Issue 44 — Latest in privacy & security

Gaming Privacy and Security Edition

• CFPB finds financial and privacy Risks in videogame transactions
• Sault Ste. Marie Chippewa breach halts gaming until further notice
• Cybercrooks used infected games to install crypto miners
• How DOGE firings are undermining US cybersecurity posture
• Cut admin overhead, speed workflow with TerraTrue
• Jobs corner
• Upcoming webinars & events

  Latest in Privacy and Security

• The Sault Ste. Marie Chippewa Tribe has halted gaming operations after a serious ransomware attack on February 9th. The breach affected Chippewa County, Michigan government and healthcare providers, along with five casinos, and a number of other local businesses. The breach also made gas unavailable in several locations, and restricted stores to cash-only purchases. The tribe has opted to not pay the hackers ransom, and is still investigating the incident. Read more
  
  
• A sophisticated hacking campaign used cracked versions of popular games, distributed over bittorrent, to infect victims with cryptominers. The sophisticated malware checked for sandbox environments and debugging tools, avoiding detection by terminating execution if any were found. It then collected machine identifiers, usernames, OS information, and hardware specs, which were sent to the hackers. The malware used this info to adjust its own behavior based on system performance, so that it could avoid detection. This led to higher electric bills and poorer performance on affected users. Read more
  
  
• Rob Joyce, the former NSA director of cybersecurity, warned lawmakers that firing probationary federal employees “will have a devastating impact on [US] cybersecurity,” particularly against Chinese state hackers. Addressing Congress, he cited the NSA’s technical training pipeline, which prepares “top talent essential for hunting and eradicating PRC threats.”
  
  Laura Galante, former director of the Cyber Threat Intelligence Integration Center under the Director of National Intelligence, emphasized the importance of the Cybersecurity and Infrastructure Security Agency (CISA), which has already lost 130 employees to mass layoffs. She emphasized CISA’s role in identifying “what needs to be protected,” and helping allies patch and protect their systems. In addition to degrading US and allied security, Galante predicts that it will harm the natsec community’s ability to recruit talent in the long run.

  Regulations / Fines

• A new Consumer Financial Protection Bureau (CFPB) report highlighted the rise of financial transactions within online video games and virtual worlds, which increasingly mirror traditional banking and payment systems. These platforms generate billions of dollars in exchange, but also expose consumers to risk of scams, theft, and lack of protections typically expected under federal law. The CFPB pledged to monitor these markets to ensure compliance with consumer financial protection laws.
  
  Key findings from the report, Banking in Video Games and Virtual Worlds, include:
  
  

1. Gaming platforms resemble financial systems: Games allow players to store, transfer, and trade valuable assets, with some items selling for hundreds of thousands of dollars. Gaming companies also use financial services like payment processors.
2. Limited consumer support: As the value of in-game assets grows, so do scams, phishing attempts, and account thefts. Consumers often have little recourse when they suffer financial losses, as gaming companies typically refuse compensation.
3. Data collection concerns: Gaming companies collect extensive personal and behavioral data, including financial information, purchasing history, location data, and even biometric data from virtual reality headsets. This raises privacy and medical privacy risks.

  Feature Focus

• Cut admin overhead, while speeding workflow with TerraTrue AI document analysis and enhanced assessments. These game-changing innovations empower you to leave manual processes in the dust and embrace a new era of intelligent, automated compliance.
  Features include:
  
  
• Optimized vendor oversight, with comprehensive profiles and risk-based assessment scheduling
• Automated reminder workflows to keep vendor monitoring up to date
• API endpoints to speed and simplify integration

 Job Board

• Asana: Lead Privacy Counsel
• Clarivate: Privacy Legal Counsel
• Alliant: Counsel: Privacy, Security and Data Governance
• Ubisoft: Legal Counsel — Data and Privacy
• PlayStation: Senior Manager — Security Systems

 Upcoming Events

• IAPP Data Protection Intensive: UK | Mar 10-11 | London
• Future-Proofing Gaming | Mar 26 | Online Webinar
• IAPP Global Privacy Summit 2025 | Apr 21-24 | Washington, DC
• IAPP Canada Privacy Symposium | May 11-15 | Toronto, Ontario
• FutureCon St Louis | Mar 12 | St. Louis, MO
• Riskworld 2025 | May 3-7 | Chicago, IL
• Compliance Week Ethics & Compliance Summit | Mar 19-20 | Boston, MA
• Compliance Week Third Party Risk Management Summit |Jun 2-4 | Austin, TX

Need to help think through your third party risk management? See how easy it is to launch your first risk review.