DataBreachToday.com

European Court of Justice Says Meta May Not Indefinitely Retain User Data
Targeted advertising may face additional restrictions following a ruling by the top European Union court that social media giant Meta cannot indefinitely retain user data. Nor can it use data for advertising "without distinction as to type of data," the European Court of Justice said Friday.

Illumio, Akamai Stay Atop Forrester Wave, While ColorTokens, Cisco Join Leaderboard
Illumio and Akamai remained atop Forrester's microsegmentation rankings, while ColorTokens and Cisco climbed into the leader space.The microsegmentation market has expanded beyond traditional on-premises networks to address modern public cloud workloads.

US-Sanctioned Crypto Exchange Founder Sergey Ivanov Included in Sweeping Arrests
Russia’s primary federal investigative agency announced a rare and sweeping investigation into the United States-sanctioned cryptocurrency exchange Cryptex and other platforms used to carry out illegal transactions and launder millions from ransomware groups.

Company Has Long Running Fight Against Fare Scrappers
The Irish data regulator launched an investigation into Dublin-based ultra low-cost carrier Ryanair to identify potential privacy violations related to the company's use of third-party facial recognition technology, stepping into a running fight Ryainair has fought against online ticket sellers.

FSB Hackers Stripped of 107 Domains Used to Steal Credentials
The U.S. Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. Targets include the national security apparatus and journalists, think tanks, and non-governmental organizations.

CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for Months
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.

Also: Prison Sentences for BEC Scammers and a West African Cybercrime Crackdown
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?

US Cyber Defense Agency Plans to Review Updated Implementation Plans in November
A top official from the U.S. Cybersecurity and Infrastructure Security Agency said Thursday the agency is planning to review updated federal implementation plans and ensure agencies are aligning with zero trust security objectives and addressing any funding gaps or technical challenges.

Counter Ransomware Group Focuses on Timely Reporting, Avoiding Paying the Ransom
New voluntary ransomware guidance released during the International Counter Ransomware Initiative meeting this week calls for victims to report attacks to law enforcement on a more timely basis - and involve more advisers in deciding whether to pay a ransom.

A 2023 Breach Exposed Personal Details of All PSNI Officers and Staff
The U.K. data regulator fined the Northern Ireland's Police Service 750,000 pounds following a 2023 data breach that exposed personal details of the entire workforce. The U.K. Information Commissioner's Office determined the breach occurred when police attempted to respond to two open records requests.

Naming and Sanctioning Cybercrime Syndicate Members Has Repercussions, Police Say
Western law enforcement may not be able to bust every last Russian cybercrime suspect, but newly revealed efforts against Evil Corp and LockBit reveal suspects arrested while on vacation, as well as the psychological fallout criminal syndicates face when members get named, indicted and sanctioned.

Data Leak Preceded Law Enforcement Crackdown on Group That Targets Health Sector
A clinic in Hawaii is notifying 124,000 patients that their health data was potentially compromised in a May hack. Lockbit 3.0 claims to have published the stolen records on its data leak site in June - months before global authorities this week disclosed a crackdown on the cybercrime gang.

Strawberry Can Also Assist with Making Weapons that Wipe Out Humans
OpenAI claims its new artificial intelligence model, designed to "think" and "reason," can solve linguistic and logical problems that stump existing models. Officially called o1, the model nicknamed Strawberry can deceiving users and help make weapons that can obliterate the human race.

Thrive Capital, Microsoft, SoftBank, Nvidia Reportedly Lead OpenAI's Latest Funding
OpenAI’s new $6.6 billion round of funding has nearly doubled its valuation to $157 billion. With investments from Thrive Capital, Microsoft, SoftBank and Nvidia, OpenAI plans to expand its AI research while facing pressures around executive turnover and its transition away from a nonprofit model.

Justice Department Releases Cybercrime Plan, Focusing on Global Partnerships
The United States Justice Department is coordinating its cybercrime defense mission under a new strategic approach released Wednesday that aims to enhance the collection of electronic evidence, bolster international collaboration and focus on disrupting significant cybercrime actors.

AI Act General Purpose AI Rules to be Enforced in 2025
The European Commission appointed a 13 member team to draft the general purpose artificial intelligence code of practice mandated by the AI Act. The commission on Monday announced four working groups that will oversee drafting of the rules.

UK National Crime Agency Details Kremlin-Cybercrime Connection
Russian intelligence agencies tasked the notorious Russian-speaking cybercrime syndicate Evil Corp with conducting cyberattacks and cyberespionage operations on behalf of the Russian government, British police said Tuesday. Evil Corp has stolen at least $100 million from victims.

Rackspace Scrambles to Patch Zero Day Dashboard Bug
Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability.

US Cyber Defense Agency’s Flagship Threat Sharing Initiative Facing Major Hurdles
Experts told Information Security Media Group the Cybersecurity and Infrastructure Security Agency’s flagship threat sharing initiative faces major logistical hurdles and may need to be replaced with a more mature approach to automated threat analysis following a damning Inspector General report.