GRC Report Staff

Another day, another data breach—this time, it's Grubhub in the hot seat. The food delivery giant has disclosed a cybersecurity incident that compromised sensitive information belonging to customers, merchants, and drivers. The breach, linked to a third-party service provider, raises pressing concerns about supply chain security in the gig economy and highlights yet again how cybercriminals continue to exploit vulnerabilities in widely used platforms.

28 ESG evaluation and data providers have now formally endorsed the "Code of Conduct for ESG Evaluation and Data Providers" as of December 31, 2024. This voluntary code, introduced by the Japanese Financial Services Agency (FSA) on December 15, 2022, is part of a broader effort to standardize and improve the transparency of ESG data and evaluation practices across the industry.

In August 2024, the European Union took a big step toward governing one of the most transformative technologies of our time by formally enacting the EU AI Act—the world’s first comprehensive regulatory framework for artificial intelligence. Now, as of Sunday, a critical deadline has passed, setting into motion provisions that are set to reshape how businesses develop and deploy AI.

European insurers might not be in the eye of the storm, but they’re certainly navigating some choppy waters. The European Insurance and Occupational Pensions Authority (EIOPA) just released its latest Insurance Risk Dashboard, offering a snapshot of an industry that’s stable—at least for now—but not without its fair share of concerns. Market volatility and real estate price swings continue to cast shadows over an otherwise steady outlook, with liquidity and funding conditions tightening just enough to keep insurers alert.

For a company that prides itself on transparency, Wise just got caught with its hands in the cookie jar. The Consumer Financial Protection Bureau (CFPB) has ordered the international remittance giant to shell out nearly $2.5 million in penalties for misleading customers about fees and failing to provide legally required disclosures. That total includes $450,000 in reimbursements to harmed consumers and a hefty $2.025 million fine.

The United States Department of Justice (DOJ) announced yesterday that it is suing Hewlett Packard Enterprise (HPE) to block its proposed $14 billion acquisition of Juniper Networks, a rival provider of wireless local area network (WLAN) technology. HPE and Juniper are the second and third-largest enterprise-grade WLAN providers in the U.S.

If there’s one thing we’ve learned in the AI gold rush, it’s that innovation often outpaces security. Case in point, DeepSeek, a rising star in the AI space, just found itself in the hot seat after a major security lapse exposed a publicly accessible database filled with sensitive information. And when we say sensitive, we’re talking chat logs, API keys, backend details—essentially, the crown jewels of its operation.