IT Security & Privacy

Pennsylvania State University (Penn State) has agreed to pay $1.25 million to settle allegations of violating the False Claims Act, stemming from its failure to meet contractual cybersecurity requirements between 2018 and 2023. The university allegedly failed to implement cybersecurity controls mandated by the Department of Defense (DoD) and NASA on 15 contracts or subcontracts. These failures included misrepresenting the implementation of specific cybersecurity controls and using a cloud service provider that did not meet DoD’s security standards for handling sensitive defense information.

In what might be the hospitality industry's most expensive case of leaving the digital door unlocked, Marriott International and its subsidiary Starwood Hotels are checking out of their security nightmare with a $52 million bill and an FTC-mandated security makeover. The settlement, announced October 9, 2024, addresses three massive data breaches affecting over 344 million guests worldwide.

The New York State Department of Financial Services (NYDFS) has issued extensive guidance addressing cybersecurity risks associated with artificial intelligence (AI) in the financial sector. Announced by Superintendent Adrienne A. Harris on October 16, 2024, this guidance marks a significant development in regulatory approaches to emerging technologies and cybersecurity.

Poland’s Personal Data Protection Office (UODO) has fined mBank more than €870,000 (4,053,173 PLN) for failing to notify customers affected by a significant data breach. The penalty, while substantial, represents just 0.0024% of the bank’s annual turnover, raising questions about the relative impact of such fines on large financial institutions.

The Information Commissioner's Office (ICO) recently announced the launch of a groundbreaking audit framework designed to revolutionize how organizations approach data protection compliance. This sophisticated new tool represents a significant advancement in enabling organizations to systematically evaluate and enhance their personal data handling practices.

The UK Information Commissioner's Office (ICO) has imposed a £750,000 fine on the Police Service of Northern Ireland (PSNI) following a catastrophic data breach that exposed the personal information of its entire workforce of 9,483 officers and staff.

The Federal Communications Commission (FCC) announced today a groundbreaking settlement with T-Mobile, resolving multiple investigations into significant data breaches that compromised the personal information of millions of American consumers. The agreement, which includes substantial financial penalties and far-reaching cybersecurity commitments, represents a pivotal moment in the FCC's ongoing efforts to bolster data protection within the telecommunications industry.