Feb 282020
 February 28, 2020  Posted by  Breaches, Business, Court

Catalin Cimpanu reports:

Facebook filed today a federal lawsuit in a California court against OneAudience, a New Jersey-based data analytics firm.

The social networking giant claims that OneAudience paid app developers to install its Software Development Kit (SDK) in their apps, and later used the control it had over the SDK’s code to harvest data on Facebook users.

Read more on ZDNet.

Feb 282020
 February 28, 2020  Posted by  Laws, Non-U.S.

Tassanai Kiratisountorn, Pimchanok Eianleng, Anna Gamvros, and Ruby Kwok of Norton Rose Fulbright write:

The Personal Data Protection Act B.E. 2562 (2019) (PDPA) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published.

The PDPA is under the supervision of the Ministry of Digital Economy and Society and the main supervising authority of the PDPA is the Office of Data Protection Committee (Office).

Read their summary of the key features of the law on Data Protection Report.

Feb 272020
 February 27, 2020  Posted by  Breaches, Business, Featured News, Govt, U.S.

David Shepardson reports:

The U.S. Federal Communications Commission is set to propose fining four major U.S. mobile phone companies at least $200 million in total for improperly disclosing some consumer real-time location data, two people briefed on the matter said on Thursday.

The FCC is expected to announce the proposed fines on AT&T Inc, Verizon Communications Inc, Sprint Corp and T-Mobile US Inc  by Friday. The companies will be able to challenge the fines before they become final and the precise amount could change – and possibly increase – the sources said.

Read more on Reuters.

Feb 272020
 February 27, 2020  Posted by  Breaches

Sergiu Gatlan reports:

Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.


The attackers use several subject lines that hint at the contents of the email being sent by someone the recipient already knows and are built using a love letter template with statements such as “Don’t tell anyone,” “I love you,” “Letter for you,” “Will be our secret,” and “Can’t forget you.”

Read more on BleepingComputer.