IT Security & Privacy

The European Union Agency for Cybersecurity (ENISA) has officially launched the 2024 edition of ‘Threathunt 2030,’ a pivotal conference dedicated to anticipating and addressing future cybersecurity threats. Hosted in Athens, this flagship event brings together leading cybersecurity experts, policymakers, and industry stakeholders to explore the evolving landscape of cyber threats and develop strategies to enhance resilience across the EU.

AT&T has agreed to pay a $13 million fine after the Federal Communications Commission (FCC) found the telecommunications giant had improperly shared customer billing information with a vendor to create personalized videos. The company also allegedly failed to ensure that this data was destroyed when no longer needed, which ultimately led to a security breach.

The Hellenic Supervisory Authority (SA) has imposed a fine on Greece's Ministry of Interior following a major leak of expatriates' personal information. The decision, announced on September 13, 2024, comes after a thorough investigation into complaints about unsolicited political communications received by Greek voters living abroad.

France's data protection watchdog, CNIL (Commission Nationale de l'Informatique et des Libertés), has imposed a substantial €800,000 fine on CEGEDIM SANTÉ. The penalty comes as a response to the company's unauthorized processing of sensitive health data, highlighting the growing tension between technological advancement and privacy protection in the medical field.

New York-based facial recognition startup Clearview AI has now accrued fines exceeding $115 million for privacy violations across the European Union and the United Kingdom. The Dutch Data Protection Authority (DPA) has recently imposed a $33.7 million penalty, adding to a series of General Data Protection Regulation (GDPR) compliance issues that date back to 2020.

The Swedish Data Protection Authority (IMY) has recently imposed penalties on Apoteket AB and Apohem AB, totaling SEK 37 million (€3.2 million) and SEK 8 million (€698,000), respectively. These fines come after an investigation revealed that both companies used Meta's Pixel tool inappropriately, resulting in the unauthorized transfer of privacy-sensitive personal data to Meta’s advertising platforms.

The recent data breach at the Centers for Medicare & Medicaid Services (CMS), which compromised the personal information of nearly one million Medicare beneficiaries, serves as a powerful reminder of the serious cybersecurity, governance, risk management, and compliance (GRC) challenges facing organizations in today's digital landscape. The breach, stemming from a vulnerability in third-party software (MOVEit) has exposed significant gaps in vendor management, IT security, and regulatory compliance.