U.S. Congress Nears Reforms to Youth Privacy Standards

Both the Kids Online Safety Act (KOSA) and the Children and Teens' Online Privacy Protection Act (COPPA 2.0) passed out of the House Committee on Energy and Commerce, moving closer to final approval. The Senate passed both bills in July, with House legislators and President Biden the final hurdles to passage. While COPPA 2.0 faces less opposition, KOSA continues to encounter challenges from civil society groups and House Republican leadership. COPPA 2.0 introduces a three-tiered knowledge standard, with stricter rules for large social media companies. Read more

Dell Investigates Alleged Data Breach Exposing Employee Information

Dell is investigating claims of a data breach that allegedly exposed sensitive information of over 10,800 employees. A hacker, known as 'grep', posted on a dark web forum offering the data for sale, which reportedly includes employee IDs, names, and internal statuses. Some of the data is being offered for free, with the full set available for purchase. Dell has not yet confirmed the authenticity of the breach but acknowledged the ongoing investigation. This incident raises concerns about potential phishing attacks and other cybersecurity risks. Read more

Over 14 million Patients Impacted by Malware Attacks on US Healthcare in 2024

SonicWall reports that over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations in 2024. Ransomware accounts for 91% of these breaches, with attackers targeting sensitive patient data to extort ransom payments. Healthcare's adoption of digital tools and platforms has expanded its attack surface, enabling the exploitation of vulnerabilities like ProxyShell and Citrix Bleed. The report highlights healthcare organizations' vulnerability due to their reliance on Microsoft Exchange and other critical systems, often resulting in ransom payments to restore services quickly. Read more

MC2 Data Leak Exposes Personal Information of Over 100 million US Citizens

Cybersecurity researchers discovered a significant data breach at background check company MC2 Data, exposing 106 million records. The firm left 2.2 terabytes of personal data unprotected on the web, due to what is believed to be human error. MC2 Data owns several background check websites, and the leaked information includes names, emails, encrypted passwords, and partial payment information. The breach affects both users of MC2's services and individuals undergoing background checks. MC2 has not yet responded to inquiries about the incident. Read more

Disney Shifts to Microsoft Teams After Data Breach Exposes 1.1TB of Sensitive Information

Disney is transitioning from Slack to Microsoft Teams after a July 2024 data breach, in which 1.1TB of sensitive information was leaked by hacktivist group NullBulge. The breach exposed internal communications, project details, and employee data from Slack channels dating back to 2019. Disney plans to complete the transition by Q2 2025, citing cybersecurity concerns. Despite staff concerns about cost-cutting and potential technical challenges, the company continues with the migration to Teams, which offers end-to-end encryption. Read more