FTC Introduces Right to Be Forgotten in Marriott Data Breach Settlement

The U.S. Federal Trade Commission's tentative settlement with Marriott-Starwood, announced on 9 Oct., introduces a "right to be forgotten" provision for customers impacted by the data breach. The settlement includes systematic deletion of personal data no longer necessary for its original purpose, a requirement in previous FTC cases. This is the first time the FTC has mandated providing customers with a link to request deletion of personal data tied to email addresses or loyalty account numbers, applicable for 20 years. This aligns with similar rights under the California Consumer Privacy Act and the EU General Data Protection Regulation. Read more

Cisco Investigates Possible Data Breach Following Sale on BreachForums

Cisco is investigating claims of a data breach after threat actor IntelBroker posted on BreachForums offering to sell sensitive data allegedly stolen from the company on June 10, 2024. The data reportedly includes source code, credentials, confidential documents, API tokens, and more. IntelBroker has shared a small sample but did not reveal breach details. Cisco acknowledged the reports and is assessing the situation. IntelBroker has previously leaked data from other major companies like T-Mobile and AMD. Read more

Comcast Data Breach Linked to FBCS Ransomware Attack

Comcast reported a data breach affecting over 230,000 customers due to a ransomware attack on its former debt collection agency, FBCS. Initially denied in March 2024, FBCS confirmed the breach in July, with compromised data including names, addresses, Social Security numbers, and Comcast account details. The February attack also impacted over 4 million individuals, including those from CF Medical and Truist Bank, exposing sensitive information like health and financial records. Comcast ceased using FBCS services in 2020. Read more

California Expands CCPA to Protect Neural Data Privacy

California has expanded the California Consumer Privacy Act (CCPA) to include neural data as sensitive personal information, granting consumers control over the collection, deletion, and correction of their brain activity data. Signed into law by Governor Gavin Newsom on September 28, 2024, the bill prohibits companies from selling or sharing neural data without consent. The law addresses concerns over unregulated neurotechnology, with industry feedback narrowing its scope. Experts welcome the new protections but warn of ambiguities in defining neural data and its inferences. Read more

Nebula Genomics Sued Over Genetic Privacy Violations in Illinois

Nebula Genomics is facing a proposed class action lawsuit in Chicago for allegedly violating Illinois’ Genetic Information Privacy Act by sharing genetic data with Meta, Microsoft, and Google without written consent. The lawsuit claims these tech companies benefited by using the data to enhance user profiles for advertising purposes. Google denied using sensitive information for ads, while Meta and Microsoft have yet to comment. The suit, filed by an Illinois resident, seeks class-action status and over $5 million in damages. Read more