Get Started

December 3, 2024

Issue 38 — Latest in privacy & security

In today's email…

  • Irish DPC clarifies legitimate interest
  • Fintech giant investigating 400 GB data breach
  • The WiFi attack that can strike from thousands of miles away
  • A new UK crypto framework is coming in 2025
  • Daily Mail faces 101 hacking lawsuits
  • TerraTrue’s purpose-built EU AI Act compliance tool
  • Upcoming webinars & events

  Latest in Privacy and Security

  • Finastra, a Fintech company serving 45 of the world’s top 50 banks, discovered hackers selling over 400 gigabytes of the company’s data on the dark web. The company has notified customers, and says the stolen data has “no direct impact on customer operations… or Finastra’s ability to serve customers.” The company is currently investigating the hack. Read more
  • Russian state Hackers have used a tactic called a “nearest neighbor attack” to breach an American company’s WiFi network thousands of miles away. The hackers first obtained passwords in a brute force attack, but the company’s multi-factor authentication stopped them from using the credentials. However, by hacking nearby devices, the hackers were able to access the company’s enterprise WiFi. Read more
  • Mirror Group Newspapers, publisher of the Daily Mirror, is facing 101 lawsuits for hacking the phones of public figures. The company has been in court for more than a decade over illegal data gathering practices, and has already had to pay Prince Harry, son of King Charles, approximately $178,000. Read more

  Regulations / Fines

  • The UK plans to create a crypto framework in early 2025. The framework will cover stablecoins (assets pegged to fiat currency to stabilize value), as well as “staking” services, where investors lock down tokens in exchange for interest.
  • In the wake of the €310 million LinkedIn fine discussed in our last newsletter, the Irish DPC clarified its legitimate interest policy. According to commissioner Dale Sunderland, LinkedIn’s decision to use user profiles to provide targeted job ads correctly identified a legitimate interest and the need to process data. But LinkedIn failed to identify how the targeted ads could interfere with fundamental user rights, e.g. by enabling employers to discriminate based on illegal factors like age and gender. Read more

  Feature Focus

  • TerraTrue now helps you comply with the EU AI Act Framework, right out of the box! Our new framework features customizable, purpose-built assessment templates to evaluate your AI tools against regulatory requirements, and export documentation to compliance teams. Read more.

 Upcoming Events

 Job Board

Hacker Meme

Upgrading Your Privacy & Security Program for 2025? Let us help you think through how to plan, budget, and design your program.

Loading GTM...