- 1.4 million complaints of identity theft were received by the Federal Trade Commission
- Total fraud and identity theft cases have nearly tripled over the last decade
- Cybercrime
data protection
Privacy Tip #437 – 23andMe Files for Bankruptcy—What to Do If It Has Your Genetic Information
Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, and its CEO has resigned. It is seeking to sell “substantially all of its assets” through a reorganization plan that will have to be approved by a federal bankruptcy judge.
Mark Jensen, Chair and member of the Special Committee of the Board of…
Adobe Issues Patches for ColdFusion “High Severity” Vulnerability
Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure…
Scary Halloween News: Jumpy Pisces Using Play Ransomware to Attack Organizations
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with…
FCC Privacy and Data Protection Task Force Partners Up with the California Privacy Protection Agency
On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state partnership focused on privacy, data protection, and cybersecurity enforcement matters. This partnership will allow the FCC and the CPPA to share resources and align efforts…
T-Mobile’s $31.5 Million Data Protection and Cybersecurity Settlement with the FCC
- Remediate security flaws;
- Improve the company’s cyber hygiene;
David’s Bridal Hit with Class Actions Over Two Data Breaches
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.
In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group…
Tennessee Passes Law Restricting Data Breach Class Action Suits
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross negligence.
The bill, as introduced, “declares a private entity to be not civilly liable in a class action resulting from a…
Maryland Online Data Privacy Act
- Controlled or processed the personal data of at least 35,000 consumers (excluding personal
Italian Data Protection Authority Alleges Breaches of GDPR by ChatGPT Platform
On January 29, 2024, the Italian Data Protection Authority (Garante) notified OpenAI of breaches of data protection laws involving its ChatGPT platform.
In March 2022, Garante temporarily banned OpenAI from processing data. Following its investigation, Garante “concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.”…