For Allianz Life, July ended with a gut punch. The U.S. insurance giant admitted that hackers had slipped into one of its cloud-stored customer databases and made off with personal details belonging to most of its 1.4 million customers. The company didn’t say exactly how many were hit, but the independent breach notification site Have I Been Pwned filled in the blank this week: 1.1 million.
The New York State Department of Financial Services (DFS) has reached a $2 million settlement with Healthplex after finding the dental insurance management company violated the state’s cybersecurity regulation, enabling a late-2021 phishing attack that compromised sensitive personal and health information for tens of thousands of consumers.
Since the EU’s Digital Operational Resilience Act (DORA) took effect on January 17, 2025, financial entities across Europe have been working to align with its far-reaching operational resilience and ICT security rules. Now, Germany’s Federal Financial Supervisory Authority (BaFin) has stepped in with a tool designed to make one of DORA’s more challenging elements (documentation requirements) easier to grasp.
The California Privacy Protection Agency (CPPA) has taken the unusual step of going to court to enforce an investigative subpoena against Tractor Supply Company, marking the agency’s first public disclosure of an ongoing investigation and its first judicial action to compel compliance with an investigative request.
It all starts with a phone call. Not a suspicious link. Not malware. Just a convincing voice on the other end of the line, claiming to be IT support. Before long, a well-meaning employee is clicking through a Salesforce setup page and, unwittingly, handing over the keys to their company’s data kingdom.
In Norman Marks’ latest piece, he dives into the persistent misconception that cyber risk stands apart from broader business concerns. Drawing on timeless advice from former Protiviti executive Ed Hill and tying in new findings from Qualys’ 2025 cyber risk report, Marks makes the case for breaking down silos and treating cyber as just one of many risks competing for limited resources and executive attention.
In an abrupt course correction, OpenAI has pulled the plug on a controversial ChatGPT feature that allowed users to publicly share conversations—after discovering that some of those shared chats were being indexed by Google and turning up in search results.