3 Interesting Articles

Google agrees to pay $350 million settlement in data privacy case
Washington Post ($): Google has agreed to a $350 million settlement over a lawsuit related to a security breach on its defunct social media platform, Google Plus, which exposed user data. This settlement follows another recent lawsuit concerning data tracking in Chrome’s private mode, potentially costing Google billions. The recent settlement benefits investors who purchased Google stock between April 23, 2018, and April 30, 2019, with eligible parties to be notified by mail. The breach was discovered in 2018 but not disclosed to the public which led to Google Plus’s data being accessible to external developers, mirroring concerns similar to Facebook’s Cambridge Analytica scandal. This settlement concludes a five-year legal battle initiated by the Rhode Island government, representing a period marked by legal challenges for Google.

Verizon Employee Data Exposed in Insider Threat Incident
Dark Reading: About 63,000 Verizon employees were impacted by a data breach in September 2023 but discovered three months later. The breach was attributed to an “inadvertent disclosure” by an insider and exposed sensitive information including Social Security numbers, compensation details, and more. Verizon has stated there’s no evidence the data was misused or shared outside the company. The telecom giant is notifying affected employees and regulators, and is reviewing its security measures to prevent future incidents. This event marks Verizon’s second data breach in less than a year, following a March incident that affected 7.5 million wireless customers, blamed on a third-party provider.

HopSkipDrive says personal data of 155,000 drivers stolen in data breach
Tech Crunch: HopSkipDrive, a student rideshare service based in Los Angeles, has reported a data breach impacting over 155,000 drivers. This incident, disclosed in a filing with Maine’s attorney general, involved the theft of personal data, including names, email and postal addresses, and driver license numbers. The breach was detected on June 12, 2023 and was linked to suspicious activity on third-party applications used by the company. Although the compromised apps were not named, HopSkipDrive was informed of the breach via an email from an unidentified threat actor. The company, which partners with school districts to transport students, stated that no employee or customer data was accessed. Following the discovery, HopSkipDrive undertook an investigation, engaged forensic experts, and initiated measures to mitigate potential impacts. Despite criticism over the delay in notification, HopSkipDrive claims it began notifying affected individuals in early July and has kept up communications regarding the breach.

2 Stats You Should Know

In 2000, the 15-year-old Canadian known as “MafiaBoy” carried out a series of DDoS attacks over three days, targeting CNN, Yahoo, eBay, Amazon, and others. In 2001, he was sentenced to 8 months in a youth group home by a Canadian court. (source)

“Ransomware” was added to the Oxford English Dictionary in 2018. (source)

1 More Thing

In a shocking deepfake scam, a finance employee was duped into wiring $25 million to con artists who posed as his company’s CFO and team members in a fake video call. This elaborate fraud, masterminded using cutting-edge deepfake technology, marks a chilling advancement in cybercrime. Hong Kong police have cracked down on this case and arrested 6 people so far. Read more about it here.