California Privacy Agency Approves Data Broker Regulations to Support Delete Act

The California Privacy Protection Agency (CPPA) Board approved new data broker regulations in line with the Delete Act, requiring brokers to register and enhance transparency. Over 500 data brokers in California must now delete consumers' personal data every 45 days after a deletion request. The regulations redefine broker-consumer relationships, expand the broker category, and raise the registration fee to $6,600 to help fund the law’s implementation. Additionally, the CPPA is developing a system allowing consumers to request data deletion and opt-out through a single platform, set to launch by January 2026. Read more

Trump’s Second Term: Privacy and Surveillance Concerns in Focus

With Donald Trump’s return, privacy and data protection are key concerns. Online surveillance could increase under his administration, particularly around immigration enforcement, as ICE continues monitoring immigrants' social media. State-level reproductive data surveillance may also persist, particularly in restrictive abortion states. Experts, including Alex Southwell and EFF’s India McKinney, suggest that bipartisan challenges will continue stalling a comprehensive U.S. federal privacy law, leaving Americans reliant on VPNs, encrypted apps, and data-conscious practices to protect their privacy. Read more

Hackers Charged in Massive Data Breach Targeting AT&T, Ticketmaster, and More

The U.S. Department of Justice officially charged Alexander Connor Moucka and John Binns, hackers allegedly responsible for stealing 50 billion customer records from AT&T and several other companies. Arrested in Canada and Turkey, respectively, the hackers reportedly accessed sensitive data through infostealer malware and by infiltrating over 100 Snowflake corporate accounts. Breached records include call history, financial data, Social Security numbers, and DEA registration details. The indictment notes that "Victim-2," identified as AT&T, paid a ransom, with the hackers extorting other companies for 36 bitcoin ($2.5 million). Read more

23andMe Settles $30M Data Breach Lawsuit

23andMe has agreed to a $30 million settlement following a data breach affecting about 6.9 million users. The breach, beginning in April 2023, exposed sensitive information, including personal health and ancestry data. Impacted users may qualify for payments up to $10,000 if they faced verifiable hardships from the incident. Certain residents in states with genetic privacy laws may receive $100, while all affected will get three years of Privacy Shield monitoring. The proposed settlement is pending court approval, with application details forthcoming. Read more

Amazon Employee Data Leaked in MOVEit Cyberattack

Amazon has confirmed that employee contact information, such as work emails, phone numbers, and building locations, was leaked due to the 2023 MOVEit cyberattack on a third-party property management vendor. Amazon clarified that no sensitive employee data, like Social Security or financial information, was compromised. This breach is part of a larger MOVEit attack that exploited SQL injection vulnerabilities, impacting around 2,600 organizations worldwide. The threat actor, “Nam3L3ss,” has since claimed to have extensive data from multiple organizations, potentially escalating the risk of phishing and fraud. Read more