Data breaches are becoming expensive

It seems that summer 2019 is when data breaches start to finally cost some real money to companies with bad security practices on both sides of Atlantic ocean:

FTC hits Equifax with fine of up to $700M for 2017 data breach

Marriott to face $123 million fine by UK authorities over data breach

UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users


  1. Tomi Engdahl says:

    Some of Russia’s surveillance tech leaked data for more than a year

    Security researcher finds that some of Russia’s SORM wiretapping equipment had been leaking user data.

    A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet.

    But in a talk at the Chaos Constructions security conference last Sunday, on August 25, a Russian security researcher named Leonid Evdokimov revealed that some of these wiretapping devices have been leaking data.

    Evdokimov said he found 30 SORM devices installed on the network of 20 Russian ISPs that were running FTP servers that were not secured with a password.

    These FTP servers contained traffic logs from past law enforcement surveillance operations

  2. Tomi Engdahl says:

    A 19-year-old UK man has been arrested for allegedly stealing unreleased songs from world-famous musicians’ websites and cloud-based accounts and selling the music for cryptocurrency, authorities in London and New York announced

    Detective Inspector Nick Court, from PIPCU, said that the suspected hackers stole the music and sold it on illegal streaming sites worldwide, ripping a hole in victims’ livelihoods:

    This sort of crime causes significant financial loss to those who work so incredibly hard to produce, write and make music for their fans to enjoy.

  3. Tomi Engdahl says:

    But as breaches become more commonplace, few companies remember the actual incident itself — or even the number of users or customers affected. No matter what kind of security incident you’re thrown into, what happens afterward is how you will be remembered.

    Get it right, you can save face. Get it wrong, and you’ll never live it down.

    Don’t try to cover it up


  4. Tomi Engdahl says:

    No matter what kind of security incident you’re thrown into, what happens afterward is how you will be remembered.

    Do the wrong things and your hacked company will be remembered as cyber security clueless and one that smart customers think more than twice if they want to give their info to them.

  5. Tomi Engdahl says:

    10% of Small Businesses Breached Shut Down in 2019–of-small-businesses-breached-shut-down-in-2019/d/d-id/1336156
    As a result of cybercrime, 69% of small organizations were forced
    offline for a limited time and 37% experienced financial loss. 25%
    filed for bankruptcy.. Source survey:

  6. Tomi Engdahl says:

    Breach affecting 1 million was caught only after hacker maxed out target’s storage
    Hacker’s data archive file grew so big that the target’s hard drive ran out of space.

    The FTC said in a statement that as part of a proposed settlement, InfoTrax will be barred from collecting, selling, sharing, or storing personal information unless the company implements a security program that corrects the failures identified in the complaint. InfoTrax will also be required to obtain third-party assessments of its security every two years.

  7. Tomi Engdahl says:

    That means that personal and payment information of almost every North American who has a credit card was compromised in the last 2 years.
    #privacybreach #staysecure #cyberwall #cybersecurity

    If you bought anything from these 20 companies recently, your data may have been stolen

    Data breaches are becoming common for all kinds of businesses, including retailers.
    Since the start of 2018, at least 20 retailers and consumer companies were hacked and likely had information stolen from them.
    Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers.
    Retailers who suffer data breaches risk losing their customers’ trust.

    According to a study by KPMG, 19% of consumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period.

    Here are the consumer and retail companies that have suffered a data breach since January 2018

  8. Tomi Engdahl says:

    “Asiakkaiden luottamuksen menetys johtaa tietomurrossa vakaviin taloudellisiin vaurioihin”, IBM Securityn väki kirjoittaa aika lakonisesti 2019 Cost of Data Breach -nimisen tutkimuksen loppuraportissa.

    3 keys to preserving customer relationships in the wake of a data breach

    To thrive after a data breach, try talking to your customers during one

    For any organization, the primary objective of a “crisis” is to get through the event with as little long-term impact as possible. This means all the elements of your company that were thriving beforehand should still be thriving afterwards. From this perspective, it’s not enough to get a system back up and running after a data breach, if you’ve damaged other parts of the business in the process – for example, your customers lose trust in you and take their business elsewhere.

