????? FILED Headlines: Is your car spying on you? Apple’s Siri settlement; and Harley-Davidson rides on following cyberattack

Hi there,?

Welcome to FILED Headlines, the weekly edition of the FILED Newsletter focused on the latest, most essential news from the intersection of data privacy, data security, and governance.?

It's 2025, and our New Year's resolution was to redouble our efforts to find important, relevant news for you. Also: cold plunges.

This week:?

• Law enforcement praised Tesla’s help in tracking the movements of the man behind the Las Vegas Cybertruck explosion. But the example shows just how much data modern cars collect, and the extent of the privacy risk.?

• Apple settled a proposed class-action lawsuit relating to alleged privacy violations by its voice-activated Siri assistant. But the company was quick to “clarify” that Siri data is not used to build marketing profiles, or sold.

• Is the European Union setting the standard for AI rules across the globe, like it did with privacy??

??? Privacy & governance??

Is your car spying on you? Tesla shared comprehensive data with law enforcement that helped them investigate the Las Vegas Cybertruck explosion, while at the same time showing how much data modern cars collect on users.?

Apple will pay US$95 million in cash to settle a proposed class action lawsuit claiming that its voice-activated Siri assistant violated users' privacy, though it did not admit wrongdoing and in a later statement confirmed that it never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose.?

Google will face a class-action lawsuit over claims it collected personal data from people’s phones even after they hit a button to disable such tracking.?

A good opinion piece on how AI offers the latest example of the "Brussels Effect", AKA the European Union setting the rules for the world.?

The Sixth Circuit decision to strike down the Federal Communications Commission’s net neutrality rule is a bad sign when it comes to the FCC's data breach reporting rules, which could also be gutted in a similar decision.?

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is proposing some significant updates to the HIPAA Security Rule, aiming to improve cybersecurity and better protect the U.S. health care system, while better aligning the Security Rule with cybersecurity best practices.?

?? Security?

??Breaches?

Florida-based medical and dental billing and revenue cycle management company Medusind announced that a data breach discovered in December 2023 has impacted over 360,000 individuals. Given the lengthy investigation time, cybercriminals have had a bit of a head start, but those affected have been offered two years free identity monitoring services.?

US cyber watchdog agency CISA said there was no indication the recently reported breach at the U.S. Treasury Department had affected any other federal agency.?

US motorcycle manufacturing giant Harley-Davidson says there has been no impact on its business following an alleged cyberattack last week.?

The UN’s International Civil Aviation Organization is “actively investigating reports of a potential information security incident” following a criminal claim to have breached the agency.?

US officials named more domestic telecommunications firms that fell victim to a "broad and significant cyber espionage campaign" targeting senior government and political officials.?

Argentina’s airport security police fell victim to a cyberattack that compromised the personal and financial data of its officers and civilian personnel.??

Researchers have identified 36 Chrome extensions, collectively used by 2.6 million people, into which an attacker injected data-stealing malware.?

????Legal cases & breach fallout?

A day in the life of a prolific voice phishing crew. A very useful item to show those on your team who may believe they are immune to such attacks.? ?

A Chinese cybersecurity company was sanctioned by the US for its role in facilitating attacks conducted by state-sponsored hacking group Flax Typhoon, known for targeting critical infrastructure.?

Violent hackers are using truck and trailer rental company U-Haul's data to social engineer their way into the target’s online accounts or target them with violence.??

?? The latest from RecordPoint?

?? Listen:??

A classic episode of FILED for you this week: RecordPoint’s head of risk Dr Miles Ashcroft joins Anthony and Kris to discuss how risk and compliance differ, how they align, and how the former allows you to think of value creation beyond compliance with rules and regulations.?

That's all from us for this edition of FILED Headlines. We'll be back with more headlines next week. If you'd like more FILED in your inbox or your headphones, subscribe to the monthly newsletter and podcast, and check out the full archive for both while you're at it.?

See you next week for plenty more FILED Headlines!?