Data breaches are a serious risk that can lead to a substantial amount of lost information annually. This week financial, legal, health, and education sectors were all hit. Major health insurance providers like MCNA and Harvard Pilgrim were exposed, legal company Casepoint suffered substantial data losses, the University of Rochester was hit, and Capital One also suffered significant losses.

Verizon's DBIR always has a lot of information to unpack, so I’ll continue my review by covering how stolen credentials play a role in attacks. This year's Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches?

People are one of the most common factors contributing to successful data breaches. Let’s dive in deeper into the latest Verizon Data-Breach Investigations Report (DBIR) to find out how and why users are a contributor to the problem.

Harvard Pilgrim Health Care is an insurance provider that offers non-profit healthcare to residents in a variety of different states, including New Hampshire, Maine, Connecticut, and Massachusetts. The company generates more than $622 million in revenue annually and employs over 4,400 people during its regular operations. It works with millions of patients, and a mix of those patients was exposed in the recent data breach impacting that company.

A data breach is an IT security incident where data is compromised or stolen from a system without the knowledge or authorization of its owner. But what happens when a third party is involved? Stolen data may include sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer, or patient data. Third party breaches cost millions of dollars every year to companies of all sizes.

The University of Rochester is a mid-sized school in New York State. It was founded in 1850 and has more than 12,000 students overall. The school maintains over 30,000 staff members overall and manages a large amount of data for all those individuals. Since data is largely digital today, the school is a major target for data breaches and identity theft. With breaches becoming so common today, it's not surprising the school suffered from a recent breach.

Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.

Casepoint is one of the first companies to get approval to serve as an eDiscovery tool for Federal and State governments in the United States. The company manages legal data for huge agencies and is the home of many legal secrets that could provide lawyers with an edge if they had access to all the company's data. That's why Casepoint suffering from a data breach is such a significant problem.

MCNA, a health insurance program service that works with children and Medicaid recipients, was recently the target of a ransomware gang. The company works with millions of patients, dental clinics, dental and orthodontic practices, and more. A huge number of patients entrust their data to this massive organization, and they are now at risk from serious cyber-attacks because of this significant data breach.

If an adversary manages to gain control of a privileged account in your network, you may face serious consequences, including costly data loss, prolonged downtime, customer churn, and legal and compliance penalties. This blog explains how to build an effective incident response plan that can help you minimize the damage from a breach.