Data protection regulators have issues €114 million in fines so far under the 2018 General Data Protection Regulation. The latest findings from DLA Piper found that over 160,000 data breach notifications have been reported across the European Union since the regulation came into effect on May 25, 2018. Geographically speaking, fines were the highest in France (€51m), Germany (€24.5m) and Austria (€18m).
New research has found that the Emotet malware strain has increasingly been targeting the United State's government and military. The malware that spreads via email has been infecting organizations across the globe since as far back as 2014, but researchers at Cisco Talos recently discovered that the US government is the latest victim to compromised. The discovery was made by closely examining the patterns of outbound email associated with the malware.
A Georgia court granted final approval for a settlement involving Equifax in a class-action lawsuit following the massive 2017 data breach. This week an Atlanta federal judge ruled this week that Equifax will pay $380.5 million to settle lawsuits relating to the 2017 data breach.
The Manor Independent School District is out $2.3 million after falling to an apparent phishing scam. Officials for the Texas school district claim that three separate fraudulent transactions took place in November 2019 following the phishing attack. The scammers carried out the attacks using a variety of tactics, including disguised email addresses, phone numbers, fake links, and more. The school district took to Facebook on January 10 to post that the incident was caused by a phishing email.
Travelex announced today it is restoring operations to process foreign exchange orders electronically, almost two weeks after cyber criminals took hold of its systems, leading to a global blackout of its online services.
Dixons Carphone has been issued the maximum possible fine amount under the pre-GDPR data protection regulation after the tills in its stores were compromised by a cyberattack back in 2017 that affected 14 million customers. The retailer discovered the breach last summer and an investigation into the incident by the Information Commissioner's Office (ICO) found that an attacker had installed POS malware on over 5,390 tills in the retailers' Currys PC World and Dixons Travel storefronts.
Alomere Health, a Minnesota-based hospital operator, has begun notifying patients of a data breach that impacts more than 49,351 patients. On October 31, 2019, a malicious attacker gained unauthorized access to an employee email account, then hijacked a second account days later on November 6. The details were recently published on the health providers' website.
The Austrian State Department's IT systems were hit by a cyberattack last Saturday and many believe that a "state actor" may be behind the attack. The attack, which was disclosed late Saturday night, is said to be "serious" and experts warn it could continue for several days, according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI).
The much anticipated California privacy law officially took place on Wednesday, January 1, a year and a half after it was passed and signed. The California Consumer Privacy Act (CCPA) is a state-wide law that requires organizations to notify users of the intent to monetize their data and provide them with a direct means to opt-out of said monetization. That goes for social networks, credit agencies and much more.
