At a glance.
- The cost of a government data breach.
- Fitness app data breach.
The cost of a government data breach.
In order to better understand how data breaches impact US government agencies, Security Intelligence takes a look at IBM’s most recent Cost of a Data Breach Report, a benchmarking tool that analyzes over five hundred real breaches to offer security professionals insight as to how these incidents play out in the real world. The report found that a public sector incident on average costs $2.07 million, and in 2018 the US government incurred a total of $13.7 billion in costs due to cyberattacks. Comparatively, only $118.7 billion was allotted for state and local government technology spending, with only a small fraction of that devoted to cybersecurity. Government agencies are an attractive target to threat actors due to their limited resources and lack of experience preventing cybercrime, as well as their access to private data and critical infrastructure. In March of this year, the Federal Bureau of Investigation (FBI) released an advisory warning of an increase in ransomware attacks against local government entities. As well, the FBI notice indicated that threat actors are increasingly diversifying their activities by using service-for-hire business models, sharing victim information among actor groups, and attacking cloud infrastructure, managed service providers, and software supply chains.
As if dieting weren’t difficult enough…
The New York Post reports that Move With Us, a fitness app created by Instagram influencer and bikini model Rachel Dillon, experienced a data breach that potentially compromised user data, including customer before-and-after photos. The app provides users with fitness instructions and nutrition guides, encouraging users to upload photos of their bare-ish bodies to track their progress. On Tuesday users of the app discovered they were being logged into other people’s profiles, giving them access to another user’s private data including full name, date of birth, email address, and photos. What’s more, each time a user attempted to log out and back in, they were given access to a new individual’s account, with some users viewing the profiles of up to ten other fitness enthusiasts. On Wednesday Move With Us issued a statement explaining the breach had affected only a “small number of users” and “was not a malicious intent by a third party to access our users’ information.” The statement also claimed no photos had been exposed, contradicting the anecdotes of users involved in the breach. “Pictures were definitely visible, take some ownership please,” one user commented on the Move With Us Facebook page, which hosts over 90,000 members. Another user stated, “A lot of people are incredibly sensitive about their bodies and for personal information like emails, names and birthdays to be available is bad enough – but to think a photo of you at a vulnerable time in your underwear is so easily accessible to strangers is enough to turn me away from the brand altogether.” Move With Us says the glitch has been fixed and an investigation is underway.