Ransomware attack on Dallas; entire city suffers

On the 10th of May, 2023, a ransomware attack impacted multiple systems and essential services across the city of Dallas, including some 911 dispatch systems, who temporarily switched to their manual call dispatch system instead of their computer-facilitated system. The attack also impacted the Dallas Fire Rescue website, the municipal court systems, and the Dallas Water Utilities services, among others. A cyber gang has claimed responsibility for the attack. The FBI has since formed a task force to look into the matter. Read more

€5.2 million fine was issued for delayed compliance

French DPA issued a fine of €5.2 million on Clearview AI, a facial recognition company, for delaying compliance to an order made in October of 2022 wherein the CNIL imposed a €20 million fine, ordering the company to cease the collection and processing of data of those located in France, to delete the data and to respond to requests that it received. The 2022 decision also included that after 2 months since the order, additional days of non-compliance will attract a fine of 100,000 euros per day. Read more

Privacy bill passed in Florida

A privacy bill with few privacy rights has been passed in Florida. The bill allows consumers to obtain information on the data collected about them by companies and can request to have certain data deleted. It also has provisions that restrict the collection of minors’ data and restrict the use of their data in ways that are detrimental. However, the bill only regulates very large tech companies and will still leave the privacy of consumers unprotected in various circumstances. Read more

Mental Health data of nearly 100,000 consumers compromised

A healthcare company, Brightline, providing virtual mental health services to families, recently confirmed that they suffered an attack, exposing the data of its consumers. The data compromised included names, addresses, health plan information, and more. Complimentary credit monitoring services have been offered to those affected by the attack for a period of 24 months. Read more

Coinbase accused of violating biometric data law

Cryptocurrency exchange, Coinbase, has been accused of violating Illinois Biometric Information Privacy Act (BIPA) by collecting biometric data from photo IDs and selfies of customers that are required when setting up an account. It is also accused of collecting data from the fingerprint scans used for the mobile app. Coinbase allegedly does not disclose these processes to customers and violates BIPA’s retention schedule requirements. Read more