The FTC has for the first time enforced its almost 14-year-old health data breach notification rule. It hit a telehealth and prescription drug discount provider with a $1.5 million civil penalty for failing to inform consumers that it shares their data with advertisers and other third parties.
JD Sports, a sports fashion retailer with global operations, says personal details pertaining to about 10 million online customers of JD Sports and its Size?, Millets, Blacks, Scotts and MilletSport brands from 2018 to 2020 have been stolen by attackers and warns customers to beware of scammers.
The Dutch central bank fined Coinbase 3.3 million euros, saying the U.S. cryptocurrency exchange failed to comply with the national anti-money laundering statute. Since May 2020, Dutch law has required crypto companies operating in the Netherlands to register as money transmitters.
A review of internet of things manufacturers by Copper Horse shows that European companies fared the worst in having vulnerability disclosure policies. The European Commission has proposed legislation known as the Cyber Resilience Act that would make vulnerability disclosure policies mandatory.
Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka. This has spurred a push for clients to confirm what they're purchasing and how much they wish to spend.
A Montana healthcare entity has agreed to pay $4.3 million to settle a proposed class action lawsuit filed in the wake of a 2021 hacking incident affecting 214,000 individuals. The deal is the entity's second multimillion-dollar lawsuit settlement in the last four years involving a major breach.
A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.
An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.
The European Parliament's Pegasus spyware committee heard draft recommendations calling for a ban on the commercial buying and selling of zero-day exploits and for an immediate moratorium on the sale and use of advanced spyware. The committee expects to finalize the recommendations this spring.
When the DOJ announced a "major, international cryptocurrency enforcement action," observers expected to see charges against a well-known firm. Instead, the agency charged a lesser-known figure, Anatoly Legkodymov, the Russian founder of Bitzlato, with facilitating $700 million in illegal activity.
CommonSpirit was negligent in failing to protect sensitive health data, resulting in a compromise affecting at least 623,000 patients and perhaps many more, allege plaintiffs in two proposed class action lawsuits filed against the Chicago-based hospital chain after a 2022 ransomware attack.
European data protection regulators last year imposed known privacy and data breach fines under GDPR collectively worth at least 2.9 billion euros, or $3.1 billion, which was more than double the value of fines issued in 2020, reports law firm DLA Piper.
Shields Health Care Group, a Massachusetts-based medical imaging services provider, is facing two class action lawsuits filed this week - a consolidated federal case and a similar, separate case filed in state court - both in the wake of the same 2022 data breach affecting 2 million individuals.
TikTok must pay a fine of 5 million euros to the French government after the country's data protection agency said the short-form video app violated national privacy law restricting the monitoring of web browser activity. TikTok is at the center of a number of privacy controversies worldwide.
As regulators push healthcare entities and vendors to make it easier for patients to access their electronic health information, organizations must balance compliance with the prevention of potential security breaches, says attorney David Holtzman of HITprivacy LLC.