Divya reports: The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
California Sets 30 Day Deadline for Data Breach Notifications
Heads up to entities doing business in California: your breach notification obligations are changing. Joseph Lazzarotti of JacksonLewis explains: Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney General when personal information of California residents has been…
Vn: Major hospitals hit by cyberattacks, patient data sold on hacker forums
Over the years, DataBreaches has noted hospitals in APAC countries having data leaked or being hit with ransomware attacks, but I have not seen a lot of reviews. An article by Thai Khang in VietnamNet names mentions some of the bigger hospital breaches in Vietnam since 2024, and then continues: According to Thuy, in the…
California’s New Delete Request Tool Impacts Data Brokers and Residents
Going forward, this might help California residents reduce the chances of their personal information being caught up in some breaches. Hunton Andrews Kurth writes: On September 26, 2025, following a public comment period, the California Privacy Protection Agency (“CPPA”) adopted its regulations concerning the Delete Request and Opt-Out Platform (“DROP”). The DROP is a tool developed to…
Shad White’s office finds nearly a third of Mississippi’s state agencies fail cybersecurity requirements
Stephanie Cunningham reports: According to Mississippi State Auditor Shad White, a third of state offices are at risk of cybercrimes due to not meeting cybersecurity assessment requirements according to a report released yesterday, Tuesday, Oct. 7. Auditor Shad White stated in the release, “Part of our role in my office according to state regulations is…
Policyholder Plot Twist: Cyber Insurer Sues Policyholder’s Cyber Pros
Veronica P. Adams and Andrea DeField of Hunton Andrews Kurth write: Last month, Ace American Insurance Company filed a subrogation action against its insured’s cybersecurity and technology vendors, alleging missteps by the technology companies. See Ace American Insurance Company v. Congruity 360, Trustwave Holdings, Case No. 2:25-cv-15657 (D.N.J. Sep. 15, 2025). Ace seeks to recover the $500,000…