Capital One Financial Corporation has agreed to enter a consent order with the Office of the Comptroller of the Currency (OCC) and pay an $80 million dollar fine for a data breach that occurred in 2019. The breach exposed more than 106 million Capital One customers and credit card applicants

Havenly, an interior design, and decor company have become the latest company to suffer from a serious data breach. Well-known dark web trader and vendor ShinyHunters posted the data of nearly 1.4 million Havenly accounts online last week, claiming that the data set was just a portion of a much

Earlier this week, an Israeli marketing video firm called Promo announced a major data breach in which 14 million accounts were impacted. The Israeli company revealed in an online notice that customer data was compromised due to a vulnerability in a third-party service. Attackers gained access to sensitive data such

A US-based fintech giant has publicly released a statement detailing a data breach the company suffered after researchers discovered a malicious database selling users’ personal information. The company is called Dave and offers digital banking services to its users. Over the past week, researchers investigated claims that Dave’s customers’ details

A cloud communications platform, Twilio, has publicized a security incident in which attackers were able to gain access to sensitive data due to a misconfigured Amazon AWS S3 bucket. According to researchers, the attackers were able to modify the TaskRouter JavaScript SDK, and the SDK path had been left publicly

According to research conducted by the Identity Theft Resource Center (ITRC), publicly reported US data breaches have declined by 33% in the first half of 2020. Compared to the first half of 2019, 2020 has shown a significant decrease in US identity compromises. ITRC’s analysis also shows that breaches impacting

A database was discovered by vpnMentor researchers that included the private information of over a million students. The database was improperly secured, leaving the data publicly accessible. VpnMentor states that the data belonged to OneClass, which is an application allowing students to share study guides, class notes, and other materials.

A developer at Aspire News, an application run by US non-profit When Georgia Smiled, misconfigured an AWS bucket that resulted in personal information of domestic abuse victims being exposed. Researchers at vpnMentor found voice recordings between emergency distress responders and domestic violence victims stored in a publicly accessible AWS S3

Maze ransomware operators have claimed responsibility for a breach against the South Korean multinational company LG Electronics. Maze claimed to have breached and locked the company’s networks to steal company proprietary information on projects involving US companies. Specific details on the breach have not been released yet. Maze typically published

Justin Sean Johnson, a 29-year-old man from Michigan, was arrested earlier this week for his involvement in a 2014 hack of the health care provider University of Pittsburg Medical Center (UPMC). Johnson allegedly executed the attack and stole personally identifiable information and W-2 information of over 65,000 employees. Johnson is