A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.
The need to implement zero trust at scale is growing ever more critical. In this video interview with Information Security Media Group, subject matter experts Srinivas Tummalapenta of IBM and Justin Douglas of Palo Alto discuss the guiding principles of scaling zero trust.
The main problem for CISOs in complying with regulations in different countries is that a single approach often does not work, says Farly Halim, regional CISO for Asia, Middle East and Africa at Sodexo BRS. Use a single solution tuned to each country's requirements, he advises.
Meta says it is taking legal action against scraping-for-hire service provider Voyager Labs for allegedly using fake accounts to copy accessible data about users when logged into Facebook, Instagram and other websites. The social media firms says it closed 60,000 fake accounts.
TikTok must pay a fine of 5 million euros to the French government after the country's data protection agency said the short-form video app violated national privacy law restricting the monitoring of web browser activity. TikTok is at the center of a number of privacy controversies worldwide.
Managed security services player Cerberus Sentinel plans to capitalize on cloud migration and strict privacy regulations in South America through its proposed purchase of RAN Security. The deal will bolster Cerberus Sentinel's penetration testing, gap analysis and infrastructure management services.
Modernizing data breach notification requirements for the telecommunications sector is the focus of a newly announced Federal Communications Commission proceeding. The rules, last updated in 2007, would push for faster consumer notification and require the reporting of accidental data breaches.
Federal regulators have kicked off the New Year with a $16,000 HIPAA penalty against an Atlanta-based medical testing laboratory for failure to provide timely access to a patient records request. The settlement is the 43rd HHS enforcement action in these types of disputes.
In the latest legal volley between the Federal Trade Commission and Kochava, the FTC is asking a federal court to dismiss a "preemptive" lawsuit filed by the data broker last summer, weeks before the regulatory agency filed an enforcement action against the firm alleging data privacy violations.
Software vulnerabilities installed by luxury car manufacturers including Ferrari, BMW, Rolls Royce and Porsche that could allow remote attackers to control vehicles and steal owners' personal details have been fixed. Cybersecurity researchers uncovered the vulnerabilities while vacationing.
The French data privacy agency has fined Apple 8 million euros for an ad personalization tracker that violated the country's privacy laws. The fine against Apple was announced on the same day the Irish Data Protection agency fined Meta Ireland for similar violations.
The latest edition of the ISMG Security Report analyzes why Meta has agreed to pay $725 million to settle a class-action lawsuit over users' personal data, how the median stock price dropped 40% among publicly traded security firms in 2022, and why an infrastructure change is needed in SOCs.
The Irish Data Protection Commission has imposed a fine of 390 million euros against Meta Ireland for violating the General Data Protection Regulation related to user data processing. Meta confirmed it will contest the penalty, which targets ad personalization by Facebook and Instagram.
Modern organizations often have complex cloud and on-premise environments often managed with siloed security tools. This situation leads to fragmented visibility, an inability to prioritize risks for remediation and a lack of business-level reporting.
In this webinar, security leaders will learn how cloud security...