Security News

MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million. According to an 8K filing with the Securities and Exchange Commission on Thursday, MGM Resorts said less than $10 million has also been spent on "One-time expenses" such as legal and consultancy fees, and the cost of bringing in third-party experts to handle the incident response.

Data you don't control is open to causing you harm. The fact that nearly everyone in the US apparently likes "Instant gratification convenience over their long term security" suggests they have not yet had a piece ripped out of them.

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto," the Indian government said.

Roid-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts," LetMeSpy said in an announcement on its website, noting the incident took place on June 21, 2023.

People reveal more personal information when you ask them the same questions a second time - according to new research from the University of East Anglia. The research team say that understanding why people disclose personal data could help inform measures to address the problem.

Windows 10 already has two flavours of encryption - BitLocker and Windows Device Encryption - and as of the 22H2 release, Windows 11 Enterprise and Education adds Personal Data Encryption. Personal Data Encryption doesn't replace either of them because it doesn't encrypt a whole drive; instead, it protects individual files and folders using 256-bit AES-CBC encryption keys that are protected by Windows Hello for Business, but only through applications that are built to use it.

The Public Prosecution Service in the Netherlands has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people. The suspect is being investigated for multiple offences: possessing or publishing "Non-public" data, possessing phishing software and hacking tools, computer hacking, and money laundering.

The study finds a significant disconnect between data privacy measures by companies and what consumers expect from organizations, especially when it relates to how organizations apply and use artificial intelligence. The survey showed 60 percent of consumers are concerned about how organizations apply and use AI today, and 65 percent already have lost trust in organizations over their AI practices.

T-Mobile and millions of its customers have been the victims of another data breach - this one apparently carried out by hackers who knew how to exploit an application programing interface used by the carrier. The API did not leak other personal data such as payment card numbers, Social Security numbers, driver's license numbers, passwords, or PINs, according to T-Mobile.

Updated A legal saga between Meta, Ireland and the European Union has reached a conclusion - at least for now - that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble. The Irish Data Protection Commision said today that it has made a final decision fining Meta's Irish operating arm a combined €390 million for violations of the EU's General Data Protection Regulation, and directing it to "Bring its data processing operations into compliance within a period of 3 months," the DPC said.