As you evaluate your cybersecurity risks, you'll want to stay up-to-date with news and trends for your industry. With UpGuard's Incidents & News feed, you can evaluate your risk related to publicly disclosed security incidents like data breaches, ransomware attacks, and data exposures. The Incidents & News feed is a chronological feed that you can filter and search for news that is most relevant to your organization's security needs.

There are four options for accessing information in Incidents & News:

Individual items within the feed include a date of publication, severity, the impacted company, a brief summary, and tags to categorize the items. Where applicable, the summary may identify other companies involved. Clicking on an update will open an article with additional information, such as the date of the incident, what kind of data was exposed, the number of records impacted, threat actors, and sources for each incident.

When multiple companies are impacted by a breach, they will be linked as related companies. These relationships are used to model cases like the Solarwinds or MOVEit breaches, where intrusion at one company is known to have resulted in data loss for other companies. You can click through to view any company's summary page in Vendor Risk to start monitoring that vendor. Incidents that impact multiple companies may be relevant to future security assessments due to regulatory enforcement actions that an organization will take after being impacted.

Severity is assessed relative to the impact for the company and entities that may have shared data with it, which will inform a vendor risk management program. For example, a complete breach of data at a small law firm that your company uses would be of major concern to you, while its significance to other organizations may be minimal. Alternatively, a massive collection of data scraped from Facebook would be considered headline news but likely requires no incident response from your company, so it would be considered a lower severity incident relative to your organization.

You can access all of these details within the Incidents & News feed and find additional information within individual updates.

You can filter your feed from any of the tabs with the Filtered option.

Clicking the Filtered button will load a panel where you can provide your filtering options. You can search by companies impacted, known threat actors, what kind of data was exposed, and what tags UpGuard has applied to categorize incidents. By default, the feed will load updates from the last year, but you can set custom time parameters for your feed as well.

Note: Setting these filters will persist while you are using the UpGuard platform. If you close the app, the filters will reset to their default state.

Posts within Incidents & News are classified as Incidents or News. Posts are further classified by severity and tagged with additional context. Posts that are classified with the Dark Web tag and severity type include information that has been collected from sites affiliated with malicious actors.

Posts regarding dark web disclosures are presented in Incidents & News for informational purposes. These posts include the company involved and a summary of relevant information about the announcement. The original text of these posts may be edited to omit language not relevant to analysis of the potential impact.

While UpGuard does consider these disclosures a legitimate source, there may be information that has not been confirmed, that may be misleading, and that may be false. Because the sources in the dark web category are inherently untrustworthy, the scope is limited to ransomware groups that have demonstrated they pose a credible threat. While past performance is not indicative of future results, these are threat actors whose breach announcements provide salient information widely used by information security practitioners. Links to the original posts are included so that security professionals can conduct their own analysis and independently determine the credibility of the information. These links require no credentials or transactions to access the information.

You can use Incidents & News to complement BreachSight Identity Breaches. Publicly disclosed breaches provide important context for risk assessments with vendors, such as actions that organizations may take after being impacted by a breach.

Not every breach impacts your organization, nor does UpGuard have access to the details of every breach. If your organization is not impacted or exposed credentials for your organization have not been identified in a breach, then information for those breaches will be accessible via Incidents & News rather than Identity Breaches.

When your organization's users are impacted by a third-party data breach, UpGuard will notify you within the Identity Breaches module. Breach data includes when it happened, which employees were impacted, and what kind of data was exposed. You can notify employees about their leaked data directly from the Identity Breaches module.

UpGuard documents publicized breaches in the Incidents & News feed. We also offer separate, managed service Data Leaks to detect exposed information proactively so that your organization can prevent a leak from becoming a breach.

To continue learning about the Identity Breaches module, read these articles next:

For more information on our Data Leaks offering, read these articles next:

To continue learning about exposures that can lead to breaches, read these articles:

You can also find more information on specific breaches, like the 2023 MOVEit Zero-Day Vulnerability, and how cybersecurity impacts your organization with our blog posts on cybersecurity.