Information governance and data retention have been important topics in the corporate world for years. As an executive, it’s crucial to ensure effective management, storage, and secure disposal of your company’s data. Having well-defined information governance and data retention policies helps maintain compliance with legal requirements and safeguards against data breaches and cyber-attacks. In this
Data Security
23andMe Confirms Threat Actors Accessed Accounts Without Authorization
We have published blog posts before on sharing genetic information and the risk associated with the disclosure of such sensitive information.
Unfortunately, our concerns have been realized. On Monday, October 9, 2023, 23andMe confirmed that its investigation into a data security incident involving customer profile information shared through its DNA Relatives feature “was compiled from…
Privacy Tip #374 – FTC Warns Tax Preparation Companies About Use of Tax Information for Other Purposes
The information you provide to your tax preparer is as sensitive as it gets. The assumption is that the tax preparation company is only using your data to prepare your taxes. In an enforcement action against Beneficial Corp., the FTC alleged that the company was engaged in unfair and deceptive practices by “using information collected…
Joint Advisory on MOVEit Transfer Vulnerability Published
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection vulnerability in the MOVEit solution. According to the joint advisory, “Internet-facing MOVEit Transfer web applications were infected with a web…
Growing Calls to Ban Chinese Owned TikTok App and Other Software Apps Considered to be National Security Threats
Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than…
Chick-Fil-A Sued for Sharing Data through Meta Pixel
While plaintiffs’ attorneys were initially focused late last year on suing health care entities for using Pixel and other tracking technology to share information about website users with social media platforms such as Meta (formerly Facebook), they are now eyeing other industries, including the fast food industry.
This week, a class action complaint was filed…
T-Mobile Sued for Data Breach of 37 Million Records
On January 22, 2023, T-Mobile was sued in federal court in California alleging negligence, unjust enrichment, breach of express contract, breach of implied contract, and invasion of privacy over the recently-disclosed data breach of more than 37 million postpaid and prepaid customer records.
According to the complaint, the plaintiff was informed just two days…
Cloaked Ursa Using Trusted Online Storage Services to Evade Detection
According to research by Palo Alto’s Unit 42, the most recent campaign by advanced persistent threat Cloaked Ursa (aka APT 20, Nobelium, or Cozy Bear), “demonstrate[s] sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.” Cloaked Ursa is believed to be affiliated with the Russian government.
Unit 42 found that…
Lending Tree Notifies 70,000 Customers of Data Breach
Online mortgage lender Lending Tree sent breach notification letters to affected individuals on June 29, 2022. The letter advises those persons that their name, social security number, date of birth, and address were compromised in mid-February 2022 as a result of a code vulnerability that “likely resulted in the unauthorized disclosure of some sensitive personal…
Location Data Industry Under Scrutiny for Inclusion of Planned Parenthood Clinics in their Services
INRIX, a company that provides location-based data analytics, has been collecting, analyzing, and selling aggregated vehicle, traffic, and parking data for over 17 years. Now, after the Roe v. Wade decision, INRIX is under scrutiny for its data collection tactics and the ability to view data related to Planned Parenthood clinics. In a brochure for…