California data privacy regulator, the California Privacy Protection Agency (CPPA), has launched an investigation into the data practices of internet-connected cars. The agency, established in 2020, was granted the authority to conduct operations that help residents of California understand and control the data being collected from them. This investigation will be the first application of this new power. Smart cars have become increasingly popular in recent years, and it has become difficult to find a modern car without some internet connectivity. The CPPA aims to understand how companies are complying with California law when collecting and using consumers’ data.

According to Ashkan Soltani, the CPPA’s executive director, modern vehicles are like connected computers on wheels and can collect a wealth of information through built-in apps, sensors, and cameras. This data, which includes web histories, driving habits, and movement tracking, can reveal personal information such as religious practices and medical histories. Data brokers and insurance companies find this information highly valuable, and many users are unaware of their data privacy rights. The CPPA’s Enforcement Division will investigate how companies in the connected vehicle space are complying with California law.

Another data privacy issue has emerged with WorldCoin, a project that collects user biometric data, specifically iris scans, in an attempt to create an “identity and financial network.” German data regulator, the Bavarian State Office for Data Protection Supervision, has been investigating WorldCoin due to concerns about their use of new technology to process sensitive data at a large scale. The regulator launched a probe last November and is investigating whether users were asked for explicit consent for their data to be collected. This investigation has attracted interest from several other European supervisory authorities.

Furthermore, the MOVEit data breaches continue to impact organizations, with the victim count reaching 545 as of the latest report. This number includes companies directly breached as well as those indirectly impacted through third-party vendors. The hacking spree, attributed to the ransomware group Cl0p, began in May and has resulted in the theft of personal data belonging to at least 38 million individuals. The most affected industries are education, finance, and professional services, with approximately 74% of known victims being US organizations. The recent victims include the government of Allegheny County in Pennsylvania and the University of Rochester in New York.

In addition, Everlast, a boxing and sports equipment manufacturer, has experienced a data breach that exposed customer credit card data. Cybercriminals used a trojan skimmer loader installed in Everlast’s online store to capture credit card data during checkout. The attack has been attributed to Magecart Group 4, which is linked to the financially motivated threat actor Carbanak. This breach highlights the importance of robust cybersecurity measures for e-commerce platforms and the need for organizations to protect customer payment information.

These incidents raise concerns about data privacy and the security of personal information. Experts in the industry emphasize the need for organizations to invest in strong security controls, provide regular security awareness training for employees, and maintain incident response plans to effectively respond to attacks. They also stress the importance of patching systems and keeping software updated to prevent vulnerabilities that threat actors can exploit. Overall, these incidents serve as a reminder of the constant threat to data privacy and the need for organizations to prioritize cybersecurity measures to protect sensitive information.

Source link