The cost of a data breach can run as high as $4.54 million today, up from $3.86 million in 2020, according to an IBM study that says the fastest-growing — and costliest — type of cyberattack is ransomware. That’s why more companies are turning to cyber insurance to hedge their bets. Last year, the global market for such policies was estimated to be in the $13.33 billion range, and projected to reach $84.62 billion by 2030. Because the increased frequency of attacks has resulted in increased payouts, insurance providers now often require proof of adequate security measures. Continue reading Companies Turn to Cyber Insurance as Global Threats Surge

Meta Platforms has agreed to pay $725 million to settle a 2018 class action lawsuit initiated by Facebook users who said their personal data was breached in an incident involving UK-based political consultancy Cambridge Analytica. The proposed amount would reportedly be the largest settlement in a U.S. data privacy class action. Although Meta is not admitting to any wrongdoing as part of the settlement, the firm says it has over the past three years “revamped” its approach to privacy. Lawyers for the plaintiffs called the proposal a “historic settlement” that will provide meaningful relief in a “complex and novel” case. Continue reading Meta $725M Cambridge Analytica Settlement Moves Forward

Meta Platforms has been fined $275 million for violating European Union privacy rules, the result of a 2021 data leak that led to the online publication of personal information belonging to 500 million Facebook users. The penalty is the latest imposed on Meta by Ireland’s Data Protection Commission, which in September imposed a $400 million penalty on Instagram for mishandling children’s data. In October 2021, the same regulator fined Meta $235 million for violations by its WhatsApp messaging service. In total, Irish authorities have imposed penalties of more than $900 million on Meta in the past two years. Continue reading Ireland DPC Fines Meta $275 Million for Data Privacy Breach

Apple, Google and Microsoft have joined forces in a rare intercorporate collaboration to create passwordless sign-in technology that relies on smartphones to sign-in. The tech giants announced last week that they are coordinating support for the passwordless sign-in standard, developed by the World Wide Web Consortium (W3C) and the FIDO (Fast Identity Online) Alliance. As a result, by the end of the year users of any of the three operating systems should be able to sign-in to any app or website when using supporting browsers from their nearby device. Continue reading Microsoft, Google, Apple Unite Behind Passwordless Logins

Video game streaming platform Twitch has suffered a data breach resulting in information about the revenue earned by the biggest game streamers leaked to online chat forum 4chan. “Find out how much your favorite streamer is really making!” the hacker wrote in a 4chan data dump labeled “part one.” The perpetrator claimed to have additional information about Twitch’s creator payouts, source code and internal security tools and creator payouts. Without confirming what data was taken, Twitch confirmed the breach, writing on Twitter, “Our teams are working with urgency to understand the extent of this.” Continue reading Twitch Hack Leaks App Code, Revenue from Streaming Stars

Ireland’s Data Protection Commission fined Twitter €450,000 (about $546,000) for failing to notify the regulator or document a data breach within 72 hours. The breach, revealed in January 2019, exposed some Android users’ private tweets for over four years. Twitter chief privacy officer Damien Kieran said the company takes responsibility … and remains “fully committed to protecting the privacy and data of [its] customers.” This is the first time a U.S. tech company has been served with a GDPR fine in a cross-border case. Continue reading Ireland Fines Twitter for Privacy Breach in a First for U.S. Tech

Belgian investigators are scrutinizing the Belgian-based Interactive Advertising Bureau (IAB) Europe, which they say is responsible for how its members buy, sell and use individuals’ data in digital ads. According to their internal report, Google and other major online advertisers are violating Europe’s General Data Protection Regulation in its auctions. The investigation was prompted by complaints against the use of personal data in the real-time bidding (RTB) component of programmatic advertising. Continue reading EU Regulators: IAB Europe Is Not in Compliance with GDPR

On August 1, security research firm Comparitech, led by Bob Diachenko, discovered a massive data leak of nearly 235 million Instagram, TikTok and YouTube user profiles. The leak was due to an unsecured database, which is quickly becoming a widespread cause of similar breaches. An audit of the dark web found about 15 billion stolen logins from 100,000 such unsecured database breaches. The data leak discovered by Diachenko and his team was spread across several datasets, including two of 100 million each of Instagram users. Continue reading Unsecured Databases Leak 235 Million Social Media Profiles

Senate Commerce Committee chair Roger Wicker (R-Mississippi) proposed draft legislation that he said will support tough protections for consumer data and address the concerns of Democrats. Last week, Senator Maria Cantwell (D-Washington), the Committee’s top Democrat, proposed a data privacy law. The idea, Wicker continued, is to create a national privacy law that will override state privacy laws passed by California and other states. He and others believe state laws will create an unwieldy patchwork. Continue reading Republicans Issue Draft of Federal Data Privacy Legislation

Beginning January 2020, the California Consumer Privacy Act (CCPA) will allow that state’s residents to find out exactly what personal data companies hold about them — and ask them to delete such information. Consumers will also have the option of opting out of allowing their personal information to be sold. The legislation — which was designed to make Amazon, Facebook, Google and others more transparent — will impact a wide range of companies, large and small, including airlines, banks, retailers and restaurants. Continue reading Companies Prep for Brunt of California Consumer Privacy Act

A hacker accessed the personal data of about 106 million credit card customers and applicants of Capital One Financial, the fifth-largest credit card company in the U.S., making it one of the biggest such breaches of a large bank. Federal authorities arrested 33-year old Paige Thompson, who is accused of breaking through the bank’s firewall to access data stored on Amazon’s cloud service. Most of those exposed by the hack were customers and small businesses who applied for credit cards between 2005 and early 2019. Continue reading Capital One Breach Exposes Data of 106 Million Customers

The Securities and Exchange Commission fined Facebook $100 million to settle a case related to Cambridge Analytica, which in 2014-2015 collected Facebook data — including names, genders, locations, birthdays and “page likes” — of about 30 million Americans to create “personality scores” and ultimately use it for Donald Trump’s presidential election campaign. When Facebook discovered this misuse of data in 2015, it didn’t reveal what had happened for two years, during which time it presented the issue of data misuse as hypothetical. Continue reading SEC Fines Facebook $100 Million Over Misuse of User Data

In September 2017, hackers broke into credit agency Equifax, compromising almost 150 million Social Security numbers and other personal information. Now, according to sources, under the terms of an agreement with the Federal Trade Commission, Consumer Financial Protection Bureau and most state attorneys general, Equifax will pay about $700 million to settle with these agencies as well as a nationwide consumer class-action lawsuit. The exact amount of the settlement depends on the number of consumer claims ultimately filed. Continue reading 2017 Data Breach Likely to Cost Equifax Up to $700 Million

To combat data breaches, Google has created a Chrome extension to provide a “password checkup” that compares users’ passwords with a database of four billion unique usernames and passwords that have been compromised. The extension works in the background, only showing a warning if it finds a match. That’s all it does: it is not a password manager that determines how weak or strong passwords are. Google accounts, often the key to a user’s email address, are breached mainly because people reuse passwords on multiple sites. Continue reading Google Chrome Extension Alerts Users to Password Issues

Security researcher Troy Hunt, who offers a way to search if your email addresses or passwords have been breached, maintains Collection #1, the largest breach ever, which holds 772,904,991 unique emails and 21 million unique passwords, all of which have been recently posted to a hacking forum. Those numbers represent a “cleaned-up” version of the raw data, which comprise 2.7 billion rows of email addresses and passwords, including over one billion unique combinations of hacked emails and passwords. Continue reading Have You Been Hacked? Very Likely In Light of Mega-Breach