Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with

On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state partnership focused on privacy, data protection, and cybersecurity enforcement matters. This partnership will allow the FCC and the CPPA to share resources and align efforts

This week, the Federal Communications Commission (FCC) announced a data protection and cybersecurity settlement with T-Mobile, resolving the FCC’s investigations related to the data breaches suffered by T-Mobile that affected millions of consumers in 2021, 2022, and 2023.

As part of the settlement, T-Mobile has agreed to:

  • Improve the company’s cyber hygiene;
  • This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.

    In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group

    On May 9, 2024, Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA) into law. MODPA applies to any person who conducts business in Maryland or provides products or services targeted to Maryland residents and, during the preceding calendar year:

    1. Controlled or processed the personal data of at least 35,000 consumers (excluding personal

    On January 29, 2024, the Italian Data Protection Authority (Garante) notified OpenAI of breaches of data protection laws involving its ChatGPT platform.

    In March 2022, Garante temporarily banned OpenAI from processing data. Following its investigation, Garante “concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.”

    The Foundation for Defense of Democracies issued a Report late last week entitled Time to Designate Space Systems as Critical Infrastructure which cogently outlines the risks associated with space systems (which are basically the same as any other electronic system) in order to designate space systems as the seventeenth critical infrastructure sector.

    Space systems are

    Many companies are exploring the use of generative artificial intelligence technology (“AI”) in day-to-day operations. Some companies prohibit the use of AI until they get their heads around the risks. Others are allowing the use of AI technology and waiting to see how it all shakes out before determining a company stance on its use.

    A recent study found that some data brokers are selling highly sensitive data relating to consumers’ mental health conditions on the open market with minimal vetting of their customers and few controls on how these purchasers use the data. The study, conducted by a researcher at Duke University’s Technology Policy Lab, found that 11 out