DataBreachToday.com

Privacy Activists Decry Loosening Record-Keeping Requirements
Privacy rights groups urged the European Commission to retreat from proposals to revise the GDPR. Europe pledged to lessen record-keeping obligations for companies with up to 500 employees so long as the data processing isn't "likely to result in a high risk."

Healthcare Providers Are Among Nationwide Recovery Service Data Breach Victims
A 2024 hacking incident at a debt collection firm has affected a growing list of clients and at least hundreds of thousands of individuals so far, including 210,000 patients of Harbin Clinic in Georgia and nearly 90,000 patients of Texas-based Vitruvian Health, also known as Hamilton Health Care.

New Cyber Law Enables Agencies to Neutralize Attackers' Servers Located Abroad
The Japanese Parliament passed the long-delayed active cyber defense bill on Friday, paving the way for government agencies to monitor external telecommunications and preemptively respond to signs of cyberattacks, including neutralizing attackers' servers.

Ministry of Justice Discloses April 23 Breach
Hackers stole from the U.K. Ministry of Justice personal information pertaining to criminal defendants in need of an attorney, the British government disclosed Monday. The ministry on Monday said it detected on April 23 a breach that targeted the Legal Aid Agency.

Executive Director Bridget Bean on How Proactive Alerts Prevented $8.7B in Damages
As state-sponsored threats become increasingly aggressive, CISA is scaling its proactive cyber defense efforts. Through real-time threat intelligence, joint task forces and pre-emptive alerts, it is shielding critical infrastructure from state-sponsored and ransomware-driven attacks.

'Lite Panel' Offering Easy Access to Anyone for Just $777 Confirmed by Researcher
Ransomware groups continue to find innovative new ways to shake down organizations large and small in their pursuit of ransom payoffs. For the LockBit group, one tweak was to debut a "lite" version of its ransomware portal that appears to have amassed dozens of very inexperienced business partners.

Australian Human Rights Commission Detected Leak of 670 Online Forms After a Month
The Australian Human Rights Commission said unprotected online complaint forms exposed the personal, healthcare and demographic information of Australians to the public internet for over a month. The data leak exposed 670 complaints and nominations online.

Serviceaide Incident Exposed Patient Data of Catholic Health, a NY-Based Client
Serviceaide, a provider of agentic AI-based IT management and workflow software, reported to regulators that an inadvertent exposure of data on the web has affected more than 483,000 patients of client Catholic Health, a network of six hospitals and dozens of other facilities in western New York.

Report Uncovered Malicious Fake Job Network Operated by a Chinese Company
Recently laid off U.S. federal government officials are being targeted by Chinese intelligence through a network of front companies purporting to offer consulting work. Reports that foreign adversaries intended to recruit former officials began as soon as the administration intentions became apparent.

Company Deploys Thousands of Use Cases, Underscores Responsible AI to Rebuild Trust
UnitedHealth faces AI backlash after nH Predict's 90% error rate and a DOJ probe. With more than 1,000 AI applications from call routing to claims efficiency and a robust responsible AI policy, the company aims to balance innovation with trust in a high-stakes bid to reshape healthcare.

Also: Prison Time for an Irish Crypto Launderer, an ISIS Financier
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, prison sentences for Celsius CEO, Irish crypto launderer and an ISIS supporter, exCH and Haowang close, a Parisian kidnapping attempt on crypto CEO's family and Sinaloa Cartel leaders charged in U.S. federal court.

Also, DOGE Employee’s Credentials Found in Infostealer Dumps
This week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws.

Financially Strapped Cloud Services Firm Settles Suit From 2020 Patient Data Hack
A financially strapped cloud services vendor that experienced a 2020 ransomware attack affecting dozens of healthcare sector clients and hundreds of thousands of patients has agreed to a $1.9 million settlement in proposed class action litigation involving the data theft case.

Urges Companies to Regularly Patch Their Products
The British National Health Service is prodding suppliers to commit to voluntary cybersecurity measures in a bid to prevent disruptive hacks. Among the proposed measures are regularly patching IT systems, instituting multifactor authentication and requiring IT suppliers to monitor and log their systems to allow prompt incident response.

It's Me, Not You: CISA Withdraws Leidos Cyber Offer Last Second
A multi-billion dollar vision by the Cybersecurity and Infrastructure Security Agency for its government-wide network intrusion detection and prevention system went kaput on Friday, court documents show. It withdrew an offer to contractor Leidos to support the National Cybersecurity Protection System.

US House Republicans Back Decade Pause of State AI Statutes
Republicans in the executive and legislative branches made moves Tuesday to loosen regulations on artificial intelligence by championing a decade-long ban on state AI regulation and undoing a rule that would have limited exports of advanced chip and model weights.

All Risk, No Reward: Meta's Ongoing Legal Issues in Europe
Social media giant Meta is likely to face more legal hurdles over its plans to use the personal data of European Facebook and Instagram users to train artificial intelligence models. Meta paused efforts to train AI with European data in June 2024.