The New York State Department of Financial Services (DFS) has reached a $2 million settlement with Healthplex after finding the dental insurance management company violated the state’s cybersecurity regulation, enabling a late-2021 phishing attack that compromised sensitive personal and health information for tens of thousands of consumers.
Since the EU’s Digital Operational Resilience Act (DORA) took effect on January 17, 2025, financial entities across Europe have been working to align with its far-reaching operational resilience and ICT security rules. Now, Germany’s Federal Financial Supervisory Authority (BaFin) has stepped in with a tool designed to make one of DORA’s more challenging elements (documentation requirements) easier to grasp.
The California Privacy Protection Agency (CPPA) has taken the unusual step of going to court to enforce an investigative subpoena against Tractor Supply Company, marking the agency’s first public disclosure of an ongoing investigation and its first judicial action to compel compliance with an investigative request.
It all starts with a phone call. Not a suspicious link. Not malware. Just a convincing voice on the other end of the line, claiming to be IT support. Before long, a well-meaning employee is clicking through a Salesforce setup page and, unwittingly, handing over the keys to their company’s data kingdom.
In Norman Marks’ latest piece, he dives into the persistent misconception that cyber risk stands apart from broader business concerns. Drawing on timeless advice from former Protiviti executive Ed Hill and tying in new findings from Qualys’ 2025 cyber risk report, Marks makes the case for breaking down silos and treating cyber as just one of many risks competing for limited resources and executive attention.
In an abrupt course correction, OpenAI has pulled the plug on a controversial ChatGPT feature that allowed users to publicly share conversations—after discovering that some of those shared chats were being indexed by Google and turning up in search results.
Genomic sequencing giant, Illumina, has agreed to pay $9.8 million to resolve allegations that it sold systems with serious cybersecurity vulnerabilities to U.S. federal agencies, the Justice Department announced Thursday.