Marriott International's digital forensic investigation now counts not 500 million but an "upper limit" of 383 million customers affected by the four-year mega-breach of its Starwood reservations system. The hotel giant now says the breach also exposed more than 5 million unencrypted passport numbers.
Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and communications stolen and leaked online as part of what authorities are calling an attack on the country's democracy and institutions.
In this edition of the ISMG Security Report, former federal CISO Gregory Touhill explains why a zero-trust security model is essential, and Ron Ross of NIST describes initiatives to protect critical infrastructure from IoT vulnerabilities.
Personal information for 1,000 North Korean defectors, including their names and addresses, has been stolen via a malware attack, officials in South Korea warn. They've traced the leak to a malware infection at a refugee resettlement center, and say police continue to investigate.
In the wake of Equifax and other major breaches, sophisticated fraudsters are finding success as never before. Al Pascual of Javelin Strategy and Research discusses how identity impersonation is manifesting.
Leading the latest edition of the ISMG Security Report: Microsoft's Joram Borenstein highlights his top three areas of focus for 2019. Plus, Randy Vanderhoof of the US Payments Forum on securing card transactions in the coming year.
What not to do after a breach? Share your incident response plan with your attorney and say, "Don't pay too much attention to it; we don't follow it." Randy Sabett of Cooley LLP discusses this and other lessons learned from breach investigations.
In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology.
Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.
A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report. The health insurer belated realized after a complaint from one practitioner that some psychologists work from home.
As India's Parliament prepares to finalize a privacy and data protection law in the weeks ahead, there's still no consensus among security practitioners about what approach the legislation should take. But the government should ensure all companies comply with clearly defined standards - or face punishment.