On June 6, 19-year-old Matthew D. Lane pleaded guilty in federal court in Massachusetts to one count each of conspiracy to commit cyber extortion, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The first two charges were related to an unnamed telecom company identified as “Victim 1.” The third and fourth charges…
Evoke allegedly used Google ads and telemarketing to pretend to be other clinics; court order permanently bans them from similar deceptive conduct On June 10, DataBreaches sent Evoke Wellness in Hilliard, Ohio an inquiry about an insider-wrongdoing breach reported in Ohio media but not mentioned on their website. There has been no reply as of…
Bruce Schneier writes: On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.” The other speakers mostly talked about how cool AI was—and sometimes about how cool their own company was—but I was asked by the Democrats to specifically…
Sergiu Gatlan reports: The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company’s German subsidiary, €45 million ($51.4 million) for privacy and security violations. “Due to malicious employees in partner agencies who broker contracts to customers on behalf of Vodafone, there had been fraud cases due to fictitious contracts or contract changes at…
Hunton Andrews Kurth writes: On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions. Key requirements,…
Alexander Martin reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller…