Now Playing
Klue's Double Extortion, Dialog Leak & $10M US Breach Costs
Audio is available on Spreaker — see link below.
Klue's OAuth supply chain attack spawned a rare double-extortion scenario as a second threat actor seized the stolen data — while new IBM figures reveal the average US data breach now costs $10.22 million. Today's briefing covers these stories plus a Dialog misconfiguration, AI security savings, and the surge in third-party breaches.
Audio is available on Spreaker — see link below.
A market intelligence platform called Klue has caught its customers in a supply chain trap, and the fallout is still spreading. On June eleventh and twelfth, attackers used legacy credentials to get inside Klue's environment.
Here's where this story takes an unusual turn. The threat actor who claimed the breach, a group calling itself Icarus, was itself subsequently compromised.
Separately, a data exposure at the Dialog group, a private network connected to Peter Thiel, has turned out to be less dramatic than first framed, but not less concerning. Dialog initially attributed the exposure to criminal activity.
Stepping back to the broader picture, new breach cost data puts the current environment in sharper focus. The average US data breach now costs ten point two two million dollars.
One figure from the cost data stands out as a practical divide. Organizations with AI and automation deployed in their security operations saved one point nine million dollars per breach compared to those without.
Third-party breaches now account for thirty percent of all incidents, double the rate from the prior year. Klue is the most current example, but the pattern is consistent.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.