A Baltimore, Maryland-based healthcare organization has agreed to spend nearly $8 million improving and maintaining its data security as "injunctive relief" to settle a class action lawsuit involving two data breaches that affected a total of about 540,000 individuals.
California Gov. Gavin Newsom on Tuesday signed into law two bills containing privacy protections for information related to reproductive health and abortion, in the wake of the Supreme Court's ruling overturning Roe v. Wade. Other states may follow suit.
A congressional deal will ensure the U.S. Food and Drug Administration can continue collecting fees from medical device manufacturers but at the price of dropping increased cybersecurity mandates for the industry. Requiring manufacturers to patch devices had bipartisan support.
The world's largest cryptocurrency trading platform is bankrolling a lawsuit challenging the U.S. Department of the Treasury's sanctions against Tornado Cash. The cryptocurrency mixer is a favored tool of North Korean crypto thieves, who use it to launder stolen funds.
California legislators passed a bill banning companies headquartered in the state that provide "electronic communications services" from providing records, information or other assistance to law enforcement in other states related to investigations of reproductive services, such as abortion.
Applying international laws used for armed conflicts to the cyber domain remains elusive because of a lack of precedent and poor visibility in cyberspace. This uncertainty and a failure to establish rules means cyber law hasn't grown as other legal fields have, a defense expert says.
The U.S. Federal Trade Commission filed a lawsuit against Idaho-based data broker Kochava Inc., alleging the company collects and sells sensitive geolocation data, including information about visits to reproductive health clinics. Kochava's actions are an unfair marketplace practice, the FTC says.
As ransomware continues to pummel organizations left, right and center, two states have responded by banning certain types of ransom payments, and more look set to soon follow suit. But experts warn such bans could have "terrible consequences," leading to costlier and more complicated recovery.
Retailer Sephora has been fined $1.2 million as part of a settlement agreement with California's attorney general, over accusations that it violated the California Consumer Privacy Act by failing to disclose that it was selling customers' data and not honoring their opt-out requests.
Beleaguered spyware vendor NSO Group is attempting to reboot its corporate image by pledging to only sell its wares to NATO member countries, lay off 10% of its workforce and replace its CEO, as it seeks a buyer. But the company, which remains blacklisted by the U.S., faces an uphill battle.
Domain name registrars track domain name owners via "whois" data, which is a crucial tool for investigators combating cybercrime. But Kroll's Alan Brill says that since the EU General Data Protection Regulation went into effect, many registrars no longer publicly share such information, and that's a problem.
Dutch police have arrested a man accused of working as a developer for Tornado Cash. "He is suspected of involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies via the decentralized Ethereum mixing service," Dutch authorities say.
In the latest weekly update, four ISMG editors discuss the breach of customer engagement platform Twilio, a cyberattack on the U.K.'s NHS that has reignited concerns about supply chain security in the healthcare sector, and the U.S. Treasury clamping down on shady cryptocurrency mixers.
A high-ranking employee at Bitcoin Mercantile Exchange, or BitMEX, has pleaded guilty to violating the Bank Secrecy Act, which requires financial institutions to help prevent money laundering. The plea by Gregory Dwyer follows BitMEX's three founders all pleading guilty to the same charge.
The government of India withdrew a long-anticipated personal data protection bill from Parliament. The government of Prime Minister Narendra Modi vowed to instead introduce a comprehensive framework of global standard laws including digital privacy laws