Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • 49 Million User Records Leaked From US Data Broker LimeLeads · Experts Reactions
    • Data from an exposed LimeLeads Elasticsearch server has ended up on a hacking forum, being sold by a well-known individual on underground hacking forums named Omnichorus, who has build a reputation for sharing and selling hacked and stolen data.

      InformationSecurityBuzzNews -Security Experts | January 15, 2020
  • Study says Grindr, OkCupid, and Tinder breach GDPR
    • Dating apps Grindr, OkCupid, and Tinder are allegedly spreading user information like sexual preferences, behavioural data, and precise location to advertising companies in ways that may violate privacy laws, according to a study conducted by the Norwegian Consumer Council (NCC).
    • The study found that Grindr was among the apps with the most glaring privacy issues as it failed to do the following: Share clear information regarding the way it shares data with non-service provider third parties; share clear information about how user data is used for targeted ads; and provide in-app options to reduce data sharing with third parties.

      ZDNet - Campbell Kwan | January 15, 2020
  • How Should Companies Investigate Security Incidents
    • As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual harm, with the passage of the California Consumer Privacy Act ("CCPA").
    • A successful defense will depend on the ability of the breached business to establish that it implemented and maintained reasonable security procedures and practices appropriate to the nature of the personal information held.

      Lexology - Jena M. Valdetero and Linda C. Hsu | January 14, 2020
  • Patch Tuesday, January 2020 Edition
    • Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software.
    • The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency.
    • An advisory (PDF) released today by the NSA says the flaw may have far more wide-ranging security implications, noting that the "exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities."

      KrebsonSecurity | January 14, 2020
  • Make Data Safe Again: How to Tackle Dangerous Hackers
    • While protecting the integrity and security of our political system is undoubtedly extremely important, these incidents are interestingly few and far between; it is like worrying about a shark attack every time you dip your toe into water--in the real world, you are far likelier to be harmed in a car crash.
    • In the cybersecurity world, the equivalent of a car crash is an economic cyber intrusion.

      The National Interest - Caspian Tavallali | January 14, 2020
  • 34% of data breaches are inside jobs
    • Who has the most access to a company's secure and sensitive data?
    • In most cases, it's not a teenage computer hacker from Russia but an employee on the payroll.
    • In 2019, Verizon's annual Data Breach Investigations Report found that more than one-third of all data breaches that occurred that year (34 percent) were the result of "insider threat actors."

      BetaNews - Michael Klazema | January 14, 2020
  • Baby's First Data Breach: App Exposes Baby Photos, Videos
    • Picture this: A short video features a bundled baby, snoring gently, who flashes a couple of involuntary, sleepy smiles as someone sings a lullaby.
    • Unfortunately, that video is one of what appear to be thousands of baby videos and images that are being left unsecured and exposed to the internet by Peekaboo Moments, a mobile app.

      BankInfoSecurity - Jeremy Kirk | January 14, 2020
  • Las Vegas Fought Off Potentially Massive Cyber Attack And Won
    • Las Vegas's computer network took a devastating cyberattack theorized to have originated from a malicious email earlier this month.
    • Immediately following the attack, Las Vegas took down its computer network to investigate the threat.
    • The specific breed of ransomware that infected Las Vegas' servers hasn't been shared, nor were its demands. Due to the swift action of Las Vegas city IT staff, no information was taken.

      Screen Rant - Chazz Rair | January 13, 2020
  • GCHQ warns not to use Windows 7 computers for banking or email after Tuesday
    • Microsoft announced last year that it would be ceasing technical support for Windows 7 and urged users to upgrade to its Windows 10.
    • It is estimated that there are still more than 440 million people using Windows 7 worldwide, which was first released in 2009.
    • The Windows 7 operating system has previously been caught up in security lapses.
    • In 2017, most of the NHS computers infected by the WannaCry ransomware attack...were using Windows 7.

      The Telegraph - Mike Wright | January 12, 2020
  • How to Rein In Your Unmanaged Cloud in 4 Steps
    • The prevalence of migration to the cloud highlights the catch-22 of cybersecurity: the security vs. convenience tradeoff.
    • According to the Ponemon Institute, 47% of lines of business respondents admit they select and use cloud applications without permission from IT.
    • And because business users don't require IT involvement to spin up new applications, often, they forget to notify the technical personnel of new cloud apps they are using.

      Security Boulevard - Avi Shua | January 12, 2020

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017