Shunsuke Minowa and Poonyisa Sornchangwat of Nagashima Ohno & Tsunematsu write: 1. Background On 1 August 2025, Thailand’s Personal Data Protection Committee (“PDPC”) announced the issuance of 8 fines totaling THB 14.5 million (approximately USD 448,000), which were levied against one government agency and other private entities for non-compliance with the Personal Data Protection Act of 2019 (“PDPA”)…
Massachusetts AG Secures $795,000 Settlement for Alleged Data Security and Breach Notification Failures by Peabody Properties Inc.
A.J. S. Dhaliwal, Mehul N. Madia, Maxwell Earp-Thomas of Sheppard, Mullin, Richter & Hampton write: On August 19, Massachusetts Attorney General Andrea Joy Campbell announced a $795,000 settlement with a property management company for alleged violations of the Massachusetts Consumer Protection Act, and the Massachusetts Data Security Law and Data Security Regulations. The AG alleged that the…
FBI cyber cop: Salt Typhoon pwned ‘nearly every American’
Jessica Lyons reports: China’s Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official. “There’s a good chance this espionage campaign has stolen information from nearly every American,” Michael Machtinger, deputy assistant director…
EuroFins cancer screening hack far bigger than thought, agency says
DutchNews.nl reports: The scale of a data theft from a Dutch national screening programme laboratory is far greater than initially reported, research agency Bevolkingsonderzoek Nederland said on Friday. Hackers may have accessed the personal and medical details of all 941,000 women who have taken part in the cervical cancer screening programme since 2017, the agency said in…
Fake ID website busted; Dutch police deal a blow to criminal infrastructure
The following is a machine translation of a press release at politie.nl: On August 27, the Rotterdam Police Cybercrime Team seized data from the VerifTools website’s servers during a seizure at a data center in Amsterdam. The operation was carried out in collaboration with the FBI, which simultaneously took the platform offline. VerifTools is considered…
3rd Circuit Clarifies Scope of Computer Fraud Abuse Act With Employer’s Policies
Riley Brennan reports: The U.S. Court of Appeals for the Third Circuit clarified this week that an employee’s purported violations of workplace computer use policies cannot be criminalized under federal law as long as there is no evidence of hacking or violations of trade secrets. On Tuesday, the federal appellate court affirmed the U.S. District Court…