The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five: 3/4 Edition



Catch up on this week’s top information security news.

Happy March! It’s been a busy week in information security; as the RSA Conference draws to a close, here are some of the top security headlines you may have missed.

1. IRS now says 700K taxpayers accounts accessed by Doug Olenick

It’s tax (fraud) season, and the past few weeks have seen reports of widespread tax fraud attempts and tax-related social engineering scams. This week, however, brought new details to light surrounding an incident during the 2015 tax season in which hackers were able to access taxpayers’ information by spoofing the IRS’ GetTranscript feature using taxpayer PII obtained through previous data breaches. According to a new statement from the IRS, the number of taxpayers who had their information exposed in that attack was a whopping 700,000 – significantly more than the originally reported figure of 114,000. Read the article from Doug Olenick for more.

2. Apple Wins Ruling in New York iPhone Hacking Order by Katie Benner and Joseph Goldstein

On Monday a New York judge ruled against the government’s request for Apple to provide information from an iPhone seized as part of a drug case dating back to 2014. According to Benner and Goldstein, this is a landmark case in that it is represents “the first time that the government’s legal argument for opening up devices like the iPhone has been put to the test.” Apple’s victory in this case could have an impact on the decisions in other instances where government agencies have requested manufacturers and service providers to share information or provide access to devices – most notably the hotly-debated dispute between Apple and the FBI over unlocking an iPhone that belonged to one of the San Bernardino shooters. Read the article for more on the story.

3. Weak bank password policies leave 350 million vulnerable, say researchers by Tom Spring

Researchers at the University of New Haven just released the findings from their analysis of password policies at 17 major banks, highlighting six in particular – Wells Fargo, Capital One, Chase Bank, Citibank, Webster First Federal Credit Union, and BB&T Corp. – for having password policies that are lacking from a security standpoint. According to UNH assistant professor and cybersecurity expert Frank Breitinger, “We couldn’t believe that the passwords people rely on to protect their financial crown jewels were less secure than those required to lockdown social media accounts like Twitter.” The six banks with weak password security requirements represent a total of 350 million online users, which UNH researchers have deemed vulnerable based on their findings. Read the report for more.

4. SnapChat Employee Data Leaks Out Following Phishing Attack by Jon Russell

SnapChat became the latest major company to fall victim to phishing this week when an employee in their payroll department sent payroll information to a phisher masquerading as SnapChat’s CEO. SnapChat has not disclosed what kind of data was leaked or how many employees have been affected and has notified the FBI of the incident. Employees whose information was leaked have received two years of free credit monitoring from the company, as is common in the wake of data breaches. Read the article for more on the story.

5. Medical superbugs: Two German hospitals hit with ransomware by John Leyden

It seems that two major threat trends – attacks targeting healthcare companies and a surge in ransomware – are converging, as two hospitals in Germany were hit with ransomware attacks late last week. The attacks used similar methods to the ransomware attack that hit a Hollywood hospital back in February, however the two German hospitals were able to limit damages by quickly detecting and containing the infections. In both cases the hospitals’ IT departments saved the day by unplugging computers and servers as soon as they recognized the attack, and both had backed up their data recently enough that they were able to restore most of it. Read the article for more on the emerging trend of ransomware attacks targeting the healthcare industry.

Nate Lord

Nate Lord

Nate Lord is the former editor of Data Insider and is currently an account manager covering the southeast, Great Lakes, and Latin America regions at Digital Guardian. He has over 7 years of experience in the information security industry, working at Veracode prior to joining Digital Guardian in 2014. Nate enjoys learning about the complex problems facing information security professionals and collaborating with Digital Guardian customers to help solve them.