IT Security & Privacy

Ransomware has never been more costly. That’s the message from a new Financial Trend Analysis released Wednesday by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), which found that attackers drained more than $2.1 billion from victims between 2022 and 2024. The report examines ransomware activity by the date of each incident, offering the clearest look yet at how aggressively cybercriminals have scaled their extortion campaigns.

The Information Commissioner’s Office (ICO) has issued a formal reprimand to Post Office Limited after its communications team mistakenly uploaded an un-redacted legal settlement document to the organization’s corporate website. The file (containing the names, home addresses, and postmaster status of 502 individuals involved in the landmark group litigation) was left publicly accessible for nearly eight weeks between April and June 2024.

American Express has landed in the crosshairs of France’s data protection regulator, which says the company repeatedly ignored rules that give internet users control over how they’re tracked online.

The Federal Trade Commission is taking action against Illuminate Education after investigators found the popular school software provider failed to secure sensitive student records, a lapse that led to a major hack affecting more than 10 million children across the United States.

The Federal Communications Commission is reversing a cybersecurity action it took earlier this year, pulling back a Declaratory Ruling that the agency now says misread federal law and would not have made U.S. networks any safer. The FCC also withdrew a related rule-making proposal built on that same interpretation.

California’s privacy regulator is sharpening its focus on the data broker industry, creating a new enforcement strike force to investigate how companies collect, sell, and manage personal information across the state. The effort marks one of the agency’s most concentrated pushes yet to bring more visibility, and accountability, to a sector often operating out of public sight.

DoorDash has disclosed a data breach after a social engineering scam tricked one of its employees, allowing an unauthorized party to access user information across its platform. The company says the exposed data included names, email addresses, phone numbers, and physical addresses, though it declined to say how many people were affected.