The Hellenic Supervisory Authority (SA) has imposed a fine on Greece's Ministry of Interior following a major leak of expatriates' personal information. The decision, announced on September 13, 2024, comes after a thorough investigation into complaints about unsolicited political communications received by Greek voters living abroad.
France's data protection watchdog, CNIL (Commission Nationale de l'Informatique et des Libertés), has imposed a substantial €800,000 fine on CEGEDIM SANTÉ. The penalty comes as a response to the company's unauthorized processing of sensitive health data, highlighting the growing tension between technological advancement and privacy protection in the medical field.
New York-based facial recognition startup Clearview AI has now accrued fines exceeding $115 million for privacy violations across the European Union and the United Kingdom. The Dutch Data Protection Authority (DPA) has recently imposed a $33.7 million penalty, adding to a series of General Data Protection Regulation (GDPR) compliance issues that date back to 2020.
The Swedish Data Protection Authority (IMY) has recently imposed penalties on Apoteket AB and Apohem AB, totaling SEK 37 million (€3.2 million) and SEK 8 million (€698,000), respectively. These fines come after an investigation revealed that both companies used Meta's Pixel tool inappropriately, resulting in the unauthorized transfer of privacy-sensitive personal data to Meta’s advertising platforms.
The recent data breach at the Centers for Medicare & Medicaid Services (CMS), which compromised the personal information of nearly one million Medicare beneficiaries, serves as a powerful reminder of the serious cybersecurity, governance, risk management, and compliance (GRC) challenges facing organizations in today's digital landscape. The breach, stemming from a vulnerability in third-party software (MOVEit) has exposed significant gaps in vendor management, IT security, and regulatory compliance.
Swedish regulators have levied a fine against a major domestic bank for unlawfully transferring customer data to Meta's advertising platforms. The Swedish Supervisory Authority (SA) announced a €1.3 million administrative penalty against Avanza Bank AB after an investigation found the bank had been funneling personal information about up to 1 million customers to Meta, the parent company of Facebook, over an 18-month period.
Dick's Sporting Goods revealed in a Securities and Exchange Commission (SEC) filing on Wednesday that it had fallen victim to a cyberattack, highlighting the increasing challenges faced by organizations in managing IT security and resilience. The attack, detected on August 21, involved unauthorized access to several of the company’s information systems, including sensitive areas containing confidential data.