The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws under the General Data Protection Regulation.
A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals and involving a recent hack on its file transfer software vendor Fortra.
Fallout for Progress Software continues as hundreds of private and public sector organizations that use its MOVEit file transfer software face data breaches due to a zero-day attack. Some victims have filed a proposed class action suit in federal court, alleging poor security controls at Progress.
State regulators have fined health plan Kaiser Permanente $450,000 for a mailing mishap that sent private health plan records to the outdated addresses of 167,095 patients. The erroneous mailing was triggered by a technical update of the health plan's electronic health records system.
Major healthcare industry associations are urging federal regulators to finalize proposed changes to the HIPAA privacy rule that would bolster protections over reproductive healthcare data. In some cases, the groups are suggesting that regulators go even further in stretching privacy safeguards.
Compromised chatbot credentials are being bought and sold by criminals who frequent underground marketplaces for stolen data, warns cybersecurity firm Group-IB, as the use of ChatGPT and rival AI chatbot offerings and services newly baked into existing products continues to surge across the globe.
The BlackCat ransomware group has claimed credit for a February phishing attack against Reddit. With no ransom being paid, the extortionists are now seeking to insert themselves into the standoff between Reddit's leadership and volunteer workforce over the introduction of paid access to APIs.
A consumer genetic testing company must ensure the destruction of customer saliva samples and undergo third-party evaluation of its information security program for the next two decades under a proposed consent order with the U.S. Federal Trade Commission.
A commercial real estate company that operates more than a dozen addiction recovery centers and other medical facilities in several states is notifying 319,500 employees and patients of a recent ransomware incident that compromised their personal and health information.
Federal regulators have hit Washington state-based Yakima Valley Memorial Hospital with a $240,000 HIPAA fine and correction action plan following a 2018 breach involving 23 hospital security guards who snooped into the electronic medical records of 419 patients.
European lawmakers on Thursday denounced the commercial spyware industry and chastised half a dozen member nations for deploying spyware against citizens or selling it abroad. "Spyware is part of the toolkit of authoritarians who undermine democracies," said Dutch MP Sophie in 't Veld.
A company that makes patient debt collection software is the latest healthcare sector entity to report a hacking breach related to a flaw in Fortra's GoAnywhere secure file transfer software. To date, the GoAnywhere vulnerability has affected the health information of 4.4 million individuals.
An April ransomware attack that compromised the personal information of more than 2.5 million individuals has triggered at least four proposed federal class action lawsuits against Massachusetts health insurer Harvard Pilgrim Health and its parent company, Point32Health.
Ransomware hackers are stretching the concept of code reuse to the limit as they confront the specter of diminishing returns for extortionate malware. In their haste to make money, some new players are picking over the discarded remnants of previous ransomware groups.
At the EU cybersecurity agency ENISA's recent conference on the cybersecurity upsides and downsides of AI chatbots, presenters urged "preparedness," recommending that cybersecurity professionals track the "warp speed" evolution of chatbots to target emerging risks as well as opportunities.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.