GDPR mandates organizations self-report data breaches, and in the two months since the new privacy regulation went into effect, the number of reports have surged.
Bundles of personal data records are referred to as fullz on the underground marketplaces by criminals. The data can include names, addresses, phone numbers, social security numbers (SSNs) and date of birth, all of which can be used for medical fraud, impersonation or even extortion. Stolen healthcare information is valued the highest.
Companies get away with disclosing just the bare minimum, or dribble out the bad news to the point where no one is paying attention. We need to hold companies to a higher set of expectations.
Security researcher Dylan Houlihan discovered an issue that leaked data from the Panera Bread site, including customer names, phone numbers, and other information.
The Cloudflare data leak impacted several sites using the popular CDN. Resetting session tokens and enabling 2FA can help affected sites protect their users' credentials.