American Airlines says data breach affected some customers, employees

Through a phishing campaign, hackers were able to access team member’s mailboxes. American spokesman Curtis Blessing said, “A very small number of customers and employees’ personal information was contained in those email accounts.” Interesting to note that while the company was aware of the breach in July, it took two months to notify customers. Customers who were notified were offered two years of identity theft protection services. 

More: NPR |  @YUSUPHKILEO | The Verge

‘Anonymous’ hacks Iran state websites after Mahsa Amini’s death

Aljazeera: Anonymous appears to have hacked into several websites in Iran as a way to support protests following the death of Mahsa Amini. It seems like two main websites of the Iranian government were the targets as well as CCTV live cams. The 22 year-old woman died after the so-called morality police put her in custody for her “improper” hijab.

More: CNBC | Yahoo News |

Third-party risk: What it is and how CISOs can address it

Venture Beat: Businesses are becoming more reliant on third parties to increase their capabilities for providing essential services. While partnering with third parties can be very beneficial for organizations, it also can cause its own set of risks. 51% of organizations experienced a data breach due to third parties, according to an Intel471 threat intelligence report. But there are strategies that CISOs can use to mitigate these risks. Including but not limited to: understanding what data is shared between the business and third party and regularly reviewing who in the organization has access to the third party.