????? FILED Headlines: Texas sues Allstate; Scholastic breach due to missing MFA; and did GenAI help build the FunkSec malware?

Hi there,?

Welcome to FILED Headlines, the weekly edition of the FILED Newsletter focused on the latest, most essential news from the intersection of data privacy, data security, and governance.???

This week:?

• Texas sues Allstate for its location data collection practices?

• A lack of MFA apparently to blame for a Scholastic breach that affected millions?

• And the FunkSec malware apparently built with AI?

??? Privacy & governance??

Texas’ attorney general is suing insurance giant Allstate for allegedly illegally collecting, using and selling cell phone location and movement data belonging to more than 45 million Americans.?

The Federal Trade Commission will require companies to secure opt-in consent for targeting advertising to children and bar them from retaining kids’ data indefinitely.?

Hot take: consumers don't mind sharing private data if there's value in the exercise.?

?? Security?

??Breaches?

A breach of data broker Gravy Analytics’ trove of location data threatens the privacy of millions. ??

4.2 million affected by Scholastic data breach, with the hacker leaving a mocking message implying the cause was a lack of MFA.?

Russia’s main electronic trading platform for government and corporate procurement confirmed on Monday that it had been targeted by a cyberattack, for which a pro-Ukraine hacking group has claimed responsibility.?

Ivanti has confirmed a new zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line.???

Addiction treatment firm Baymark confirmed patient personal information was compromised in a data breach.?

The US Justice Department said it has deleted malware planted on more than 4200 computers by a group of China-backed hackers.?

Multinational telecommunications company Telefonica confirmed a data breach leading to the theft of more than 236,000 lines of customer data and nearly half a million Jira tickets.?

The emerging FunkSec ransomware, which claimed over 80 victims in December 2024, was likely developed by an inexperienced Algerian malware developer relying on AI.?

????Legal cases & misc. links?

Microsoft is pursuing legal action to crack down on malicious Copilot use by cybercriminals.

A California court ruling that spyware maker NSO Group should be held liable for the hacks its software enables may have limited impact on the spyware ecosystem.?

Adobe shipped patches for more than a dozen security defects in products including Photoshop, Adobe Animate, and Adobe Illustrator for iOS. ?

Microsoft kicks off 2025 with a whopping 161 security updates.?

The White House this week introduced a voluntary cybersecurity labeling program for technology products so that consumers can have some assurance their smart devices aren't spying on them.?

In new executive order, US President Joe Biden called for tighter cyber security standards for federal agencies and contractors.?

?? The latest from RecordPoint?

?? Read:??

Understanding where data is and what it’s used for will improve your business outcomes. Learn why data lineage matters and how to use it in your organization.??

What is a data catalog? Examples from Airbnb + GE Aviation.?

That's all from us for this edition of FILED Headlines. We'll be back with more headlines next week. If you'd like more FILED in your inbox or your headphones, subscribe to the monthly newsletter and podcast, and check out the full archive for both while you're at it.?

See you next week for plenty more FILED Headlines!?