Mom’s Meals issues “Notice of Data Event”: What to know and what to do

It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.

SEC demands four-day disclosure limit for cybersecurity breaches

When is a ransomware attack a reportable matter? And how long have you got to decide?

S3 Ep131: Can you really have fun with FORTRAN?

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Bitcoin ATM customers hacked by video upload that was actually an app

As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...

LastPass: Keylogger on home PC led to cracked corporate password vault

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Dutch police arrest three cyberextortion suspects who allegedly earned millions

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?

Coinbase breached by social engineers, employee data stolen

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

New report admits that attackers were detected in the network about three months ago, and may have been attacking for about three years.

Reddit admits it was hacked and data stolen, says “Don’t panic”

Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...

Finnish psychotherapy extortion suspect arrested in France

Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Dutch suspect locked up for alleged personal data megathefts

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

GoTo admits: Customer cloud backups stolen together with decryption key

We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

CircleCI – code-building service suffers total credential compromise

They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.

Twitter data of “+400 million unique users” up for sale – what to do?

If the crooks have connected up your phone number and your Twitter handle... what could go wrong?

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…

The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.

LastPass admits to customer data breach caused by previous breach

Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Listen now - latest episode - audio plus full transcript

Online ticketing company “See” pwned for 2.5 years by attackers

Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

The coolest video game ever! And lots of solid cybersecurity advice - listen now!

Fashion brand SHEIN fined $1.9m for lying about data breach

Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?

S3 Ep102: How to avoid a data breach [Audio + Transcript]

Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

Optus breach – Aussie telco told it will have to pay to replace IDs

Licence compromised? Passport number burned? Need a new one? Who's going to pay?

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]

Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...

LastPass source code breach – incident response report released

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you

Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"

LastPass source code breach – do we still recommend password managers?

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

T-Mobile to cough up $500 million over 2021 data breach

Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

Latest epsiode - listen (or read) now!

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

Latest episode - listen now!

Adafruit suffers GitHub data breach – don’t let this happen to you

Training data stashed in GitHub by mistake... unfortunately, it was *real* data

Ransomware with a difference: “Derestrict your software, or else!”

"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

Latest episode - listen now! Solid cybersecurity advice in plain English.

GoDaddy admits to password breach: check your Managed WordPress site!

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.