Data broker Equifax said that the data breach that spilled information on some 140 million individuals has cost the company $87 million so far, with more costs likely in the future. The disclosure, made as part of the company’s quarterly filing with the US Securities and Exchange Commission, is the first public disclosure of the direct costs of the incident, which saw the company’s stock price plunge by more than 30% and wiped out billions of dollars in value to shareholders. Equifax said that it recorded $87.5 million in expense related to the cybersecurity incident in the third quarter of 2017. But its worth digging into that number to sort out real from anticipated costs. Around $55.5m of the $87.5m in breach related costs stems from Product costs. Professional fees added up to another $17.1m for Equifax and consumer support costs totaled $14.9m, the company said. Equifax also said it […]
Hacks & Hackers
In episode 69 of The Security Ledger podcast, we speak with Luca Allodi of The University of Eindhoven in The Netherlands about research on the functioning of dark markets. Also: DUO Security researched the trade in phishing toolkits – you’ll be surprised at what they learned. And we deconstruct a campaign against the citizen journalism website Bellingcat.com to understand how the Russian Group known as Fancy Bear works.
The Associated Press is reporting on a trove of data accidentally leaked by the Russian-backed advanced persistent threat (APT) group known as Fancy Bear that suggests the group conducted a years-long campaign against targets in the US, Ukraine, Russia, Georgia and Syria.
In this week’s podcast, we talk with Gadi Evron of Cymmetria, which released Mazehunter, a targeted hack-back tool this week about going on offense and staying on the right side of the law. Also: Ryan Kazanciyan of Tanium is one of the talented hackers who help design Mr. Robot’s hacking scenes. We talk with him about bringing realistic hacks alive on the small screen. And: when Uncle Sam dishes the dirt on a state sponsored campaign against critical infrastructure, what are companies supposed to do with the information? Mark Durfresne of the firm Endgame and Itzik Kotler of the firm Safebreach give us their thoughts.
A new joint FBI-DHS report dishes the dirt on recent sophisticated attacks targeting the US energy grid and critical infrastructure, saying third party firms and web sites to gain access to energy and other critical infrastructure networks. It also names a sophisticated hacking group believed to be linked to the government of Russia.