????? FILED Headlines: Netflix fined for poor privacy notices; Meta settles over Cambridge Analytica; and please don’t call it ‘pig butchering’

Hi there,?

Welcome to FILED Headlines, the weekly edition of the FILED Newsletter focused on the latest, most essential news from the intersection of data privacy, data security, and governance.???

This is the final edition of FILED Headlines for 2024; we’ll be back in your feed around Jan 10.?

??Lawmakers and cybercriminals: please don’t do anything newsworthy for the next two weeks!??

This week:?

• Netflix failed to inform customers about how their data is used, Dutch regulator rules?

• Meta settles with the OAIC over the Cambridge Analytica scandal (remember that?)?

• Rhode Island suffers ransomware attack on its social services system?

??? Privacy & governance??

The Dutch privacy regulator fined Netflix €4.75 million for not informing consumers about how the streaming service uses their data.?

Australia’s biggest radiology provider, I-MED, provided de-identified patient data to an artificial intelligence company without explicit patient consent. An examination of how this happened and what the law says.?

Meta agreed to a A$50 million settlement with the Office of the Australian Information Commissioner over the Cambridge Analytica scandal, which the OAIC is touting as the largest ever payment dedicated to addressing concerns about the privacy of individuals in Australia.?

Ireland’s data privacy regulator fined Meta €251 million for alleged data security failures that led to about 29 million worldwide Facebook accounts being breached in 2018.?

Texas is investigating 15 different companies and social media platforms including Instagram, TikTok, and Reddit, over their handling of underage user data and privacy.?

An overview of the eight US state privacy laws going into effect in 2025, half in just a couple of weeks.?

?? Security?

??Breaches?

Hackers have orchestrated a ransomware attack against PIH Health, and claim to have accessed 17 million patient records.?

Rhode Island was hit with ransomware attack on its state social services system, with the governor advising citizens to take action to secure their financial accounts. Attackers likely had PII including names, addresses and social security numbers, officials said.?

A hacker known as "IntelBroker" leaked 2.9GB of files from Cisco's DevHub platform onto BreachForums, a dark web marketplace. Data reportedly included source code, certificates, and internal documentation tied to Cisco products?

A Texas University data breach impacted 1.4 million people.?

A phishing campaign is leveraging HubSpot to target 20,000 Microsoft Azure accounts.?

Namibia's state-owned telecoms company fell victim to a ransomware attack resulting in the leak of sensitive customer data, including information about top government officials.?

Clop ransomware gang confirms it is actively exploiting Cleo MFT vulnerabilities.?

Digital on-call answering solution ConnectOnCall is notifying more than 900,000 individuals that their personal information and medical information was compromised in a data breach in May.?

Identity provider Okta has warned customers of a rise in phishing attacks impersonating its team.??

????Legal cases & breach fallout?

CISA releases first draft of updated National Cyber Incident Response Plan.?

The US is considering banning TP-Link routers over cybersecurity risks.??

US President-elect Donald Trump's administration will try to find ways to impose higher costs on private actors and US adversaries who wage cyberattacks on citizens, Trump's pick for national security adviser says.?

Nebraska is suing Change Healthcare for a series of alleged security failings that resulted in a historical data breach, exposing the sensitive health information of 100M+ Americans.?

Australia's financial regulator ASIC sued HSBC, alleging that the financial giant failed to protect its clients from a sophisticated scheme that caused $23 million in losses.?

Serbian authorities used Cellebrite software to covertly hack smartphones belonging to civilians and then infect them with spyware, according to researchers and Amnesty International.?

The Department of Homeland Security (DHS) says China, Russia, Iran, and Israel are the “primary” countries exploiting security holes in telecommunications networks to spy on people inside the US.?

Crucial cybersecurity funding from the US federal government is in danger is disappearing. What happens to states if it does??

Don't call it "pig butchering," Interpol pleads.

CISA is urging lawmakers to shift to Signal-like end-to-end encrypted messaging apps after telecom attacks.

?? The latest from RecordPoint?

?? Read:??

Lawmakers around the world are responding to GenAI risk with new requirements for companies. Learn about key laws and why AI governance is essential to ensure you comply.?

Opt in to this article explaining everything you need to know about opt-out compliance.?

Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) - which one of these risk assessments should you follow? This article will help you make that decision.?

?? Listen:??

One more plug for the excellent FILED Podcast finale. Hear the best bits from Season 2 of the podcast, and sign up so you’ll be sure to get the next season when it launches.?

That's all from us for this edition of FILED Headlines. We'll be back with more headlines next week. If you'd like more FILED in your inbox or your headphones, subscribe to the monthly newsletter and podcast, and check out the full archive for both while you're at it.?

See you in 2025 for plenty more FILED Headlines!?