  9. Tomi Engdahl says:

    $3.92 million
    The global average cost of a data breach for the 2019 study is $3.92 million, a 1.5 percent increase from the 2018 study. As shown in the following chart, the average total cost of a data breach climbed from $3.5 million in 2014, showing a growth of 12 percent between 2014 and 2019.

    What’s New in the 2019 Cost of a Data Breach Report

    Yet we also found characteristics of data breaches in the study showing how difficult it is for organizations to recover from breaches. This year, we found that the time it takes organizations to identify and contain a breach — what we call the data breach life cycle — is 279 days. The 2019 life cycle is 4.9 percent longer than the 266 day average in 2018. In addition, we found that the longer a breach’s life cycle is, the greater the total cost. This is especially true in the case of malicious and criminal attacks, which take an average of 314 days to identify and contain.

    Top Cost Mitigating Factors: Incident Response Teams, Plans and Encryption
    Our research has traditionally looked at factors that either increase or decrease the cost of a data breach. In this year’s report, we added some new cost factors into the mix to flesh out more findings about what areas businesses could look at to mitigate the financial impacts of a data breach.

  10. Tomi Engdahl says:

    IT vendor fined after data of 47,800 students, parents and staff of Singapore schools hacked

    IT vendor Learnaholic has been fined S$60,000 after the personal data of more than 47,000 students, parents and staff of various schools were hacked.

  11. Tomi Engdahl says:

    Jeff Stone / CyberScoop:
    Equifax to pay $380.5M to members of a class action suit whose data was compromised in 2017 breach, after a federal judge approved the final settlement Monday — Equifax has agreed to pay $380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging …

    quifax to pay customers $380.5 million as part of final breach settlement

  12. Tomi Engdahl says:

    Shipbuilder Austal was hacked with stolen creds sold on dark web
    Austal, the ASX-listed shipbuilder and defence contractor, was
    compromised in late 2018 by an attacker who used login credentials
    purchased on a dark web forum, but who then failed to extract much of
    value or secure a ransom to have it returned.. CEO David Singleton
    provided a full post-mortem of the mid-October 2018 breach last week -
    which he said included a grilling from senior government ministers -
    and revealed cyber defences put in place afterwards had saved the
    company from credential phishes as recently as the past fortnight.

  13. Tomi Engdahl says:

    Hackers’ private chats leaked in stolen WeLeakData database

    Ironically, the database for the defunct hacker forum and data breach marketplace called is being sold on the dark web and exposes the private conversations of hackers who used the site. was a hacker forum and marketplace that primarily focused on discussing, trading, and selling databases stolen during data breaches and combolists that are used in credential stuffing attacks.

    At the end of April, mysteriously shut down

    a dump of’s vBulletin forum database from January 9th, 2020, is now being sold on dark web marketplaces

    After acquiring the database, Cyble has been able to confirm its authenticity based on data found in the database.

    Like any forum database, it contains a member’s login name, email address, hashed passwords, IP addresses that they registered and posted under, and private messages.
    Cyble states that this database was also used to launch a new site called, whose forum contains the same posts, private messages, and users that were in the dump.

  14. Tomi Engdahl says:

    Mama mia! Nintendo in need of a plumber after leak sprays N64, GameCube, Wii code

    Plus: Cognizant cognisant of whopping $70m in damage, malware creeps hit hospital firm, phishing campaigns, and much more

    Santander leaves keys out, exposes customers
    Banking giant Santander has reportedly exposed a set of critical keys that would have left customers wide open to fraud.

    Researchers with CyberNews discovered that the company’s website included a JSON file that had the unencrypted keys for Santander’s AWS content delivery network. The researchers say that, in the wrong hands, these keys would have allowed someone to access the CDN and edit its contents (things like banking statements or web pages) to include whatever they wanted.

    MobiFriends loses customer data
    Profiles of some 3.68 million people who use the dating app MobiFriends have been stolen and are being flogged around dark web forums.

    While the passwords are MD5 hashed, the other exposed information is the sort of thing you wouldn’t want a criminal to have: phone number, username, activity logs, birthdate, gender, and email address.

  15. Tomi Engdahl says:

    Sodinokibi drops greatest hits collection, and crime is the secret
    When a group of celebrities ask to speak with their lawyer, they
    usually dont have to call in a bunch of other people to go speak with
    their lawyer. However, in this case it may well be a thing a little
    down the line. A huge array of musicians including Bruce Springsteen,
    Lady Gaga, Madonna, Run DMC and many more have had documents galore
    pilfered by the Sodinokibi gang.

  16. Tomi Engdahl says:

    How to decode a data breach notice

    Most of them look largely the same. It’s my job to decode what they actually mean for the victims whose information is put at risk.

    Data breach notifications are meant to tell you what happened, when and what impact it may have on you. You’ve probably already seen a few this year. That’s because most U.S. states have laws that compel companies to publicly disclose security incidents, like a data breach, as soon as possible. Europe’s rules are stricter, and fines can be a common occurrence if breaches aren’t disclosed.

    But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit important facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary?

    The next time you get a data breach notification, read between the lines. By knowing the common bullshit lines to avoid, you can understand the questions you need to ask.

    “We take security and privacy seriously.”

    Read: “We clearly don’t.”

    “We recently discovered a security incident…”

    Read: “Someone else found it but we’re trying to do damage control.”

    “An unauthorized individual…”

    Read: “We don’t know who’s to blame, but don’t blame us.”

    “We took immediate steps…”

    Read: “We sprung into action… as soon as we found out.”

    “Our forensic investigation shows…”

    Read: “We asked someone to tell us how f**ked we are.”

    “Out of an abundance of caution, we want to inform you of the incident.”

    Read: “We were forced to tell you.”

    “A sophisticated cyberattack…”

    Read: “We’re trying not to look as stupid as we actually are.”

    “There is no evidence that data was taken.”

    Read: “That we know of.”

    “A small percentage of our customers are affected.”

    Read: “It sounds way worse if we say ‘millions’ of users.”

  17. Tomi Engdahl says:

    Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever

    Verizon Publishes 2020 Data Breach Investigation Report (DBIR) With Insights From Thousands of Confirmed


    Verizon’s 2020 Data Breach Investigations Report (DBIR) is the most extensive yet, with 81 contributing

    organizations, and more than 32,000 incidents analyzed (of which 3,950 were confirmed breaches). New geographical breakouts in the just-released report have been added together with new ways of visualizing the data.

    At a high level, Verizon believes the analysis provides good news to security professionals. In
    particular, it notes that malware incidents are down, suggesting that current anti-malware products are
    winning the battle.

  18. Tomi Engdahl says:

    Home Chef announces data breach after hacker sells 8M user records

    The user records for Home Chef was one of the databases being sold and allegedly contained 8 million user records.

    At the time of our reporting, BleepingComputer emailed Home Chef but never received a response.

    Home Chef issues data breach notification
    Now, almost two weeks later, Home Chef has officially disclosed the data breach in a “Data security incident” notice posted to their web site.

  19. Tomi Engdahl says:

    Data breach leads to the theft of $10M from a Norwegian investment
    On May 13, Norways sovereign wealth fund, Norfund, announced that it
    had lost $10 million in an advanced data breach. In a statement, the
    fund said that it was closely collaborating with the police and other
    relevant authorities after a series of events allowed cybercriminals
    to steal $10 million from the organization.

  20. Tomi Engdahl says:

    Cognizant Says Maze Ransomware Attackers Hijacked Tax ID, Social Security, Passport Data
    ‘We have determined that the personal information involved in this incident included your name and one or more of: your Social Security number and/or other tax identification number, financial account information, driver’s license information, and/or passport information,’ Cognizant says in a letter to employees and individuals impacted.

  21. Tomi Engdahl says:

    All Data Lost: Hackers Attack J-K Power Department Data Center; Website Data Lost

    The data centre of Jammu and Kashmir Power Department is rendered in-operational, for the last three days, due to a cyber attack by hackers, sending shockwaves in the administration. The website of the department, and its Android app both have been rendered inoperational.

