Vulnerability in Twitter's API in 2021 caused a data leak that exposed private user profile information of at least 5.4 million users. The information is now available for free via a dark web forum.
Rogue Meta employees and contractors abused an internal tool called "Oops," which is primarily intended for in-house account recovery for employees and business partners. There were some cases of account hijacking for money.
Russian hackers stole 50 million passwords from popular online services such as PayPal, Amazon, Roblox, Steam and crypto wallets by deploying infostealer malware on users’ devices.
A new paper from global law multinational DLA Piper lays out the case for a risk-based approach to GDPR international data transfers, arguing that the status quo is too onerous and that data exporters are suffering.
The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Though the fine is not one of the largest issued by CNIL (or for general GDPR violations across the bloc), the case is noteworthy in that Discord is mostly being taken to task for not providing default or built-in security options rather than the fallout of a specific data breach.
The fourth draft data protection bill looks to be no less contentious, as it adds vital protections but also exempts the country's government from all of its terms and appears to give tech platforms a fairly free hand in sending citizen data overseas.
The ransomware attack on AirAsia took place on November 11 and 12, with samples of the stolen personal data being leaked to the group's dark web site about a week later. The posted samples contain employee personal information as well as passenger booking information.
Losing Ireland "main establishment" status means that any national DPA in the EU could bring direct GDPR action against Twitter on behalf of its citizens without the standard collaborative process that ultimately funnels everything through the Irish DPC.
Iranian hackers installed crypto miner on federal agency’s network after exploiting unpatched Log4Shell vulnerability on the VMWare Horizon server to gain access. The threat actors moved laterally to the domain controller, compromised credentials and implanted reverse proxies on several hosts to maintain persistence.
