Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with
data protection
FCC Privacy and Data Protection Task Force Partners Up with the California Privacy Protection Agency
On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state partnership focused on privacy, data protection, and cybersecurity enforcement matters. This partnership will allow the FCC and the CPPA to share resources and align efforts…
T-Mobile’s $31.5 Million Data Protection and Cybersecurity Settlement with the FCC
This week, the Federal Communications Commission (FCC) announced a data protection and cybersecurity settlement with T-Mobile, resolving the FCC’s investigations related to the data breaches suffered by T-Mobile that affected millions of consumers in 2021, 2022, and 2023.
As part of the settlement, T-Mobile has agreed to:
David’s Bridal Hit with Class Actions Over Two Data Breaches
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.
In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group…
Tennessee Passes Law Restricting Data Breach Class Action Suits
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross negligence.
The bill, as introduced, “declares a private entity to be not civilly liable in a class action resulting from a…
Maryland Online Data Privacy Act
On May 9, 2024, Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA) into law. MODPA applies to any person who conducts business in Maryland or provides products or services targeted to Maryland residents and, during the preceding calendar year:
- Controlled or processed the personal data of at least 35,000 consumers (excluding personal
Italian Data Protection Authority Alleges Breaches of GDPR by ChatGPT Platform
On January 29, 2024, the Italian Data Protection Authority (Garante) notified OpenAI of breaches of data protection laws involving its ChatGPT platform.
In March 2022, Garante temporarily banned OpenAI from processing data. Following its investigation, Garante “concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.”…
FDD Suggests Space Systems be Designated as Critical Infrastructure
The Foundation for Defense of Democracies issued a Report late last week entitled Time to Designate Space Systems as Critical Infrastructure which cogently outlines the risks associated with space systems (which are basically the same as any other electronic system) in order to designate space systems as the seventeenth critical infrastructure sector.
Space systems are…
Use of Generative AI Poses Risk to Companies
Many companies are exploring the use of generative artificial intelligence technology (“AI”) in day-to-day operations. Some companies prohibit the use of AI until they get their heads around the risks. Others are allowing the use of AI technology and waiting to see how it all shakes out before determining a company stance on its use.
Data Brokers May be Selling Mental Health Data with Minimal Vetting
A recent study found that some data brokers are selling highly sensitive data relating to consumers’ mental health conditions on the open market with minimal vetting of their customers and few controls on how these purchasers use the data. The study, conducted by a researcher at Duke University’s Technology Policy Lab, found that 11 out…