I came across this blog posting from Continuity Central.  It is a good post because it is succinct.

1.  NHS – Based on knowledge in the public domain, we believe the root cause of the vulnerability relates to an ‘enhanced data sharing’ option. If enabled, that data can be accessed by hundreds of thousands of other users of the same system. This is a common oversight, as organizations tend to focus on their web application testing and security but fail to extend this security to their desktop applications.We regularly find vulnerabilities like this when we’re auditing desktop applications and the communication mechanisms that support them. By extending the same care to both web and desktop applications, these vulnerabilities can be minimised.
2. Equifax – This breach highlights how critically important it is for all organizations to be on top of their vulnerability management processes, ensuring that critical patches for software and systems are applied as soon as possible.Regular penetration testing and vulnerability scanning feed into a central vulnerability management system within the wider governance, risk and compliance (GRC) processes. They’re fundamental to help mitigate the risk of these kinds of breaches occurring. After all, if you’re not aware of your vulnerabilities and risks, you can’t treat them.
3. Yahoo – …these types of breaches usually originate from an exploited website vulnerability. Preventing such a hack starts with using controls that identify vulnerabilities. However, it’s also critical that incident response processes are in place to identify attacks in progress.
4. Uber – …beyond securing vulnerable information, communication is key. Uber tried to brush the breach under the carpet but making your customers aware of a breach as soon as possible is the best response. This will be critical when the General Data Protection Regulation becomes enforceable. Under the regulation, organizations must notify of the breach to the relevant supervisory authorities and affected parties within 72 hours of its discovery, as failure to do so could result in fines up to €20m or 4 percent of world-wide revenue, whichever is greater.
5. Alteryx...a cyber risk researcher revealed that data analytics software company , had left a 36-gigabyte database exposed in an Amazon Web Services storage bucket. Alteryx’s unsecured database was discovered during a routine search of Amazon Web Services storage buckets, with the breach affecting 123 million households in the USA. Configuration related vulnerabilities like this are common, and AWS storage buckets that have not been protected correctly with the right controls are frequently discovered. According to The Register, information from Accenture, Verizon, Viacom, and the US military had been inadvertently left online due to incorrect configuration.When storing sensitive information in the public cloud, it’s vital to implement best practice security measures. All storage buckets must be configured correctly, with procedures, checks and balances in place to make sure that systems can’t go live without being properly audited. Each configuration must be checked against potential vulnerabilities, and it is best practice to ensure that the configuration is peer reviewed before the system goes live.