Just as the summer continues to wind down, the cybersecurity landscape continues to evolve. With significant stories emerging throughout the entire season, August was shown to be no exception. Stories ranging from a major Social Security breach to the ongoing shortage of cybersecurity professionals, there’s been an abundance of interesting developments throughout August. Here’s a quick recap of some of the most important cybersecurity-related stories from the past month.
Massive Social Security Breach
A massive data breach has exposed the personal information of 2.9 billion people, as revealed in a class action lawsuit filed in the U.S. District Court for the Southern District of Florida. The breach involved data from National Public Data, a company providing background checks and fraud prevention services. Stolen data includes full names, addresses dating back 30 years, Social Security Numbers, and more.
The cybercriminal group USDoD is responsible for the theft and attempted to sell the data on the dark web for $3.5 million. The breach affects individuals from both the U.S. and other countries, many of whom did not willingly provide their data to National Public Data, which had obtained the information through data scraping, including from non-public sources. The lawsuit demands that the company securely dispose of the data, compensate victims, and enhance security measures. The exposed data poses risks such as targeted phishing attacks and financial fraud. National Public Data may soon issue a data breach notification and offer free identity theft protection or credit monitoring. In scale, the breach is comparable to Yahoo!’s 2013 incident, which exposed data of 3 billion people.
Columbus Ransomware Breach
A ransomware attack on Columbus Ohio has potentially compromised the personal data of nearly 500,000 citizens and thousands of city employees. Despite claims from city officials that the attack was thwarted on July 29, the Rhysida cybercriminal group demanded $1.66 million in Bitcoin and threatened to release the stolen data. Columbus Mayor Ginther later asserted that the stolen data was unusable, but cybersecurity experts discovered sensitive information posted on the dark web. The city has not disclosed who provided the misleading information about the data’s usability or detailed the affected systems and nature of the stolen data. The city faces a class-action lawsuit from individuals whose personal information was compromised, and various city services, including the 311 system, were disrupted, although 911 and payroll systems remained operational. The financial impact on taxpayers is projected to be in the millions, with over $500,000 already spent on credit monitoring for employees. Additionally, the city is offering two years of credit protection to affected residents. The city has not responded to public records requests regarding the hack, and further details may emerge as the lawsuit progresses.
Over 4 Million Cybersecurity Jobs Vacant
The global shortage of nearly 4 million cybersecurity workers is creating significant challenges for employers trying to fill positions, with 71% of organizations reporting vacant roles. This skills gap is exacerbated by factors such as unclear career paths, outdated training, and costly certifications, which deter potential candidates. Despite these challenges, the demand for cybersecurity jobs is expected to surge, with the U.S. Bureau of Labor Statistics projecting a 32% increase in job growth from 2022 to 2032. High-profile incidents, such as the CrowdStrike outage, highlight the critical need for skilled professionals. In response, Okta has pledged $50 million over five years to address this gap, focusing on underrepresented groups and providing educational grants. Cybersecurity professionals can command substantial salaries, with median earnings ranging from $102,600 to over $275,000, depending on their role and experience. To attract more talent, companies must demystify cybersecurity careers by highlighting the diverse roles and skills involved. By working with SWK, you have access to a full team of cybersecurity experts, alleviating you the need to find and retain your own team.
Local Governments Consider Using AI
Local governments are exploring how to incorporate artificial intelligence (AI) into their cybersecurity efforts to better protect constituents and sensitive information. At the Maryland Association of Counties conference, Sen. Mary Beth Carozza moderated a panel that highlighted the necessity of balancing AI use with stringent data protection measures. AI is becoming crucial in defending against cyberattacks from hackers who are also leveraging this technology. Stephen Pereira from Calvert County stressed the importance of AI for real-time responses to ransomware attacks but also cautioned about its environmental and economic impacts, such as high energy consumption and potential job losses. Concerns about AI include data security risks and issues of public trust, which Timothy Gilday from General Dynamics noted can be mitigated through education. The panel aimed to offer guidance on best practices for integrating AI into cybersecurity strategies for state and local governments.
Contact SWK Today
When dealing with hackers and cyber threats, knowledge is often your strongest defense. At SWK, we stay on top of the latest cybersecurity developments so you can focus on what makes your business successful. Contact us today to gain access to a team of experts who can help you navigate the evolving world of cybersecurity – it could save you an incalculable amount of time, and money.