EU court rules German data retention law illegal

The European Court of Justice has ruled that Germany's general data retention law is in violation of the EU law. The German law requires telecom operators to store user data for four or ten weeks and make it available at the request of law enforcement authorities. The EU court stated that blanket and indiscriminate telecommunications data retention is illegal. Read More

American Airlines confirms hack

American Airlines fell victim to a phishing scam through which hackers accessed email accounts of airline employees that contained sensitive customers’ data, including driver’s license numbers and medical information. Though the breach was discovered in July, the company notified customers last week. Read More

Berlin DPA fines retailer

The Berlin Commissioner for Data Protection and Freedom of Information imposed a fine of €525,000 against a Berlin-based retail group for violations of Article 38(6) of the GDPR. The company was found to be in conflict of interest since its DPO was in a position where they were acting as a DPO responsible for the data processing activities of companies they had been acting as a managing director for. Read More

SEC fines Morgan Stanley

The US Securities and Exchange Commission has announced a settlement with Morgan Stanley over its failure to protect the personal identifying information of approximately 15 million customers. The company will pay a penalty of $35 million over the lack of proper disposal of devices containing its customers’ PI dating back to 2015. Read More

Optus breach affects 10 million users

Australian telecom company Optus has been criticized for failing to inform customers of a massive data breach that affected 10 million Australians. Though the company discovered the breach on Wednesday, it didn't alert customers until Thursday. The attack allowed hackers to gain access to users’ personal information, including passport and driver's license numbers, email and home addresses, dates of birth, and telephone numbers. Read More

Meta faces lawsuit for tracking via in-app browser

Meta-owned Facebook faces a class-action lawsuit for its alleged collection of data about smartphone users' online activity by inserting a tracking code into the sites people visit through the company's in-app browser. The complaint claims that Meta violates the federal wiretap law, as well as various California state laws. Read More