South Korea’s Personal Information Protection Commission (PIPC) has hit Woori Card with a massive fine of KRW 13.45 billion (roughly $9.1 million) following a major data breach. This decision comes alongside a set of corrective measures designed to overhaul the company’s data management practices, including stricter access controls, better employee training, and tighter oversight of personal information handling.
Advanced Computer Software Group Ltd (Advanced) has been slapped with a £3.07 million fine following a ransomware attack that compromised the personal data of 79,404 individuals. The fine comes after the company’s health and care subsidiary failed to implement sufficient security measures, leaving their systems vulnerable to a cyberattack that had widespread repercussions for critical healthcare services.
MORSE Corp, a defense contractor based in Cambridge, Massachusetts, has agreed to pay $4.6 million to settle allegations related to cybersecurity failures in its contracts with the U.S. Army and Air Force. The settlement comes after claims that the company submitted false payment requests despite knowing it had not met the necessary cybersecurity standards required by these contracts.
The Danish Data Protection Authority (Datatilsynet) has just dropped its annual report for 2024, offering a peek behind the curtain at what the agency has been up to, what it's accomplished, and what lies ahead. It's a mix of victories, learning moments, and the usual data protection headaches we’ve all come to know in this ever-evolving digital world.
Over the weekend, DNA testing giant 23andMe made a staggering announcement that it was filing for Chapter 11 bankruptcy. While the company has certainly faced its fair share of challenges, the core issue here is far from just bad business decisions. At the heart of this struggle lies the fallout from a devastating data breach, which serves as a painful reminder of just how costly cybersecurity risks can be.
The Personal Information Protection Commission (PIPC) of South Korea has penalized Modetour Network Inc. for mishandling a major data breach. The commission’s ruling, announced on March 12, 2025, includes a hefty fine of KRW 747 million (roughly $521,275), along with a KRW 10.2 million ($7,022) fine for additional wrongdoings, making it clear that the company’s failure to protect sensitive customer data will not go unpunished.
In a letter to its customers, Bank of America has revealed a security incident that might have affected sensitive personal data. The incident, which occurred on December 30, 2024, is tied to a third-party vendor responsible for shredding documents. According to the bank, the vendor didn’t secure certain documents properly during transport, and some of those documents were discovered outside a financial center. While it’s unclear whether any individual customer’s documents were directly involved, the bank is erring on the side of caution and notifying those who could be impacted.