IT Security & Privacy

Advanced Computer Software Group Ltd (Advanced) has been slapped with a £3.07 million fine following a ransomware attack that compromised the personal data of 79,404 individuals. The fine comes after the company’s health and care subsidiary failed to implement sufficient security measures, leaving their systems vulnerable to a cyberattack that had widespread repercussions for critical healthcare services.

MORSE Corp, a defense contractor based in Cambridge, Massachusetts, has agreed to pay $4.6 million to settle allegations related to cybersecurity failures in its contracts with the U.S. Army and Air Force. The settlement comes after claims that the company submitted false payment requests despite knowing it had not met the necessary cybersecurity standards required by these contracts.

The Danish Data Protection Authority (Datatilsynet) has just dropped its annual report for 2024, offering a peek behind the curtain at what the agency has been up to, what it's accomplished, and what lies ahead. It's a mix of victories, learning moments, and the usual data protection headaches we’ve all come to know in this ever-evolving digital world.

Over the weekend, DNA testing giant 23andMe made a staggering announcement that it was filing for Chapter 11 bankruptcy. While the company has certainly faced its fair share of challenges, the core issue here is far from just bad business decisions. At the heart of this struggle lies the fallout from a devastating data breach, which serves as a painful reminder of just how costly cybersecurity risks can be.

The Personal Information Protection Commission (PIPC) of South Korea has penalized Modetour Network Inc. for mishandling a major data breach. The commission’s ruling, announced on March 12, 2025, includes a hefty fine of KRW 747 million (roughly $521,275), along with a KRW 10.2 million ($7,022) fine for additional wrongdoings, making it clear that the company’s failure to protect sensitive customer data will not go unpunished.

In a letter to its customers, Bank of America has revealed a security incident that might have affected sensitive personal data. The incident, which occurred on December 30, 2024, is tied to a third-party vendor responsible for shredding documents. According to the bank, the vendor didn’t secure certain documents properly during transport, and some of those documents were discovered outside a financial center. While it’s unclear whether any individual customer’s documents were directly involved, the bank is erring on the side of caution and notifying those who could be impacted.

Users of the social media site X experienced outages on Monday morning, continuing into the afternoon. They encountered issues with logging in, viewing posts and profiles, and loading images. According to Downdetector, an outage tracking site, reports of disruptions began to emerge in the early morning EST. Three additional spikes in outages were recorded throughout the day. The number of reports started to decline steadily around 2:30 p.m. ET, and the site largely returned to normal functionality.