A teenage British hacker, who previously played a role in the infamous TalkTalk data breach, has been sentenced to 20 months in prison after pleading guilty to selling hacking services and stolen personal data for cryptocurrency.

Read more in my article on the Hot for Security blog.

The European Central Bank (ECB), the central bank of the 19 European countries which have adopted the euro, has shut down a compromised website after it discovered that hackers had planted malware that stole information from newsletter subscribers.

A biometrics system used to secure more than 1.5 million locations around the world – including banks, police forces, and defence companies in the United States, UK, India, Japan, and the UAE – has suffered a major data breach, exposing a huge number of records and unencrypted fingerprints.

Read more in my article on the Tripwire State of Security blog.

One of the world’s largest cryptocurrency exchanges has revealed that it is being blackmailed to the tune of 300 Bitcoin (approximately US $3.5 million) by someone who is threatening to release some 10,000 sensitive photographs of its customers.

Read more in my article on the Tripwire State of Security blog.

The FBI has arrested a 33-year-old software engineer in Seattle as part of an investigation into a massive data breach at financial services company Capital One.

Read more in my article on the Tripwire State of Security blog.

Equifax has agreed to pay up to $700 million in a FTC settlement following its 2017 data breach.

Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015.

After all, leaving it until four years later looks a little bit… slack.

Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.

The UK’s Information Commissioner’s Office (IOC) has announced its intention to fine the US hotel group Marriott International £99.2 million (US $123 million) for a data breach that exposed the personal details of hundreds of millions of guests.

Read more in my article on the Hot for Security blog.

British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen.

Read more about what you need to know in my article on the Tripwire State of Security blog.

“Evidence of conduct indicating a lack of business honesty or integrity” led to suspension of federal contracts for hacked subcontracting firm.

So, just what was Equifax doing during those 40 days between discovering it had been hacked and sharing the bad news with the world?

Well, now we know. Or at least we know what Jun Ying, the CIO of Equifax US Information Solutions, was doing.

Some of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no password required.

Read more in my article on the Hot for Security blog.

Computer crime authorities in Israel have arrested two brothers in connection with a phishing campaign that spread over multiple years and the 2016 hack of the Bitfinex cryptocurrency exchange.

Read more in my article on the Hot for Security blog.

WeTransfer, the popular online service for sharing large files easily without having to worry about gobbling up email inbox quotas, has suffered what the company is calling a “security incident.”