GRC Report Staff

Ransomware has never been more costly. That’s the message from a new Financial Trend Analysis released Wednesday by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), which found that attackers drained more than $2.1 billion from victims between 2022 and 2024. The report examines ransomware activity by the date of each incident, offering the clearest look yet at how aggressively cybercriminals have scaled their extortion campaigns.

Australia’s corporate watchdog is urging companies to do more to protect employees who raise the alarm on misconduct, after uncovering major inconsistencies in the way whistleblower programs are being implemented across the country. A new benchmarking review assessed 134 entities across 18 industries. This review builds on several years of work focused on strengthening Australian whistleblower protections.

Poland’s competition regulator has issued a big enforcement decision against the country’s largest supermarket chain, Biedronka, after finding that the retailer misled customers with its widely advertised “100% moneyback as a voucher” promotions.

The European Commission has updated its list of high-risk jurisdictions that pose strategic threats to the integrity of the EU financial system due to shortcomings in anti-money laundering and counter-terrorist financing (AML/CFT) regimes. Bolivia and the British Virgin Islands are the latest to join the list, meaning banks and other EU-regulated entities must apply enhanced vigilance to any dealings connected to those jurisdictions.

The U.S. Treasury is intensifying its effort to choke off any remaining financial lifelines available to sanctioned Russian elites, and American firms are increasingly in the crosshairs. This week, the Department’s Office of Foreign Assets Control (OFAC) unveiled two separate enforcement actions totaling more than $18 million, signaling that even indirect or obscured connections to Kremlin-aligned wealth will draw scrutiny.

The Information Commissioner’s Office (ICO) has issued a formal reprimand to Post Office Limited after its communications team mistakenly uploaded an un-redacted legal settlement document to the organization’s corporate website. The file (containing the names, home addresses, and postmaster status of 502 individuals involved in the landmark group litigation) was left publicly accessible for nearly eight weeks between April and June 2024.

South Korea’s data protection watchdog says Starbucks and its third-party auditor mishandled workers’ personal data and now both companies are being ordered to fix it. The Personal Information Protection Commission (PIPC) resolved to issue correction orders and compliance recommendations to Starbucks Corporation and Elevate Hong Kong Holdings Limited, following a probe into how the two handled personal information linked to Starbucks’ Ethical Sourcing Program in Korea.