IT Security & Privacy

The Danish Data Protection Agency (DPA) has introduced two new IT security measures to its catalogue, aiming to prevent security breaches linked to hacking. The changes are in response to the growing number of incidents caused by malicious activities, particularly involving IoT (Internet of Things) devices. Walther Starup-Jensen, an IT security consultant at the DPA, emphasized that while these measures may not be revolutionary, they are crucial in addressing the vulnerabilities that lead to many avoidable breaches.

Recently, the French Data Protection Authority (CNIL) handed down a €900,000 fine to Solocal Marketing Services, accusing the company of mishandling personal data for commercial prospecting campaigns. The fine stems from Solocal's failure to secure proper consent from individuals and its unauthorized sharing of this data with third parties.

GoDaddy has finalized a settlement with the Federal Trade Commission (FTC) after the company faced allegations of failing to properly secure its customers’ websites and sensitive data. The FTC's investigation, which began in January 2025, highlighted that despite GoDaddy's claims of offering “award-winning security,” the company neglected basic data protection practices that left its users vulnerable to cyber threats.

The Personal Information Protection Commission (PIPC) has delivered a blow to Temu, the popular online marketplace platform, by sanctioning the company for serious violations related to cross-border data transfers and other mishandling of personal data. This action, taken after a thorough investigation, comes with financial penalties and several corrective orders aimed at restoring compliance with South Korea’s Personal Information Protection Act (PIPA).

Coinbase is facing a wave of lawsuits and potential losses approaching half a billion dollars after disclosing a significant cybersecurity incident tied to insider misconduct. According to a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC), the crypto exchange revealed that several outsourced customer support agents, based outside the U.S., had been bribed by an unknown threat actor to leak internal customer information.

The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a new initiative aimed at enhancing cybersecurity resilience across the EU. This database, operational as of now, provides consolidated, reliable information about vulnerabilities in Information and Communication Technology (ICT) products and services, as mandated by the NIS2 Directive. The goal is to improve transparency and allow organizations to better address and manage cybersecurity risks.

The year 2024 will go down in history as a record-breaking one for data breaches in Australia, with over 1,100 incidents reported to the Office of the Australian Information Commissioner (OAIC), the highest number since the country introduced mandatory data breach notifications back in 2018. This surge signals a growing concern for Australians' privacy, with a 25% increase from the previous year’s numbers.