IT Security & Privacy

Imagine this: a critical government agency, armed with some of the most robust cyber defenses money can buy, finds itself outflanked—not through the front gates, but by a side door left ajar by a trusted partner. This isn’t the plot of a Hollywood thriller; it’s the reality facing the U.S. Treasury Department after Chinese state-sponsored hackers breached its defenses by exploiting a vulnerability in third-party software.

a security oversight at Volkswagen’s subsidiary, Cariad, has exposed highly sensitive data on 800,000 Volkswagen owners across Europe. The breach isn’t just a numbers game; it’s a chilling look at how deeply our personal lives are intertwined with technology—and how vulnerable we’ve become to breaches of that intimacy.

The Federal Trade Commission (FTC) announced today that it has issued an order requiring Marriott International, Inc. and Starwood Hotels & Resorts Worldwide LLC, a subsidiary of Marriott, to implement more robust data security programs.

Starting January 1, 2025, doing business in California gets a little pricier—at least for those caught slipping on privacy compliance. The California Privacy Protection Agency (CPPA) has announced higher fines and updated thresholds under the California Consumer Privacy Act (CCPA). These changes, tied to inflation and the Consumer Price Index (CPI), mark a biannual adjustment aimed at keeping penalties relevant and impactful in an evolving regulatory landscape.

In a recent decision by the French data protection authority (CNIL), KASPR, a company known for its data scraping practices, has been fined €240,000 for violating the General Data Protection Regulation (GDPR). The fine comes after KASPR’s controversial method of collecting personal contact details from LinkedIn users, even those who had specifically chosen to limit their visibility.

Meta Platforms Ireland Limited (MPIL) is ending the year with a hefty €251 million fine from the Irish Data Protection Commission (DPC). The penalty stems from a 2018 data breach that laid bare the personal information of 29 million Facebook users worldwide—3 million of them in the EU/EEA.

ParkMobile recently reached a $32.8 million settlement over a data breach that affected 21 million users. This breach, which happened back in 2021, is a reminder of how much more needs to be done to protect our personal data, even with widely used platforms. For anyone working in IT security or risk management, this case raises some serious red flags about how we’re securing sensitive information.