????? FILED Headlines: Hackers target Snowflake customers, the FTC targets TikTok, and the OAIC targets BetterHelp

Hi there,?

Welcome to FILED Headlines, the weekly edition of the FILED Newsletter focused on the latest, most essential news from the intersection of data privacy, data security, and governance.??

??? Privacy & governance??

The Federal Trade Commission has referred a complaint against TikTok and its parent company ByteDance over alleged violations of children’s privacy to the Department of Justice.?

The Medibank court case is already providing much-needed sunlight into the data breach, with court documents alleging attackers gained access thanks to a lack of multi-factor authentication for network access.?

And meanwhile in another major 2022 Australian privacy breach, the Optus data breach was caused by a simple access control coding error that could have been found at any time in the previous four years. That's according to court filings made to the Federal Court by the Australian Communication and Media Authority (ACMA), which has lodged an action against Optus for failing to protect its customers' personal information during the breach.?

The Governor of Vermont has vetoed what would have been the United States' strongest data privacy law, objecting to the inclusion of a private right of action allowing citizens to sue companies that violate the law. Vermont already has an anti-business reputation, he says.?

Customer advocates are calling on the Office of the Australian Information Commissioner (OAIC) to investigate therapy platform BetterHelp as it expands into Australia, following a US ruling that the company shared sensitive data with third-parties.?

?? Security?

10 companies are facing ransom payments between $300,000 and $5 million following a breach against cloud-based data analytics firm Snowflake, according to cybersecurity firm Mandiant. The hackers targeted Snowflake customers who failed to enable MFA.?

Ransomware is more brutal than ever in 2024, with attacks often veering into real-world violence. ?

Tracking service Tile was breached, with a large amount of customer data stolen, including names, physical addresses, email addresses, and phone numbers. ?

Nearly 400,000 people affected by a breach at an eye care management services company.?

A new White House report details the last year's 11 major data breaches, including the impact of the MOVEit supply chain attack.?

Microsoft president Brad Smith testified to US Congress about security lapses, with one lawmaker frustrated at the company's inability to locate Chinese hackers. "It's not our job to find the culprits. That's what we're paying you for," Congressman Bennie Thompson told Smith.?

Security researchers are growing concerned about the rise of "unknown" attack vectors in ransomware attacks.?

And Akira, a sophisticated group of threat actors, might be the next big thing in ransomware.

??The latest from RecordPoint???

?? Read:??

United States financial institutions must urgently improve their data governance and information security policies to respond to data security rules like the SEC's Regulation S-P amendments, which requires them to report data breaches within 30 days. Read our article on the amendments to set your priorities.

As custodians of vast troves of personal and financial data, retailers must prioritize the protection of their invaluable digital assets. Learn how data security posture management is at the core of the solution.

?? Listen:?

Debra Farber has made the cause of shifting privacy left her life’s mission. In addition to her work as a privacy consultant, she has published 60 episodes and counting of her podcast, the aptly named Shifting Privacy Left, where she talks to everyone from privacy advocates to engineers about embedding privacy throughout organizations.?

She joined Anthony and Kris to dive deep into the subject, its importance, its applicability to organizations large and small, and to share the most surprising things she's learned in her journey.?