Brazil’s ANPD Issues Security Incident Communication Regulation

Brazil's data protection authority, ANPD, released a regulation detailing mandatory notification processes for security incidents under the LGPD. The regulation defines incidents as events compromising data confidentiality, integrity, or availability and requires notification if risks to data subjects are significant. Controllers must inform ANPD and affected individuals within three business days, detailing the incident's scope, affected data, and mitigation steps. The ANPD may request additional documentation and can mandate public disclosure in severe cases. Organizations must also maintain a five-year register of incidents, including those not requiring notification. Read more

Major Healthcare Data Breach Exposes Sensitive Information of 500,000 Individuals

Hackers breached the databases of the Center for Vein Restoration (CVR), exposing personal and medical data of nearly 500,000 individuals. CVR, headquartered in Maryland, detected unusual activity on October 6, 2023. Exposed data includes Social Security numbers, medical records, diagnoses, treatment details, and financial information. The breach highlights risks tied to healthcare data leaks, which can lead to identity theft and targeted phishing scams. Victims are advised to monitor accounts, enable two-factor authentication, and consider identity theft protection. Read more

Meta Fined €251 Million Over Facebook Data Breach

The Irish Data Protection Commission fined Meta €251 million for a Facebook data breach affecting 29 million accounts globally, including 3 million in the EU/EEA. Reported in 2018, the breach exposed sensitive data like names, emails, phone numbers, and personal details due to exploitation of user tokens. Meta resolved the breach shortly after its discovery. The decision included reprimands and emphasized the risks of failing to integrate data protection in platform design. Read more

Cyberattack on Rhode Island Assistance Portal Exposes Sensitive Data

Hackers targeted RIBridges, Rhode Island's online portal for social services, compromising data from programs like SNAP, Medicaid, and HealthSource RI. The breach may affect hundreds of thousands of applicants since 2016, exposing sensitive details such as Social Security and bank account numbers. Deloitte, the system's vendor, detected malicious code on Dec. 13 and shut the system down to mitigate risks. Hackers demanded payment but did not deploy ransomware. Impacted individuals will be notified and offered free credit monitoring. Read more