GRC Report Staff

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a warning to organizations regarding a potential unauthorized access incident involving a legacy Oracle cloud environment. While the full scope of the breach remains somewhat unclear at this time, CISA has expressed concern about the exposure of sensitive credential materials, such as usernames, passwords, authentication tokens, and encryption keys. If these credentials are compromised, the risks to organizations could be significant, especially if they are reused across multiple systems or embedded in code and automation tools.

Europe has been quietly re-engineering the rules of resilience. A few years ago, the Critical Entities Resilience Directive (CER) officially entered into force, marking a watershed moment for how the EU approaches the safeguarding of essential services across borders and sectors.

The Federal Trade Commission (FTC) has filed a lawsuit against Uber, accusing the ridesharing giant of misleading consumers with its Uber One subscription service. The complaint, which was filed today, claims that Uber signed up customers for its paid service without their consent, charged them for benefits that didn’t quite add up, and made it nearly impossible to cancel once they realized the service wasn’t what they were promised.

The Walgreens Boots Alliance has agreed to pay up to $350 million to resolve claims that it played a major role in the opioid epidemic by filling millions of unlawful prescriptions. The U.S. Department of Justice (DOJ), in collaboration with the Drug Enforcement Administration (DEA) and the Department of Health and Human Services (HHS-OIG), reached the agreement with Walgreens, accusing the pharmacy giant of failing to uphold its legal responsibilities when dispensing dangerous controlled substances.

The Personal Information Protection Commission (PIPC) has stepped up its enforcement efforts, issuing penalties to two companies, CLASSU Inc. and KT alpha—following serious data protection failures. This action demonstrates a significant move in South Korea's ongoing battle to enforce privacy laws and push companies toward better safeguarding their users' data.

In a move that will surely be welcomed by businesses throughout the European Union (EU), the European Commission has announced new measures to simplify the implementation of the EU Deforestation Regulation (EUDR), reducing the burden on operators and traders while maintaining the regulation's environmental goals. As the EUDR is set to fully come into force at the end of this year, these changes aim to make compliance easier without sacrificing the core focus: tackling deforestation, climate change, and biodiversity loss.

The European Supervisory Authorities (ESAs) have released their 2024 annual report, offering a detailed overview of their work across key areas of financial regulation, from joint risk assessments to sustainable finance and digital resilience. Throughout 2024, the ESAs’ Joint Committee (JC) focused on assessing cross-sectoral risks to financial stability, producing two significant reports, one in Spring and another in Autumn.