    According to Neel Kamal Singh, Executive Engineer IT wing of Power Department, through a particular kind of cyber-attack, named RansomWare, all the official files and data has been encrypted by the hackers.

  22. Tomi Engdahl says:

    Hacker steals databases from breach monitoring site; sells them online

    DataViper, a breach monitoring site is owned by cybersecurity researcher Vinny Troia who vows to expose real-life identities of prominent dark web hackers in the upcoming conference.
    Many cybersecurity firms today host online data breach monitoring services which let users know if their data has been leaked somehow. They do so by collecting hacked databases from both across the dark web and surface web comprising of underground forums, Pastebin sites, and other possible avenues.

  23. Tomi Engdahl says:

    Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors

    Anonymous hacker promises more to come soon, too

    A leaker today posted on Twitter a link to a file sharing service that contains what an anonymous source claims is a portion of Intel’s crown jewels: A 20GB folder of confidential Intel intellectual property. The leaker dubbed the release the “Intel exconfidential Lake Platform Release ;).”

    The anonymous leaker claims the hacker “breached” Intel and the files were obtained earlier this year, adding “most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret.” The leaker says more files will be shared soon, and “the future parts of this leak will have even juicier and more classified stuff.”

  24. Tomi Engdahl says:

    US financial regulator fines Capital One $80 million over data breach

  25. Tomi Engdahl says:

    Today’s mega’ data breaches now cost companies $392 million to recover
    The average cost of a “mega” data breach has risen astronomically over
    the past year and enterprise players impacted by such a security
    incident can expect to pay up to $392 million.

  26. Tomi Engdahl says:

    Capital One to pay $80 million fine after data breach
    Capital One Financial Corp (COF.N) will pay an $80 million penalty to
    a U.S. bank regulator after the bank suffered a massive data breach
    one year ago. The fine, announced Thursday by the Office of the
    Comptroller of the Currency, punishes the bank for failing to
    adequately identify and manage risk as it moved significant portions
    of its technological operations to the cloud. Read also:

  27. Tomi Engdahl says:

    What is the cost of a data breach?
    The price tag is higher if the incident exposed customer data or if it
    was the result of a malicious attack, an annual IBM study finds. The
    average cost of a data breach has declined by 1.5% year-over-year,
    costing companies US$3.86 million per incident, according to IBM’s
    2020 Cost of a Data Breach Report. The annual study analyzed data from
    524 organizations that, while being based in 17 countries and regions
    and operating in 17 industries, have one thing in common each of them
    has suffered a security breach over the past year. Read also:

  28. Tomi Engdahl says:

    Thanks for the memories… now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks ’5%’ of stolen files >

    Thanks for the memories… now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks ’5% of stolen files’

    More expected to leak unless extortionists are paid off

  29. Trademark Registration says:

    Thanks for all the tips mentioned in this article! it’s always good to read things you have heard before and are implementing, but from a different perspective, always pick up some extra bits of information

  30. Tomi Engdahl says:

    Ainutlaatuinen tietovuoto paljastaa, miten likainen raha liikkui pankkijärjestelmän läpi

    Pankkien papereissa on tietoja noin 1 800 miljardin euron arvoisista epäilyttävistä tilisiirroista. Niitä on tutkinut kansainvälinen toimittajaryhmä, jossa Yle on ainoana suomalaistahona mukana.

  31. Tomi Engdahl says:

    Nevada school district refuses to submit to ransomware blackmail,
    hacker publishes student data
    Thousands of students have reportedly had their private data released

  32. Tomi Engdahl says:

    Morgan Stanley Fined $60 Million for Data Protection Mishaps
    OCC: Investment Bank Didn’t Properly Oversee Decommissioning of Data Center Equipmen

    The Office of the Comptroller of the Currency has fined Morgan Stanley $60 million for the investment bank’s failure to properly oversee the decommissioning of several data centers, putting customer data at risk of exposure.

