Two foreign nationals who worked for a third-party data company are suspected of stealing the personal information of as many as 4,000 Dow Corning employees. The two men, who worked for HCL America, are believed to have downloaded names, Social Security numbers, income records, and more, then transferred that data to a USB drive. The drive—and the information—are unaccounted for as of now.
CEOs and senior executives do not get fired when their companies get hacked or experience a data breach event. They get fired for failing to implement and test regularly a clearly defined, strategic management response to their data-breach event.
The Dow Jones, which owns business oriented outlets like the Wall Street Journal, is synonymous with wealth and power. Most people only know of it in terms of investments and playing the stock market, and therefore it makes a logical “big fish” kind of target for hackers. After all, successfully infiltrating their stores of data could result in a tremendous payoff of information on some of the country’s wealthiest people.
Nearly half of all data breaches occur when ID-theft criminals access information because we lost a device. In fact, nearly 41 percent of all data breach events from 2005 through 2015 were caused by lost devices such as laptops, tablets and smartphones, according to a new TrendMicro report.
Consumers who used their credit cards at a variety of Hilton Hotels-owned properties between November of last year and now may have noticed some strange activity on their credit cards. Thanks to point-of-sale hacking at some of the properties, an unknown number of guests have had their credit card information stolen, according to a statement from the property chain.
When we think of major-name data breaches that affect millions of consumers, we probably think of teams of elite hackers infiltrating a network by exploiting a vulnerability in the technology. But sometimes, a data breach is the work of a good old-fashioned crook and not the result of sophisticated cybercrime skills.
In a move that has been a long time coming—literally, since it was first mandated in 2013 and again in 2015—the Pentagon has finally issued its new Rule on how defense contractors will report suspected cybercrimes.