Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

Keeping Too Much Data Runs Up Costs After a Cyberattack

By Kim S. Nash
 

Hello. Despite the conventional wisdom about data minimization, businesses continue to over-save information.

Companies commonly collect more data than they need and hold onto it for too long. When hackers strike, they can get away with troves, often resulting in a breach bigger and more expensive than it had to be.

In a hack last year at Nova Scotia Power, attackers stole the personal information of about 375,000 current customers and many more former customers—around 540,000, according to Canada’s privacy commissioner, which investigated the incident. Social Insurance Numbers, which the utility used to verify customer identities, were among the compromised sensitive data.

After a consumer uproar, Nova Scotia Power extended its credit monitoring offer from two years to five years for all current and former customers, even if they weren’t affected by the breach. It also agreed to reform data practices, deleting all Social Insurance Numbers from its databases, with exceptions for special legal or tax reasons.

More news:

  • Grand Theft Auto maker confirms new breach
  • Get ready for bugmageddon, thanks to AI
  • Booking.com says reservations data was compromised
  • Goldman Sachs CEO says cyber is at the core of his business
  • And more
 

‏‏‎ ‎
CONTENT FROM: ZSCALER
Enterprise AI Use Rose 83% YoY: Can Security Keep Pace?

Enterprise AI is becoming always-on infrastructure, moving sensitive data at a speed that’s reshaping productivity and risk. Get the latest insights on balancing rapid adoption with AI security, the top threats to watch and what teams can do next in the ThreatLabz 2026 AI Security Report.

Read the report

 

More Cyber News

PHOTO: YUKI IWAMURA/AGENCE FRANCE-PRESSE/GETTY IMAGES

The ShinyHunters hacking group published what it claimed is data stolen from Rockstar Games, which makes Grand Theft Auto and other popular titles. The company said it has recently been breached, through a third-party business partner. ShinyHunters said it got the files in a hack of a Snowflake data-storage server used by Anodot, which provides business analytics services. (Bleeping Computer)

Night club operator RCI Hospitality Holdings said Monday it is investigating a potential data breach after discovering a cyberattack in March. Hackers accessed a web portal used by RCI's independent contractors and run by the company's internet services unit, according to a regulatory filing.

Travel site Booking.com is notifying an unspecified number of customers that their reservation details were compromised after the company noticed suspicious activity in its tech systems. (The Register)

PHOTO: HELYNN OSPINA FOR WSJ

Welcome to bug armageddon. AI models like Anthropic's Mythos are finding bugs in older software at a rate never seen before. While most of the coding issues may be minor, their sheer volume has amplified the risk that smaller developers will be overwhelmed with bug reports. (WSJ)

“Cybersecurity has long been at the core of our business.”
— Goldman Sachs CEO David Solomon, on a call with analysts, when asked about the meeting that major U.S. bank executives had last week with Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent to discuss possible cyber risks raised by Anthropic’s Mythos model.

Healthcare breaches continue. Rocky Mountain Associated Physicians, a weight-loss facility based in Salt Lake City, Utah, said 50,640 patients had their personal, medical and in some instances financial information exposed in an October 2025 cyberattack. 

  • Legend Senior Living, an elder-care provider with sites in eight states, is notifying at least 5,000 patients and families of a similarly wide-ranging breach. A hacker accessed its systems between July 27, 2025 and August 15, 2025, the company said.
 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2026 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe