Hackers have compromised a third-party supplier of Harrods, exposing 430,000 customer records with sensitive e-commerce information, the luxury retailer confirmed after reports first surfaced in major UK media outlets.
California has finalized a new set of privacy regulations that expand requirements for cybersecurity audits, risk assessments, and the use of automated decisionmaking technology (ADMT). The California Privacy Protection Agency (CPPA) confirmed on September 23 that the Office of Administrative Law has approved the rules, concluding years of debate and public input.
New Zealand has passed the Privacy Amendment Act, introducing new obligations designed to give citizens greater clarity over how their personal information is collected and used. Privacy Commissioner Michael Webster said the reform will align the country’s framework more closely with international standards while helping New Zealanders better exercise their privacy rights.
The BBC first reported that a ransomware attack against Collins Aerospace’s airport software has forced check-in and boarding systems offline across several of Europe’s busiest airports, leaving airlines to rely on manual workarounds.
Kmart’s experiment with high-tech fraud prevention has backfired. Australia’s Privacy Commissioner has ruled that the retailer unlawfully harvested shoppers’ biometric data in its attempt to stop refund fraud, a decision that places facial recognition technology under fresh scrutiny in the retail sector.
Millions of customers of luxury fashion houses Gucci, Balenciaga, and Alexander McQueen may have had their personal details compromised after a cyberattack targeting their parent company, Kering, according to a report from the BBC.
The European Data Protection Board (EDPB) has adopted its first set of guidelines clarifying how the EU’s General Data Protection Regulation (GDPR) aligns with obligations under the Digital Services Act (DSA). The move marks a significant step in creating a coherent digital rulebook across the European Union.