The UK ICO guidelines specify that workplace monitoring must be disclosed to employees (along with its 'clearly defined' purpose), and the 'least intrusive' method must be used to accomplish the stated purpose.
Lyca Mobile said the service disruption caused by the cyber attack “impacted some national and international calling” in all 60 countries in which it operated except for the United States, Australia, Ukraine and Tunisia.
Sony Interactive Entertainment has confirmed a MOVEit data breach that leaked the personal information of current and former employees and their family members.
A temporary moratorium on the use of facial recognition technology in state schools is now a matter of law in New York, following the conclusion of a study that found that potential rights violations outweighed the safety benefit.
A credential stuffing attack on biotechnology firm 23andMe has resulted in a data theft incident exposing millions of genetic profiles and personal data records.
New report from Elliptic finds a major spike in cross-chain crypto laundering to $7 billion in the past year. North Korea's state-backed Lazarus group is a major driver, responsible for about 13% ($900 million) alone.
The long-running Qakbot malware botnet was disrupted by international law enforcement action in August, but its operators appear to still have some capability and are continuing to run spam email campaigns that attempt to pass ransomware.
Canada Post has been scanning address data from the outside of envelopes it delivers and selling it to third-party mail marketing lists. The Office of the Privacy Commissioner of Canada (OPCC) found that this violates a Privacy Act requirement to obtain authorization from individuals before collecting information in this way.
Proposed EU Cyber Resilience Act includes a vulnerability disclosure requirement that would have all manufacturers report to the government within 24 hours of first discovered exploitation. In most cases, this would mean disclosing before the vulnerability has been mitigated.
MGM's ransomware attack in September is expected to have $100 million negative impact for Q3 due to cleanup costs and lost business. The company believes that its cybersecurity insurance will cover nearly all of the ransomware attack's associated costs.