Security News
"The DPC corresponded with Twitter International Unlimited Company in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance," the Irish privacy regulator said on Friday. Twitter's lead EU watchdog wants to determine if Twitter has complied with its obligation as a data controller regarding the processing of users' data and if it infringed any General Data Protection Regulation or Data Protection Act 2018 provisions.
Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. The notification comes after multiple posts on hacker forums seen by BleepingComputer offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users.
LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion. The notorious ransomware gang boasted it exfiltrated 76GB from the state agency, which apparently included databases, confidential information, financial and IT documents, and, oddly enough, "Sexual proceedings in court." LockBit has promised to publish "All available data" on December 24, presumably unless the California state government pays a ransom, although no information has been released about any monetary demand.
Uber executives said the information leaked was not from the massive breach in September, but from an attack on Teqtivity, a supplier whose software enables enterprises to keep track of their IT assets, such as phones and computers, and performs work for Uber. According to a statement from Teqtivity, an attacker gained access to a company backup server hosted by Amazon Web Services that stored code and data files related to Teqtivity's customers, such as Uber.
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022.
Every year the personal data of millions of people, such as passwords, credit card details, or health details, fall into the hands of unauthorized persons through hacking or data processing errors by companies. In the EU, any data leak that may result in risks for the concerned individuals must be reported within 72 hours.
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said.
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said.
Ireland's Data Protection Commission has levied fines of €265 million against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "Collated dataset of Facebook personal data that had been made available on the internet."
Ireland's Data Protection Commission has levied fines of €265 million against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "Collated dataset of Facebook personal data that had been made available on the internet."