Security News

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing - that it would no longer track their location once they opted out - but doing the opposite and continuing to track its users' movements for its own commercial gain," California Attorney General Rob Bonta said.

Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. The entities collectively issued a notice of data breach at the start of the month and shared a sample letter with the California Attorney General's office earlier this week.

Early in his career, Kevin Mitnick successfully hacked California law. The setup is that he just discovered that there's warrant for his arrest by the California Youth Authority, and he's trying to figure out if there's any way out of it.

LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion. The notorious ransomware gang boasted it exfiltrated 76GB from the state agency, which apparently included databases, confidential information, financial and IT documents, and, oddly enough, "Sexual proceedings in court." LockBit has promised to publish "All available data" on December 24, presumably unless the California state government pays a ransom, although no information has been released about any monetary demand.

The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. California Governor's Office of Emergency Services has confirmed that the Department of Finance has been affected by a cyber incident but did not provide too many details.

Cosmetics giant Sephora first to be fined for violating California's Consumer Privacy Act. International cosmetics giant Sephora is the first company to be publicly fined for violating California's Consumer Privacy Act.

In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. The Cali DOJ noted that the dashboards and data were available to the public "For less than 24 hours," and the information exposed included names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories.

California Pizza Kitchen served up more than tasty meals recently after a data breach exposed the names and Social Security numbers of more than 100,000 current and former employees. The "External system breach" occurred on Sept. 15 at the popular U.S. pizza chain and affected 103,767 people, according to a Data Breach Notification posted on the website of the Maine Attorney General.

A California man impersonated an Apple customer support technician in a socially engineered email campaign that stole people's iCloud passwords to break into accounts and collected upwards of 620,000 private photos and videos. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, in a scam that ultimately aimed to steal and share nude images of young women, according to court records and a report by the Los Angeles Times.

A judge in South Carolina has struck out a number of claims in a consolidated class-action suit alleging cloud CRM provider Blackbaud didn't do enough to prevent a 2020 ransomware attack, but allegations under California's Consumer Privacy Act will move forward. US district judge J Michelle Childs said in a 33-page ruling [PDF] that "Blackbaud's alleged registration as a 'data broker' suggests that it is also a 'business' under the CCPA." The firm had previously argued it did not qualify as a "Business" regulated by the CCPA, California's GDPR-ish data privacy regulations that came into effect in July 2020.