IT Security & Privacy

The three European Supervisory Authorities (EBA, EIOPA, and ESMA – collectively known as the ESAs) have announced the establishment of the EU Systemic Cyber Incident Coordination Framework (EU-SCICF). This initiative, rooted in the Digital Operational Resilience Act (DORA), aims to bolster the financial sector’s response to cyber incidents that threaten financial stability by enhancing coordination among financial authorities and other relevant entities within the European Union, as well as with key international actors.

The Wall Street Journal has reported that entertainment giant Disney is facing a significant data breach, with internal communications from its Slack workplace collaboration system leaked online. The breach, claimed by an anonymous hacking group called Nullbulge, reportedly includes discussions about ad campaigns, studio technology, and interview candidates.

Rite Aid Corporation announced today that it has fallen victim to a cybersecurity incident, potentially exposing personal information of customers who made purchases between June 6, 2017, and July 30, 2018. The pharmacy chain, currently trading over-the-counter following its Chapter 11 bankruptcy filing last year, is in the process of notifying affected individuals.

In a significant cybersecurity incident, AT&T has recently disclosed that customer data was illegally downloaded from a third-party cloud platform workspace in April. The telecommunications giant is now working closely with law enforcement to apprehend those responsible for the breach, with at least one person already in custody.

The Swedish Data Protection Authority (IMY) has imposed a fine of 15 million Swedish kronor (approximately 1.3 million EUR) on Avanza Bank AB for violating data protection regulations. The decision comes after a thorough investigation into a data breach that occurred between November 15, 2019, and June 2, 2021.

The Federal Trade Commission (FTC) has taken decisive action against Avast, a prominent software provider known for its antivirus and browser extension products. The finalized order, stemming from charges first announced in February, imposes a dual penalty on the company: a prohibition on selling web browsing data for advertising purposes and a substantial $16.5 million fine.

On June 25, 2024, the California Privacy Protection Agency (CPPA) and France's Commission Nationale de l'Informatique et des Libertés (CNIL) signed a landmark declaration of cooperation in Paris. This agreement aims to strengthen efforts in safeguarding personal information and advancing privacy rights across borders.