IT Security & Privacy

It’s not every day that the bright lights of Las Vegas dim—not on the Strip itself, but behind the scenes, where ransomware and cyberattacks have been quietly wreaking havoc. MGM Resorts International is now on the hook for a $45 million settlement after two major data breaches in 2019 and 2023 left millions of customers scrambling to secure their personal information. Last week, a federal judge in Nevada gave preliminary approval to the settlement, which aims to bring some measure of relief to affected customers. But does $45 million buy closure for a crisis like this?

In the ever-evolving chess game of cybersecurity, it seems PayPal just lost a knight—or maybe even its queen. The New York State Department of Financial Services (NYDFS) has handed the global financial technology giant a $2 million fine for exposing sensitive customer data, including Social Security Numbers (SSNs), through what regulators describe as glaring cybersecurity lapses.

UnitedHealth has recently confirmed that the February 2024 ransomware attack on its subsidiary, Change Healthcare, compromised the sensitive personal and medical information of approximately 190 million individuals—nearly double the initial estimates. This breach now ranks as the largest medical data breach in U.S. history.

In his final days at the helm, President Joe Biden has issued what could either be interpreted as a parting gift or perhaps a stern directive to the nation—a sweeping executive order aimed at strengthening U.S. cybersecurity. It reflects the ongoing challenges faced by the administration in addressing the volatile and high-stakes world of digital threats.

In a move as timely as a life-saving intervention, the European Union Agency for Cybersecurity, ENISA, has set its sights on strengthening the digital defenses of Europe's healthcare systems. With hospitals and healthcare providers increasingly targeted by cyberattacks, the European Commission's proposed Action Plan for Healthcare Cybersecurity couldn’t be more urgent. ENISA has pledged to collaborate with Member States, healthcare providers, and the wider cybersecurity community to address this pressing challenge.

It’s the kind of scenario that sounds like a privacy nightmare. You’re driving your car, thinking you’re just using a standard service like navigation or emergency assistance, only to later discover that every movement you make—your precise location, your driving behavior—has been quietly tracked and sold without your knowledge or consent. That’s exactly what the Federal Trade Commission (FTC) is accusing General Motors (GM) and its OnStar service of doing.

If you’ve ever felt a pang of anxiety about whether your web hosting service is keeping your data safe, the Federal Trade Commission (FTC) is here to validate those fears. Today, the FTC announced a proposed settlement with GoDaddy, one of the world’s largest web hosting companies, after accusing it of leaving the digital backdoor wide open for cybercriminals—and misleading its customers about the state of its security.