IT Security & Privacy

The Irish Data Protection Commission (DPC) has levied a substantial €91 million fine against Meta Platforms Ireland Limited (MPIL), a subsidiary of Meta Platforms, Inc. The decision, announced on September 27, 2024, marks the culmination of an extensive investigation that commenced in April 2019, following MPIL's disclosure of a critical security oversight involving the storage of user passwords in plaintext format within its internal systems.

Ancestry and genetics-testing company 23andMe has reached a $30 million settlement agreement in response to a class-action lawsuit stemming from a data breach that occurred last year. The settlement, which is still pending judicial approval, addresses the company's handling of a security incident that impacted millions of users.

The European Union Agency for Cybersecurity (ENISA) has officially launched the 2024 edition of ‘Threathunt 2030,’ a pivotal conference dedicated to anticipating and addressing future cybersecurity threats. Hosted in Athens, this flagship event brings together leading cybersecurity experts, policymakers, and industry stakeholders to explore the evolving landscape of cyber threats and develop strategies to enhance resilience across the EU.

AT&T has agreed to pay a $13 million fine after the Federal Communications Commission (FCC) found the telecommunications giant had improperly shared customer billing information with a vendor to create personalized videos. The company also allegedly failed to ensure that this data was destroyed when no longer needed, which ultimately led to a security breach.

The Hellenic Supervisory Authority (SA) has imposed a fine on Greece's Ministry of Interior following a major leak of expatriates' personal information. The decision, announced on September 13, 2024, comes after a thorough investigation into complaints about unsolicited political communications received by Greek voters living abroad.

France's data protection watchdog, CNIL (Commission Nationale de l'Informatique et des Libertés), has imposed a substantial €800,000 fine on CEGEDIM SANTÉ. The penalty comes as a response to the company's unauthorized processing of sensitive health data, highlighting the growing tension between technological advancement and privacy protection in the medical field.

New York-based facial recognition startup Clearview AI has now accrued fines exceeding $115 million for privacy violations across the European Union and the United Kingdom. The Dutch Data Protection Authority (DPA) has recently imposed a $33.7 million penalty, adding to a series of General Data Protection Regulation (GDPR) compliance issues that date back to 2020.