    See Also: The Fraudster’s Journey – Fraud in the IVR

    When Morgan Stanley decommissioned two data centers related to the bank’s wealth management business in 2016, the company did not properly oversee the third-party company responsible for ensuring that all personal data was removed, according to the OCC, which is part of the U.S. Treasury Department.

  33. Tomi Engdahl says:

    Marriott fined £0.05 for each of the 339 million hotel guests whose data crooks were stealing for four years
    UK watchdog’s mooted £99m penalty comes in at just £18.4m

    Your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 in the eyes of the UK Information Commissioner’s Office, which has fined Marriott £18.4m after 339 million people’s data was stolen from the hotel chain.

    The fine was imposed as a regulatory punishment for the 2018 Starwood Hotels megabreach despite Marriott not accepting liability for wrongdoing

  34. Tomi Engdahl says:

    Report: Huge Data Leak ‘Exposes’ Chinese Communist Party Members ‘Embedded’ In Western Companies And Governments

    An unprecedented “major leak” of official records has uncovered a register of 1.95 million members of the Chinese Communist Party, many of whom are now living and working all over the world, including Australia, the United Kingdom, and the United States. The data lists names, party positions, date of birth, national identification number, ethnicity and — in some cases — their telephone number.

    Major leak ‘exposes’ members and ‘lifts the lid’ on the Chinese Communist Party

    Ms Markson said the leak is a register with the details of Communist Party members, including their names, party position, birthday, national ID number and ethnicity.

    “It is believed to be the first leak of its kind in the world,” the Sky News host said.

    “What’s amazing about this database is not just that it exposes people who are members of the communist party, and who are now living and working all over the world, from Australia to the US to the UK,” Ms Markson said.

    “But it’s amazing because it lifts the lid on how the party operates under President and Chairman Xi Jinping”.

  35. Tomi Engdahl says:

    SolarWinds’ Update Server Could Be Accessed in 2019 Using Password ‘solarwinds123′: Report

    SolarWinds’ update server was accessible by using the simple password “solarwinds123″ in late 2019, according to a security researcher.

    News broke on Sunday that SolarWinds’ OrionIT product was hacked as far back as March, with malware added to a software update that was downloaded by thousands of clients. The cyberattack went undetected for months, compromising the computers at top federal government agencies and potentially impacting hundreds of prominent American corporations.

    As the damage continues to be investigated, experts have begun pointing to concerns about potentially substandard security protocols. Security researcher Vinoth Kumar told Reuters he alerted SolarWinds last year that its update server could easily be accessed by anyone using the simple password: “solarwinds123.”

    “This could have been done by any attacker, easily,” Kumar told the news agency.

    Kumar initially told Newsweek that the issue had been present for more than three weeks before it was fixed. After this article published, the researcher followed-up to say that he’d discovered the problem appeared to be present all the way back in June 2018.

    Alleged Russian SolarWinds Hack ‘Probably an 11′ On Scale of 1 to 10, Cybersecurity Expert Warns

    Acybersecurity expert warned that the alleged Russian hack of SolarWinds software, which affected top government agencies, is “probably an 11″ in terms of seriousness on a scale of one to 10.

  36. Tomi Engdahl says:

    SolarWinds hack has shaved 23% from software company’s stock this week

    The meltdown began on Dec. 13 when Reuters reported that hackers potentially linked to Russia had gained access to email systems at the U.S. Commerce and Treasury departments, and that the attackers got in by way of SolarWinds software updates.
    The Homeland Security agency on Sunday instructed federal agencies that were affected to disconnect or power down certain versions of SolarWinds software in their networks, and Microsoft warned customers its antivirus tool would begin blocking malicious SolarWinds software.
    Last week SolarWinds announced a new CEO, and two private-equity firms sold shares ahead of the drop.

  37. Tomi Engdahl says:

    Underreported story from last week: Ticketmaster to pay $10M for its employees logging into old accounts at their competitor to steal strategic information. Funny enough, they got busted because the employees held a division-wide meeting to brag about it.
    Edit: They also paid $110M to the competitor in civil damages.


Leave a Comment

Your email address will not be published. Required fields are marked *