Facebook has revealed that, once again, it allowed third-party app developers to wrongfully gain access to its customers' private data. The company changed access for about 100 developers after the problem was discovered.
By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.
What's the best way to spring your citizens from foreign jail if they've been detained on U.S. hacking charges? That's a question that continues to plague Russia, including in the ongoing case against Aleksey Burkov, who's been charged with being part of a $20 million payment fraud scheme.
Say hello to NortonLifeLock, as Symantec anti-virus for consumers is no more, following the sale of Symantec's enterprise assets and name to Broadcom for $10.7 billion. But can the new, pure-play consumer "cyber safety" business succeed where the combined consumer and enterprise business previously stumbled?
A trio of domain name registrars are mandating a password reset after a breach affecting about 22 million accounts occurred in late August. Web.com and two of its brands, Network Solutions and Register.com are contacting victims via email.
After months of appeals, Facebook has agreed to pay $643,000 to settle claims that it violated U.K. privacy laws by allowing Cambridge Analytica - a now-defunct digital marketer that focused, in part, on political campaigns - to access the personal data of 87 million of its users.
Two new security incidents demonstrate how easily millions of customer records can be exposed. Researchers found an unsecured database containing records of customers of Adobe Creative Cloud. And Italy's UniCredit bank announced a "data incident" that exposed a file containing customer records.
A U.S. Congressional committee on Wednesday peppered Facebook CEO Mark Zuckerberg with tough questions about the company's plans for a cryptocurrency called Libra, raising concerns about privacy issues as well as potential use of the currency for money laundering or to finance deals for illegal drugs and weapons.
An unsecure database belonging to a company that provides hotel reservation management technology exposed about 179 GB of customer data, including travel arrangements and other data for U.S. military and other government personnel, according to a new report from two independent security researchers.
Draft regulations to carry out the California Consumer Privacy Act do not go far enough to clarify ambiguities in the law, which goes into effect Jan. 1, 2020, says privacy attorney Sadia Mirza of the law firm Troutman Sanders, who encourages organizations to submit comments on the proposed regs.
Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase. A federal judge has granted preliminary approval to the deal.
New legislation introduced by Sen. Ron Wyden, D-Ore., would "bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs," he says. But can Congress agree on a privacy law?
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.