Three US states welcome data privacy bills, Apple targeted in $50m ransomware attack, and more



Alaska, Virginia, and Florida welcome data privacy bills

On April 23, 2021, the Florida House resoundingly approved a bill for the Florida Privacy Protection Act, which mandates businesses to inform consumers what information they've collected and how they're going to use it. The bill would make Florida the latest state to enact consumer protections against companies harvesting personal information.


The State of Alaska also joined the consumer data privacy race with the introduction of the Consumer Data Privacy Act on April 2, 2021. Its Senate Bill 116 and House Bill 159 are aimed at protecting citizens’ personal information and affirming the right to privacy set forth in the Constitution of the State of Alaska.


The news comes a month after Virginia passed the Consumer Data Protection Act, which is partially based on the proposed Washington Privacy Act that is working its way through that state's legislature.


Personal data of 1.3 million Clubhouse users exposed

Personal information of 1.3 million Clubhouse profiles was scraped and posted on a popular hacker forum. The data includes account names, social media profile names, user IDs, and other details. The company responded to a Cyber News report stating it didn’t suffer a data breach and the information posted was already publicly available and accessible via their API.


Codecov breach akin to SolarWinds affects 29,000 customers

The US-based software auditing company Codecov is the recent victim of a breach reminiscent of the 2020 SolarWinds attack. As reported by Reuters, the hackers detected a flaw in a Docker image creation process and used it to make “periodic, unauthorized” changes to the company’s Bash Uploader script. This allowed the attackers to export customer data to an external server, impacting an unknown number of its 29,000 customers.


Apple, the latest victim of $50 million ransomware attack

A few days after targeting Acer, the same Russian group has attacked Apple with its REvil ransomware. The group stole confidential information related to Apple’s upcoming products after breaching Quanta Computer, a company that assembles several Apple devices. The hackers demanded Apple pay a $50 million ransom and posted a series of images depicting its Macbook schematics. Read more about the developing story here.


Australian federal court finds Google misled users

Google LLC and Google Australia Pty Ltd were found to be misleading users regarding the collection of their personal location data through Android mobile devices from January 2017 to December 2018. The ruling is a world-first enforcement action brought by the Australian Competition and Consumer Commission (ACCC), which is seeking declarations, pecuniary penalties, publications orders, and compliance orders against the company.