DataBreachToday.com

Incident Response Firm Reports 25% of Victims Paid - Typically for a Decryptor
The slice of organizations opting to pay extortion after being hit by ransomware dropped to an all-time low of 25%. Underpinning the drop is a combination of better defenses, improved business resilience as well as organizations simply deciding to not pay criminals.

Officials Hope to Curb Global Fraud by Targeting Border Operations in Myanmar
In a drastic move to curb fraud along the Myanmar border, Thailand announced plans to cut power and telecommunications in border areas of Myanmar linked to scam operations. The move is aimed at crippling criminal syndicates running notorious call centers that orchestrate scams, financial fraud and human trafficking.

Mitigate Career Risk With a Self-Audit, Targeted Training and Real-World Testing
Changing jobs or going after that promotion can be difficult, even in a field like cybersecurity where the demand for skilled professionals is high. Often, the biggest career challenge is not that advanced persistent threat or the zero-day vulnerability. It's what we call "mental malware."

Analyst Allie Mellen on Open-Source AI Adoption, Vendor Considerations, Data Risks
AI adoption is accelerating across security operations, but DeepSeek has introduced security, privacy, and geopolitical risks that organizations should carefully assess. Forrester's Allie Mellen shares advice on AI adoption by cybersecurity, third-party risks and data protection.

Guidance Intended to Help Companies Detect Compromises Faster
Countries forming the Five Eyes intelligence alliance outlined Tuesday minimum security requirements that edge device vendors should follow to enable swifter forensics analysis in the wake of cyberattacks. Edge devices have become the repeated target of nation-state hackers.

Lawsuit Claims R.I. Health Information Exchange Retaliated Against 'Whistleblower'
The former HIPAA compliance officer of Rhode Island's state health information exchange is suing the organization in a federal lawsuit claiming that she was terminated from her job after blowing the whistle on the HIE's alleged unlawful disclosures of patient information for research purposes.

Lawmakers Warn of Security Risks as DOGE is 'Running Roughshod' in Federal Systems
Democrats on Capitol Hill are calling on the White House to provide transparency into billionaire Elon Musk's attempts to shrink the U.S. government after reports indicated his unvetted aides gained access to key federal systems containing troves of sensitive data on millions of Americans.

3rd Round of Layoffs in 3 Years Comes as Rival CyberArk Surpasses Okta's Valuation
Okta will execute its third round of layoffs in three years, cutting 180 employees to reallocate resources toward priorities to drive growth. The San Francisco-based identity security giant on Tuesday shared plans to reduce its staff by 3% in what has become somewhat of an annual tradition for Okta.

'Frontier AI Framework' Identifies Risk Categories, Action Plan
Meta has set new limits on the release of its advanced artificial intelligence models, establishing a framework detailing the criteria for restricting systems deemed too dangerous for public release. Meta's Frontier AI Framework identifies two risk categories: high and critical.

Attacks Hit Hospitals, Clinics in California, Alabama and Colorado
Three healthcare entities - including a California hospital and outpatient care provider, an Alabama cardiology practice, and a Colorado community health system, are notifying a total of more than 1.2 million individuals that their sensitive information was compromised in 2024 hacks.

FIs Expected to Move from Periodic Reviews to Perpetual KYC
Banks are struggling to keep up with evolving KYC expectations. Despite efforts to modernize, outdated processes continue to leave compliance gaps, leading to increased regulatory action. Penalties for financial institutions surged with KYC-related fines more than doubling to $51 million.

Purchase Enhances Exposure Validation and Breach Simulation
AttackIQ has acquired Deep Surface to bolster its adversary exposure validation capabilities. The deal integrates vulnerability prioritization, identity discovery, and attack path analysis into AttackIQ’s breach and attack simulation platform, improving cybersecurity posture for enterprises.

Security Concerns, Chinese Ownership Drive Concerns
U.S. federal agencies and corporations with ties to the government are blocking employees from using Chinese chatbot DeepSeek over security and privacy concerns. China could potentially use DeepSeek AI models to spy on American citizens, acquire proprietary secrets and conduct influence campaigns.

'Advanced Planning Unit' to Focus on Societal, Economic, Workplace Implications
Microsoft has created a new research-focused entity as part of its artificial intelligence division to analyze and anticipate the technology's societal, economic and workplace implications. It will report directly to Mustafa Suleyman, CEO of Microsoft AI.

Isn't All Health Data Sensitive? Yes, But Safeguarding Some of It Is Even Trickier
Arguably all health information is sensitive. But some health data is regarded as especially sensitive, either through the eyes of regulators or the strong gut reaction of patients and others when there's a compromise. What are the challenges in protecting this ultra-sensitive data?

Lawmakers Demand Answers After Musk Aides Gain Access to Key Payment Systems
Reports that a Trump administration task force headed by Elon Musk gained access to sensitive government systems have rattled the cybersecurity community amid fears of misuse. "Working for Elon Musk does not give you some supernatural shield of cyber invulnerability," said Mark Montgomery.

OpenAI's New Cost-Efficient AI Reasoning Model Excels in Math, Coding, and Science
OpenAI has launched o3-mini, a high-performance AI model optimized for STEM tasks. The model offers enhanced reasoning abilities, reduced latency, and features like function calling and structured outputs. Available in ChatGPT and API, o3-mini surpasses its predecessor in coding and math accuracy.