Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: Starting today Google will start sending out notifications to employees about a data breach that occurred at a third party company that they do business with for their benefit management services. Babycare retailer Kiddicare has warned customers that personal data shared with the store has been stolen by hackers. Cyber Security Breaches Survey 2016 reveals that of those hit by cyberattacks, a quarter experience a repeated breach at least one a month. Experts are skeptical over the alleged 272 million credentials that were discovered last week, both Google and a Russia-based e-mail service unveiled analyses that call into question the validity of the security firm’s entire report.
Google suffers data breach via benefits provider – Publication: CSO – Reporter name: Dave Lewis
In the Google case, the whoops factor was curtailed and the damage was limited. There were names and Social Insurance Numbers in the document in question but, that didn’t leak beyond that immediate parties according to the breach notification letter which is due out today. Even though the issue was contained, Google is providing credit monitoring for affected parties.
Babycare e-tailer Kiddicare admits customer data breach – Publication: The Register – Reporter name: John Leyden
The compromised data is restricted to name, delivery address, telephone number and email address, according to Kiddicare, which is keen to stress that customer payment details or credit/debit card information has not been accessed.
Two thirds of large businesses have suffered a data breach in the past year – Publication: ZDNet- Reporter name: Danny Palmer
The proportion of businesses that have suffered a breach declines as the organization gets smaller: 51 percent of medium firms said they’d been the victim of an attack, compared to 33 percent of small firms, while just 17 percent of micro firms say they’d suffered a data breach. This could be because smaller firms are less attractive targets to hackers, or perhaps because they lack the skills to recognize a breach has taken place.
Garbage in, garbage out: Why Ars ignored this week’s massive password breach – Publication: Ars Technica – Reporter name: Dan Goodin
What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn’t come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.