Gravy Analytics Data Breach Exposes Millions of Location Records

A hacker breached Gravy Analytics, a US-based data location broker, compromising 30 million location records, including sensitive areas like government buildings and military bases. The leaked location data also includes user movements from popular apps like Tinder, Spotify, and Candy Crush. Gravy Analytics' parent company, Unacast, confirmed the breach, impacting over 146,000 Norwegian mobile devices. The hacker claims to possess 10 TB of location history. The breach highlights risks of data brokers collecting sensitive information, emphasizing the importance of protecting online identity and regularly reviewing app permissions. European authorities have initiated a data breach investigation report into the incident. Read more

Biden Issues Executive Order on Cybersecurity Before Leaving Office

President Joe Biden has signed a comprehensive executive order on cybersecurity, outlining over 50 actions for federal agencies. The order builds on existing measures to enhance software security, cloud computing, quantum-resistant encryption, and AI security. It tasks agencies with improving software supply chain security, implementing quantum-proof encryption, and developing secure digital identity systems. The order also empowers CISA with more access to agency data for threat detection and strengthens federal government cybersecurity. Consumer IoT products will need to meet specific standards by 2027. Its implementation under the incoming administration remains uncertain. Read more

Trump grants Tik Tok Temporary Reprieve Amid US Ban Threat

President Donald Trump signed an executive order granting TikTok a 75-day extension to resolve TikTok national security concerns. ByteDance, TikTok's parent company, faces pressure to divest its US operations, with American ownership proposed as a potential solution to avoid a potential TikTok ban in the US. Trump suggested tariffs as leverage to push China toward approving a deal. The Chinese government remains hesitant about foreign control over TikTok, citing concerns about app privacy data and location data management. ByteDance has resisted TikTok divestiture, while various buyers, including Amazon and Elon Musk, are under consideration. Republican leaders demand full separation from Chinese ownership to secure TikTok's future in the US. Read more

Campbell County Schools Hit by Ransomware Attack

Campbell County Schools in Northern Kentucky confirmed a ransomware attack affecting its local servers and devices. Files were removed without authorization, with potential online publication. The district is investigating the incident as part of a broader data breach investigation report and will notify impacted individuals per legal requirements. This marks the first successful ransomware attack on a Kentucky K-12 district in 30 years, according to David Couch of the Kentucky Department of Education. The attack underscores the need for cybersecurity master programs to safeguard educational institutions. Statewide cloud-based systems remain unaffected, despite a rise in cyberattacks targeting software supply chain security in the education sector. Read more

Data Breach Exposes 3 Billion Individuals’ Information, Lawsuit Claims

Jerico Pictures Inc., operating as National Public Data, is facing a proposed class action after allegedly exposing the personal information of nearly 3 billion individuals in an April data breach. The cybercriminal group USDoD reportedly listed the database for sale on a dark web forum for $3.5 million. The breach includes Social Security numbers, location data, and family information spanning decades. Plaintiff Christopher Hofmann claims negligence and seeks data purging, encryption, and enhanced cybersecurity measures. National Public Data has not commented on the allegations. Read more