Privacy issues in the Philippines have become headline news as 2017 gets underway. In January, the National Privacy Commission (NPC) in that country issued a statement placing the blame for a data breach that put the personal information of millions of voters at risk squarely at the feet of the Commission on Elections (COMELEC) and its Chairman Andres Bautista.
In addition to the DDoS campaign and claimed theft of Microsoft accounts, Anonymous Sudan has busied itself with a campaign of attacks against European banks as of late. Microsoft says there is no evidence of a data breach.
A hacker is claiming to have stolen over one billion user records, but security researchers are not convinced that this came from a legitimate TikTok hack or that account takeovers were involved.
Hack of crypto exchange CoinEx's hot wallets has led to a loss of about $70 million in assorted asset types. The data breach was reportedly caused by compromised private keys suspected to be stolen by North Korea's Lazarus group.
1.6 million unemployment claimants in Washington may have just received an identity theft headache. A hack of the State Auditor's office has exposed extremely sensitive personal information.
Hackers used data from 2015 Ashley Madison data breach to conduct cyber extortion scams, asking users to pay more than $1,000 worth of Bitcoin.
Data privacy came into public consciousness in 2018. Yet, even with new regulations to protect personal privacy, it’s clear that there is still a long way to go in 2019 before personal data is truly protected.
Clorox reported a total of $49 million in incremental expenses related to the attack, with Johnson Controls reporting data breach costs of nearly $27 million. This money went to remediation costs such as third party contracting, as well as added operating costs due to disruptions.
A new regulatory filing disclosed that genetic testing company 23andMe leaked the ancestry information of nearly 7 million users in the October 2023 data breach.
23andMe's defense as regards data privacy laws is essentially to claim that a data breach did not actually occur, given that the incident stemmed from the failure of certain users to change passwords that had been exposed elsewhere.