Security News

The California Consumer Privacy Act is a lesson in missed opportunities. In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer Privacy Act." Ballot initiatives are a process under California law in which private citizens can propose legislation directly to voters, and pursuant to which such legislation can be enacted through voter approval without any action by the state legislature or the governor.

The small group of policy wonks that forced California's legislature to rush through privacy legislation two years ago are back - and this time they want a ballot. The big question now is whether history repeats itself and the threat of a ballot initiative passing is sufficient for lawmakers to promise additions to the existing law in return to take the ballot off the table.

Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US. Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the firms made, distributed, and operated surveillance software known as Pegasus that remotely infects, hijacks, and extracts data from the smartphones of WhatsApp users. WhatsApp security manager Claudiu Gheorghe in a previous filing identified 720 malicious attacks on WhatsApp from the IP address 104.223.76.220, a server in California provided by QuadraNet and allegedly run by NSO. QuadraNet did not immediately respond to The Register's request to clarify the account holder for that IP address.

A new report compiling information from PrivacyRights.org on data breaches in the United States found that California has had the highest number of documents lost during attacks since 2005. Using data on the total number of records lost per breach from 2005 to 2019, email marketing company Omnisend compiled a study ranking US states and companies.

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20, which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth mediums.

A California man has been sentenced to more than seven years in prison for hacking an Atlanta-based company and trying to extort money in exchange for the return of the company's intellectual property. Kight accessed computer networks and servers of multiple companies and organizations in Georgia without authorization, prosecutors said.

The deadly novel coronavirus has reached California's tech sector with the news that an engineer who attended the RSA Conference in San Francisco last month has now tested positive for COVID-19 - and is in a serious condition. The RSA Conference is significant with roughly 40,000 attendees.

A 21-year-old California man has pleaded guilty to repeatedly hacking gaming company Nintendo over three years to access servers and steal confidential data, including details on hardware, games and developer tools, according to the U.S. Justice Department. In 2017, FBI agents confronted Hernandez at his parents' home, and he agreed to stop hacking Nintendo in exchange for federal authorities not pressing charges, according to court documents.

First, the bad: over the holiday break, crooks who are so morally bankrupt that they target the organizations that serve children pounced on schools in the US city of Pittsburg, California. On Monday, the superintendent of Pittsburg Unified School District, Janet Schulze, put up a message about the ransomware attack on the district's Facebook page.

One of the bigger challenges with the CCPA is the question of tracking the location of that user data, Terry Ray, SVP and fellow with Imperva, tells Threatpost. So CCPA changes a little bit of it in that CCPA says, look, you know, we're not asking everybody to comply to this, we're asking people that are going to store what California considered a reasonable amount of data - 50,000 records - if you store more than that you're relevant to CCPA, you have to start thinking about how am I going to protect that data, monitor that data, find that data and ultimately deal with processes around the potential breach of that data.