InfoSecBulletin Cybersecurity for mankind
The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach that affected 29 million Facebook accounts.
The breach occurred when unauthorized parties exploited user access tokens, exposing sensitive information like names, email addresses, phone numbers, and physical locations, including data on children.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” commented Graham Doyle, the DPC’s Deputy Commissioner.
The DPC will soon publish the full decision for public insight.
Meta said media that, “This decision relates to an incident from 2018. We took immediate action to fix the problem as soon as it was identified, and we proactively informed the people impacted, as well as the Irish Data Protection Commission,”
“We have a wide range of industry-leading measures in place to protect people across our platforms.”
Meta settles in Australia
Meta has agreed to a $50 million settlement for Australian Facebook users affected by the Cambridge Analytica incident, according to the Australian Information Commissioner.
The settlement addresses privacy violations under the Privacy Act 1988 related to data shared with the This is Your Digital Life app, which may have been misused for political profiling.
Australians with Facebook accounts from November 2, 2013, to December 17, 2015, who spent over 30 days in Australia and either installed the Your Digital Life app or befriended someone who did may qualify for compensation.
“We settled on a no admissions basis, as it is in the best interest of our community and shareholders that we close this chapter on allegations that relate to past practices no longer relevant to how Meta’s products or systems work today. We look forward to continuing to build services Australians love and trust with privacy at the forefront,” Meta told BleepingComputer.
