On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service.

A classic cybersecurity storyline: there is executive tension over cybersecurity spending, the company gets breached, and a blame game between the CISO and their peers ensues, resulting in the termination of the CISO as a form of remediation. Reports indicate that only 27% of CISOs stay in their role at a company for three to five years.

We are generating more data than ever before due to companies' increasing reliance on data to drive their decisions. However, thanks to the possibilities of the digital age, we no longer need cabinets full of documents or huge archive rooms to store data. While it is now easier to store data, the importance of information security is much more significant. That's why users and authorities constantly ask organizations to take more robust data security measures.

A leading European regulator fined Meta Platforms Inc., the company that owns Facebook, 265 million euros, or around $276 million, for failing to better protect the phone numbers and other personal information of more than half a billion users from so-called data scrapers.

‍Plex was breached by an unauthorized third-party gained who gained access to a proprietary database. The specific attack vector that facilitated the breach hasn’t been disclosed. According to Plex, cybercriminals “tunneled” their way through sophisticated cybersecurity mechanisms to gain access to sensitive customer data.

Read also: Spanish police detain fraudsters who stole €12M via fake bank sites, Sony and Lexar-trusted encryption provider has leaked critical business data since May 2021, and more

It’s rare that a week goes by without at least one data breach making the news. Criminals are targeting companies of all sizes to see if they can slip past their digital defenses and steal confidential data.

The CashApp data breach was caused by a former employee who accessed customer financial reports as an act of revenge against the company after their employment was terminated. According to the April 2, 2022 filing with the Securities Exchange Commission by Block (CashApp’s parent company), the employee required access to the financial reports as part of their daily duties.

Credentials are a set of attributes that uniquely identify an entity such as a person, an organization, a service or a device. According to IBM’s Cost of a data breach report, compromised credentials were the primary attack vector of 19% of the data breaches the study highlights. A 2021 data breach report by ITRC reveals that cyberattacks, including credential stuffing, made up 88% of data breaches in Q3 of 2022.

Cyberattacks are still big business and on the rise. Despite substantial increases in cybersecurity spending, many businesses aren’t taking enough action to mitigate their risks. While a significant data breach in itself is a scary concept, the costs of inaction and the subsequent charges associated with investigations, penalty fines and reputational damage should worry you even more.