News Alerts and Breach Report for Week of November 28, 2022
Meta Fined for GDPR Violation
Meta, the parent company of Facebook, has incurred another fine for its mishandling of personal information. The most recent $275 million fine, levied by the Irish Data Protection Authority, brings Meta’s total GDPR fines in the last year to $900 million. According to the New York Times, “The fine issued on Monday stems from an investigation started last year by Irish regulators into reports that Facebook had not safeguarded its platform against being “scraped” for information, leading to the publication on an online hacker forum of data that included users’ names, locations and birth dates, in violation of rules that require companies to safeguard personal information.” Meta’s case is part of a larger uptick in GDPR enforcement. Google and Amazon have also been fined heavily in the last year, and just last week the French data protection authority, CNIL, fined messaging platform DISCORD INC. 800,000 euros for failing to create and implement a data protection program.
India’s Data Protection Bill Faces Criticism
After five years of negotiations, India has veered away from protecting privacy as a fundamental right in the most recent draft of its data protection bill. The Digital Personal Data Protection Bill, now open to public comment, is substantially shorter than its predecessors, and according to analysis by the Washington Post, is “a more forceful attempt to legislate a Chinese-style surveillance state in the world’s largest democracy—something that will disappoint the country’s liberals, upset trading partners by turning data into a potential tool of foreign policy, and cause the West and India to drift further apart ideologically.”
Healthcare Sector Targeted by New Ransomware
The Health Care Sector Cybersecurity Coordination Center (IC3) earlier this month warned healthcare organizations of a ransomware called Venus (also known as GOODGAME). The ransomware specifically targets exposed Windows Remote Desktop services and encrypts Windows devices, as well as deleting necessary logs and applications. For more information, find the alert here.
Meta Pixel Captures Sensitive Financial Info From E-Filing Sites
Several popular e-filing sites, including H&R Block, have been transmitting sensitive personal financial information to Facebook for the purpose of powering targeted ads. According to The Verge, “The data, sent through widely used code called the Meta Pixel, includes not only information like names and email addresses but often even more detailed information, including data on users’ income, filing status, refund amounts, and dependents’ college scholarship amounts.”
Breach Report:
******
To read our article on Australia’s newly proposed Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which will implement significant amendments to the Australian Privacy Act 1988 if approved, click here.
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
82 | A Look at the Consequences of the Uber and Twitter CISO Cases (with guest Ron Raether)
81 | Looking at Cyber Leadership & Costly Mistakes (with guests Rachel Briggs and Richard Brinson)
80 | Cyber Command: Its role in Cybersecurity and National Security (with guests Gary Corn and Jamil N. Jaffer