IT Security & Privacy

New York Attorney General Letitia James and Department of Financial Services (DFS) Superintendent Adrienne Harris have secured $11.3 million in penalties from GEICO and Travelers Insurance. The auto insurers were found to have inadequate data protections, leading to breaches that exposed the personal information of over 120,000 New Yorkers, with some of that data later used to commit unemployment fraud during the COVID-19 pandemic.

Southeast Asia is rapidly emerging as a digital powerhouse, with its booming markets and growing data center infrastructure attracting the attention of global tech giants. But as this region strengthens its digital economy, it’s also tightening its grip on data protection. Countries like Vietnam, Malaysia, and Indonesia are overhauling their data protection laws, which could bring both opportunities and challenges for businesses—especially those looking to expand in these fast-growing markets.

In an era when cyber threats have become as routine as morning coffee, the latest breach targeting T-Mobile and other telecom giants is a stark reminder that some attacks still have the power to shake us. This wasn’t a random smash-and-grab operation; it was a meticulously orchestrated cyber-espionage campaign, reportedly tied to a group of elite hackers, that infiltrated the very backbone of communication networks.

Meta Platforms, Inc. is facing a serious financial and regulatory reckoning in South Korea. In a decisive move, the country’s Personal Information Protection Commission (PIPC) has fined Meta $15.6 million for a series of data privacy violations, including unauthorized handling of sensitive personal data, refusal to grant legitimate data access to users, and a failure to implement necessary security safeguards.

The European Data Protection Board (EDPB) released its first inaugural report today on the EU-U.S. Data Privacy Framework (DPF), following a year-long assessment. The report addresses the Framework's effectiveness in safeguarding EU citizens' data when transferred to the United States. Additionally, the EDPB issued a statement on recommendations concerning law enforcement’s access to personal data, stressing the need for privacy protections.

The February cyberattack on Change Healthcare, now confirmed to have affected a staggering 100 million individuals, is more than a historic breach—it’s a wake-up call for the entire healthcare sector. The U.S. Department of Health and Human Services recently confirmed the scale of this incident, making it one of the most significant exposures of personal health data in U.S. history. The breach shines a harsh light on cybersecurity fundamentals, particularly the overlooked areas of access management, incident response, and third-party risk oversight.

Global data protection authorities have issued a follow-up joint statement highlighting new measures for social media companies to enhance protections for personal information, as mass data scraping continues to pose risks, particularly in the age of artificial intelligence. This latest statement reflects insights from recent discussions between 17 data protection authorities and some of the largest social media platforms, deepening the collaboration initially sparked by a joint statement on data scraping in 2023.