The U.K. Information Commissioner's Office has fined Cathay Pacific Airways over a data breach that lasted four years and exposed the personal information of over 9 million passengers and customers, including 111,000 British citizens. The fine could have been larger, but the cyber incident happened before GDPR went...
As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants.
The FCC has proposed fining the nation's four largest wireless carriers - AT&T, Sprint, T-Mobile and Verizon - for improperly selling real-time mobile phone location data. How much are the proposed fines?
In May, new medical device regulations, including cybersecurity requirements, will take effect in the European Union. How do they compare with requirements in the U.S.? Attorneys Kim Roberts and Adam Solander offer an analysis.
In an in-depth interview, privacy expert Caitlin Fennessy sorts through modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy.
A lawsuit seeking class action status filed against UW Medicine in the wake of a data leak incident has been amended to reflect that at least one HIV patient allegedly had their data exposed. Why are data breaches tied to IT misconfiguration a growing problem?
The FBI has arrested a suspect who's charged in connection with waging distributed denial-of-service attacks against the campaign website of an unsuccessful 2018 Democratic candidate for the U.S. House in California.
New Mexico is suing Google, alleging the company violates a federal child privacy law by collecting the personal data of students younger than age 13 without their parents' consent. Google rejects the lawsuit's claims, saying they are "factually incorrect."
A newly released report offers a glimpse into how European Union authorities are applying the General Data Protection Regulation to some of the biggest U.S. technology firms, including social media giants Facebook and Twitter.
A home healthcare company has filed 17 breach reports after a ransomware attack on its cloud-based electronic health records vendor last December, illustrating once again how a vendor breach can have a wide impact.
Hacking incidents involving email appear to be the most common type of major health data breach being reported to federal regulators so far in 2020. But the largest breach added to the tally involved a type of incident rarely seen in recent years: the theft of an unencrypted laptop.
Hacked-off patients are suing New Jersey healthcare organization Hackensack Meridian Health for damages after it suffered a ransomware attack last December and paid attackers an unspecified ransom to unlock its systems.