Virginia passes their AI regulation, yet to be signed by governor

Virginia passed their AI regulation, the High-Risk Artificial Intelligence Developer and Deployer Act which is similar to Colorado’s AI Act. The regulatory framework applies specifically to “high-risk artificial intelligence” systems that are “specifically intended to autonomously” render or be a substantial factor in rendering decisions. However, since Virginia Governor Glenn Youngkin has not made any public indication regarding his statement on the Act, the bill’s passing is uncertain. His deadline to sign, veto or return the bill with amendments is March 24th. If signed, the bill takes effect on July 1st , 2026. Read more.

AI access tool OmniGPT suffers data security breach

Artificial intelligence tool OmniGPT, that provides access to ChatGPT-4, Gemini, Claude 3.5, and Midjourney to users without subscriptions, suffered a data breach, exposing Personal Information (PI) of over 30,000 users. Threat actor Gloomer listed the stolen data for sale on hacking forum BreachForums in early February. Stolen data included email addresses, phone numbers, login credentials, API keys, billing information and files uploaded by OmniGPT users. 34 million user chats have also allegedly been leaked by Gloomer. It is speculated that the breach occurred due to abuse of the tool’s endpoint caused by flawed user handling. Read more.

End-to-end encryption removed for Apple users in the UK

After a request by UK law enforcement, Apple has terminated their Advanced Data Protection tool that enables end-to-end encryption. ADP allows only account holders to access their stored personal data, such as pictures and messages, on iCloud. As of February 28th, users in the UK who attempt to opt-in to the ADP service will be met with an error message and guidance will be provided to those who have already opted in on how to disable the feature. Read more.

Arkanasas AG sues GM and OnStar

Arkansas Attorney General Tim Griffin sued General Motors and its subsidiary OnStar for their deceptive data selling practices. It was found that GM and OnStar collected detailed driving information and then sold that to third parties. This information was then sold to insurance companies who used this data to drive up their rates and even deny coverage. The lawsuit finds GM and OnStar in violation of the Arkansas Deceptive Trade Practices Act. Read more.

Florida Data Broker to pay $46,000 for violating the Delete Act

The Enforcement Division of the California Privacy Protection Agency (CPPA) brings enforcement action against National Public Data, a Florida based data broker seeking a $46,000 fine for failing to register and pay an annual fee as per California’s Delete Act. This case follows National Public Data’s data breach last year that allegedly exposed around 2.9 billion records including names and social security numbers. The Delete Act requires data brokers to register and pay annual fees accordingly. Read more.