Episode 99 - National Cybersecurity Awareness Month
Cybersecurity Awareness Month is co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA). For more information about ways to keep you and your family safe.
1. Instagram fined 405M Euros for GDPR violations.
2. Google and Meta were fined a total of $72 million by South Korea’s Privacy and Protection Commission for tracking behavior on other sites without consumer approval, then using that data for advertising.
3. The Internal Revenue Service acknowledged Friday that it had inadvertently exposed a batch of taxpayer information linked to some non-profits and other tax-exempt organizations, following a Wall Street Journal report that said as many as 120,000 individuals may have been affected by the error.
4. While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error.
5. China hopes to tighten its cybersecurity laws with higher fines for some violations. If the amendments are approved, fines for critical information infrastructure operators who use products or services that have not undergone security reviews could be 5% of revenue or 10 times their cost.
5. According to Acronis, ransomware losses worldwide are expected to surpass $30 billion by the end of 2023.
6. Lloyd’s of London Ltd. has told insurers that nation-state attacks and related losses will be excluded from insurance coverage after 1Q 2023. A 2022 court ruling dashed insurers’ hopes that “cyber war” exclusions would let them avoid payment for such losses.
7. Québec’s personal information privacy act takes effect September 22, a provincial statute that supplements Canada’s federal legislation, including the term “confidentiality incidents” and addressing biometric information.
8. Euractiv reports that the EC will introduce its proposal for a Cyber Resilience Act this week. The Act will address cybersecurity issues with consumer-connected devices.
9. UK - The Telecommunications (Security) Act 2021 (Commencement) Regulations 2022 have been made. They bring the Telecommunications Security Act 2021 (TSA) into force from 1 October 2022. The Electronic Communications (Security Measures) Regulations 2022 under the TSA will come into force on the same date.
10. After TikTok allegedly violated U.K. privacy regulations, the Information Commissioner’s Office sent a notice of intent including a possible fine of £27 million.
11. California Governor Gavin Newsom has signed The California Age-Appropriate Design Code Act into law.
The new legislation, signed by Newsom on September 15, 2022 and passed by the state congress in late August, will implement some of the strictest privacy requirements for children in the US, especially in relation to social media.
12. U-Haul International disclosed that it has experienced a data breach of names, drivers’ licenses/state IDs but indicated no credit card or financial information was compromised.
13. A teenage cyberattacker gained full access to Uber’s systems after impersonating an IT professional from the popular rideshare company to gain VPN access.
14. Congress is investigating Meta after The Markup discovered the tech giant’s Pixel tool gathered information on users’ private health records.
If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.