Security News

The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. California Governor's Office of Emergency Services has confirmed that the Department of Finance has been affected by a cyber incident but did not provide too many details.

Cosmetics giant Sephora first to be fined for violating California's Consumer Privacy Act. International cosmetics giant Sephora is the first company to be publicly fined for violating California's Consumer Privacy Act.

In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. The Cali DOJ noted that the dashboards and data were available to the public "For less than 24 hours," and the information exposed included names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories.

California Pizza Kitchen served up more than tasty meals recently after a data breach exposed the names and Social Security numbers of more than 100,000 current and former employees. The "External system breach" occurred on Sept. 15 at the popular U.S. pizza chain and affected 103,767 people, according to a Data Breach Notification posted on the website of the Maine Attorney General.

A California man impersonated an Apple customer support technician in a socially engineered email campaign that stole people's iCloud passwords to break into accounts and collected upwards of 620,000 private photos and videos. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, in a scam that ultimately aimed to steal and share nude images of young women, according to court records and a report by the Los Angeles Times.

A judge in South Carolina has struck out a number of claims in a consolidated class-action suit alleging cloud CRM provider Blackbaud didn't do enough to prevent a 2020 ransomware attack, but allegations under California's Consumer Privacy Act will move forward. US district judge J Michelle Childs said in a 33-page ruling [PDF] that "Blackbaud's alleged registration as a 'data broker' suggests that it is also a 'business' under the CCPA." The firm had previously argued it did not qualify as a "Business" regulated by the CCPA, California's GDPR-ish data privacy regulations that came into effect in July 2020.

The University of California this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance service. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion's service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.

The University of California is warning its students and staff that a ransomware group might have stolen and published their personal data and that of hundreds of other schools, government agencies and companies nationwide. A cybersecurity attack targeted a vulnerability in Accellion, a third-party vendor that is used to securely transfer files, the university said in a statement Wednesday.

Civil liberties activists are suing a company that provides facial recognition services to law enforcement agencies and private companies around the world, contending that Clearview AI illegally stockpiled data on 3 billion people without their knowledge or permission. The lawsuit says the company has built "The most dangerous" facial recognition database in the nation, has fielded requests from more than 2,000 law enforcement agencies and private companies, and has amassed a database nearly seven times larger than the FBI's.

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. The proposition has ardent supporters and detractors on both sides of the online privacy debate, with some saying it was needed to fill loopholes in the landmark California Consumer Privacy Act and others bashing it for not going far enough or reinforcing dangerous practices. Carmen Balber, executive director of Consumer Watchdog, added in another statement that said "Prop 24 enshrines Californians' privacy rights and safeguards them from legislative assault, adds groundbreaking new protections for sensitive information like our race, sexual orientation and location, and creates a European-style privacy agency to protect our rights."