????? FILED Headlines: Meta targeted for “pay or consent” scheme, what's next for US privacy law, and is Australia a weak target for hackers?

Hi there,?

Welcome to FILED Headlines, the weekly edition of the FILED Newsletter focused on the latest, most essential news from the intersection of data privacy, data security, and governance.

This week:?

• Millions of OpenSSH servers could be affected by a critical new vulnerability.
• Fiverr sellers are offering to doxx anyone for a fee.

• And is Australia a particularly weak target for cyberattackers??

??? Privacy & governance??

The EU has accused Meta of breaching rules under the Digital Markets Act, focused on an ad-free subscription model for Facebook and Instagram, which the bloc said amounted for a "pay or consent" system meaning users must pay to avoid data collection.?

After the scheduled markup for the American Privacy Rights Act (APRA)?was abruptly canceled last week, the future of a United States federal privacy bill is unclear. What should privacy professionals do??

Related: The US Supreme Court’s decision to overturn Chevron doctrine —?which holds that courts should defer to federal agencies when interpreting parts of federal law not specified by Congress — may make it more difficult to strengthen cybersecurity regulations.?

Photos of Australian children have been found in a large dataset used for training generative artificial intelligence models. An article exploring what can be done about this, based on current privacy law.?

Brazil's National Data Protection Authority has suspended the validity of Meta’s privacy policy, for the use of personal data in training generative artificial intelligence systems in the country.

Dozens of sellers on freelancer platform Fiverr claim to have access to a data surveillance tool?used by private investigators, law enforcement, and insurance firms,?and are using this access to offer doxxing as a service,?according to this report from 404 Media.?

?? Security?

Millions of OpenSSH servers could be affected by a critical new vulnerability that could allow remote code execution. This vulnerability has been described as similar in severity to 2021's Log4Shell vulnerability.?

A breach at authentication service Authy has exposed data associated with Authy accounts, including millions of users' cell phone numbers.?

Financial technology company Affirm told regulators this week that a cyberattack on banking partner Evolve exposed customer information. ?

More than 2.5 million people had personal information accessed as part of a February data breach at insurance agency Prudential.?

Over six million people were impacted by a ransomware breach at Infosys McCamish Systems last year, a breach first reported in back in February.?

Research by Rubrik Zero Labs has found that Australian organizations have among the highest data breach rates in the world. Based on the global average, almost 50% more data breaches impact Australian orgs, and nearly all of those impacted paid attackers to recover data or stop the attack.?

4TB of data has allegedly been leaked in an Australian healthcare breach, apparently by?ransomware gang “Medusa”, which has demanded a US $500,000 ransom.?

Finally, Australian Federal Police have arrested a man, alleging he used a fake wi-fi network on a flight to harvest passengers' credentials.?

?? The latest from RecordPoint???

?? Read:??

When managing large volumes of data, data minimization is crucial. But what about the data that needs to be retained? This article explores why data might need to be kept, the risks of over-retention, and steps for ensuring the data you do keep is secure.?

?? Listen:?

Raashee Gupta Erry, founder and CEO of Uplevel, uses her knowledge and experience to help marketing and advertising teams with balancing growth with respecting privacy and compliance. In this episode of FILED, with Anthony and Kris, she discusses how privacy is an area that requires company-wide awareness, along with nuanced approaches when it comes to various departments and functions.??