????? FILED Headlines: 2.9 billion people hacked, the EU targets Grok, and what does the end of Chevron Deference mean for data privacy?

Hi there,?

Welcome to FILED Headlines, the weekly edition of the FILED Newsletter focused on the latest, most essential news from the intersection of data privacy, data security, and governance.? This week:?

• A lawsuit alleges a hack of 2.9 billion people.
• The California Privacy Protection Agency considers new regulations that would add at least US $4.2 billion in compliance costs to California businesses.?
• 21 new or rebranded ransomware gangs have emerged in the year so far.?

??? Privacy & governance??

A new US Senate bill would elevate ransomware to a terrorist threat. ?

The European Union’s Data Protection Commission (DPC) has filed High Court proceedings against X , over concerns related to the handling of European users’ personal data. The proceedings concern the use of user data to train the platform’s AI chatbot, Grok.?

Most US state privacy laws, including the California Consumer Privacy Act (CCPA), do not provide a private right of action for violations. A fascinating, slightly technical explanation of how California attorneys are using a decades-old criminal statute to get around these limitations , and allege that companies using website tracking technologies without obtaining user consent are infringing on privacy rights.?

News on a distinct but related CCPA now—the California Privacy Protection Agency. The agency’s Board has discussed advancing a package of proposed regulations which include rules on cybersecurity audits, automated decision-making technology like AI, privacy risk assessments and more. The regulations could add US $4.2 billion in compliance costs for California businesses, not to mention the costs to businesses based outside California but still subject to the CCPA.?

An analysis of how the end of Chevron Deference will affect data privacy regulation and enforcement .?

?? Security?

2.9 billion people have allegedly had their data stolen in a breach of a public records data provider National Public Data, which specializes in background checks, in what would be one of the largest data breaches ever. The breach was disclosed in the filing of a proposed class action lawsuit.?

A China-linked advanced persistent threat group seems to have compromised a government-affiliated institute in Taiwan that conducts research on advanced computing and associated technologies .??

A Fortune 50 company paid US $75 million to cyber attackers this year, greatly exceeding any other previous pay out .?

21 new or rebranded ransomware gangs have emerged since the start of the year , according to a new report.?

?? The latest from RecordPoint???

?? Read:??

IBM’s Cost of a Data Breach Report makes it clear: a data-centric approach to cybersecurity is now table stakes for organizations who wish to do right by their customers. An analysis of the numbers and how organizations should respond .?

?? Listen:?

DataCo co-founder Danny Tyrell joined the podcast this week to discuss data collaboration , and how his company helps companies to learn more about their customers in a privacy-preserving way, by connecting them with trusted data sources. At the core of this is maintaining customer trust, and Danny, Anthony, and Kris go deep on what trust means in the context of this technology, as well as how privacy legislation plays a part, and whether there is a place for data brokers?