulted in the exposure of the personal information.
The Washington Post has published a report detailing a whistleblower complaint alleging that a former Department of Government Efficiency (DOGE) employee stole two complete databases from the U.S. Social Security Administration while employed as a DOGE software engineer.
The databases stolen include the “’Numident’ and the ‘Master Death File,’ which could cover records for more…
Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, and its CEO has resigned. It is seeking to sell “substantially all of its assets” through a reorganization plan that will have to be approved by a federal bankruptcy judge.
Mark Jensen, Chair and member of the Special Committee of the Board of…
Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure…
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with…
On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state partnership focused on privacy, data protection, and cybersecurity enforcement matters. This partnership will allow the FCC and the CPPA to share resources and align efforts…
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.
In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group…
