Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • How to protect your organization from coronavirus-related phishing attacks

    • Cybercriminals have been all too happy to take advantage of COVID-19 to deploy virus-related malware and cyberattacks.
    • Phishing emails have been one popular method as they're designed to trap people concerned or anxious about the pandemic.
    • But the focus of these phishing campaigns has shifted as the disease and its side effects have changed over the past few months.
    TechRepublic - Lance Whitney | July 1, 2020
  • 3 Ways to Flatten the Health Data Hacking Curve

    • Banking and credit data is worth $5.40 per record on the Dark Web, while healthcare records are worth over $250 each. This is because healthcare records typically contain virtually all the private and protected information that exists for that person, including banking and credit card data.
    • It is likely prudent to assume we have entered the realm of the perimeter-free workplace, and that remote work combined with less populated and less-dense office locations will be part of that future new normal.
    • Now is the time to evaluate and assess what that might look like for each of our organizations and do what we can to protect healthcare data.
    - David MacLeod | June 30, 2020
  • Seller floods hacker forum with data stolen from 14 companies

    • A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020.
    • When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data breach brokers to sell them on their behalf.
    • Each of the fourteen databases being sold contains different information, but they all include usernames and hashed passwords.
    - Lawrence Abrams | June 29, 2020
  • Data Breach Settlement Has an Unusual Provision

    • A preliminary settlement of a class action data breach lawsuit against Iowa Health System - which does business as UnityPoint Health - contains an extraordinary provision that could prove quite costly.
    • Unlike settlements in most other data breach class action lawsuits, this one does not contain a "global cap" on the total amount of claims to be paid to victims.
    - Marianne Kolbasuk McGee | June 29, 2020
  • Supply chain cyber attacks: observations from the frontline

    • There is no doubt 2020 has been a challenging year for businesses across every element of the supply chain and in all sectors.
    • Despite the increasing threat, it is evident that cyber attackers have been able to adapt their tactics quicker than businesses have been able to keep up.
    • IT departments are still reactive, meaning they will seek to defend, defeat and deal with the consequences of an attack, but are lagging on strategies for active prevention.
    - Darren Hopkins | June 29, 2020
  • Ransomware is now your biggest online security nightmare. And it's about to get worse

    • Ransomware is rapidly shaping up to be the defining online security issue of our era. It's a brutally simple idea, executed with increasing sophistication by criminal groups.
    • The targets of the ransomware gangs have evolved, too. It's not just about PCs anymore; these gangs want to go after the really irreplaceable business assets too, which means file servers, database services, virtual machines and cloud environments.
    • They'll also search out and encrypt any backups that organisations foolishly leave connected to the network.
    - Steve Ranger | June 28, 2020
  • How to Get Safari's New Privacy Features in Chrome and Firefox

    • Apple just unveiled a raft of changes coming with the new macOS Big Sur later this year. Along with the visual redesign, the introduction of Control Center, and upgrades to Messages, the built-in Safari browser is getting new-and-improved privacy features to keep your data locked away.
    • You don't have to wait for macOS Big Sur to drop to get a lot of these upcoming features though—both Mozilla Firefox and Google Chrome have similar features, or they can with the help of a third-party extension.
    - David Nield | June 28, 2020
  • Self-Propagating Lucifer Malware Targets Windows Systems

    • Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks.
    • The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of  taking advantage of an “exhaustive” list of unpatched vulnerabilities.
    • While patches for all the critical and high-severity bugs exist, the various companies impacted by the malware had not applied the fixes.
    - Lindsey O'Donnell | June 24, 2020
  • Security and Compliance in the Age of Remote Working

    • Ensuring compliance has never been more critical with the combination of increased cybercrime, remote working and the growing importance of data security.
    • The first step in adhering to compliance standards is to start with the employee.
    • We are in difficult and unnavigated times, and a data breach won’t make things any easier.
    • Employees and consumers alike are looking to businesses to prioritise security and compliance while ensuring that the tools are in place to securely work remote.
    - Nicole Von Seggern | June 24, 2020
  • There’s No Vaccine For Data Leaks: Why One Cyber Attack Leads To Another

    • The recent announcement that the UK-based value airline EasyJet was hacked by a "highly sophisticated source" is a troubling example of continuous IT threats.
    • The attack resulted in the loss of personal information of over 9 million customers.
    • Businesses have become far too accustomed to massive security breaches, disregarding them like the common cold.
    • Often, the remedy appears to be free credit monitoring for the affected. But the real threat is lost in that perception of safety and a healthy bounce-back.
    - Emil Sayegh | June 24, 2020

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017