FCC Urges Stronger Cybersecurity After Salt Typhoon Hack

The Federal Communications Commission (FCC) has called for updated telecom cybersecurity regulations following the Salt Typhoon hack, a cyber espionage operation linked to China. The hackers infiltrated at least eight U.S. telecom companies, accessing metadata like call records and geolocation data of Americans, including senior government officials. The FCC proposes annual risk management certifications for telecom companies to prevent similar breaches. U.S. intelligence agencies are assessing the full impact of the hack, while China has denied involvement. A Senate subcommittee hearing on the vulnerabilities of U.S. telecom networks is scheduled for next week. Read more

CFPB Proposes Rules to Regulate Data Brokers’ Sale of Personal Data

The Consumer Financial Protection Bureau (CFPB) has proposed new rules to regulate data brokers selling personal financial data, requiring compliance with credit reporting laws. The proposal seeks to prevent misuse of data, ensure accuracy, and grant consumers access to their own information. CFPB highlighted risks such as espionage, scams, and targeting of vulnerable individuals. This proposal stems from broader concerns about personal data use and follows cases where misuse of data had severe consequences. Public comments are open until March 2025. Read more

Data Breach Leads to Closure of National Public Data

National Public Data, a data broker, has shut down after a breach exposed 2.9 billion sensitive records of 170 million individuals. The breach, initiated by a hacker known as USDoD, led to the leak and sale of data online, including Social Security numbers and addresses. Parent company Jerico Pictures faces lawsuits after its bankruptcy filing was dismissed. USDoD, arrested in Brazil, is linked to other high-profile breaches, including the FBI's InfraGard portal. The breach has reignited scrutiny of the lightly regulated data broker industry, with proposed rules by the CFPB aiming to limit the sale of personal data. Read more

Class-Action Lawsuit Against Target Over Biometric Data Collection Moves Forward

A federal judge has allowed a class-action lawsuit against Target to proceed, alleging violations of the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs claim Target used facial recognition technology in Illinois stores to collect biometric data without customer consent or notification. The lawsuit seeks damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation. The judge denied Target’s motion to dismiss, citing substantive claims of improper data collection. The case underscores rising privacy concerns and legal risks associated with biometric surveillance technologies. Read more

FTC Bans Data Brokers Gravy Analytics and Mobilewalla Over Privacy Violations

The FTC has barred Gravy Analytics, its subsidiary Venntel, and Mobilewalla from collecting, using, or selling sensitive location data linked to visits to places like healthcare facilities and military bases. The settlement mandates deletion of previously collected data and stricter controls on future data use. The companies were accused of collecting location data without user consent and selling it to third parties, including advertisers and government agencies. Public comments on the settlement remain open for 30 days. This action reflects increased regulatory scrutiny of data brokers. Read more