The IRS says it mistakenly made public data for about 120,000 taxpayers

NPR: A human coding error caused 120,000 taxpayer information to be made public by the Internal Revenue Service (IRS). Shockingly, this information was available for a full year until an employee recently noticed the mistake. Confidential data from business tax returns (Form 990-Ts) were inadvertently disclosed. The good news is that social security numbers and other information that can impact credit scores were not released. 

More: WSJ ($) | Bloomberg 

Holiday Inn hotels hit by cyber-attack

BBC News: IHG, the owner of some of the largest hotel chains, confirmed “unauthorized access” to a number of its computer systems. Booking channels and other applications were thrown into disarray with a number of customers complaining via social media. The company did not disclose if any customer information was stolen and did not say this was due to a ransomware attack, though most experts are pointing in that direction.  Update: a couple from Vietnam carried out the cyberattack for “fun” – how despicable! 

More: @rsweatark | Update on IHG hack

Sephora becomes the first company fined for violating CCPA

SD Times: Bad news for the mega cosmetics retailer, Sephora. According to the California Attorney General Rob Bonta, the company has settled with the state over allegations that they violated the California Consumer Privacy Act (CCPA). The Attorney General determined that Sephora failed to disclose that they were selling customer’s personal information and failed on user requests to opt out of sale via privacy controls. Sephora is ordered to pay 1.2 million in penalties and leaves businesses feeling a sense of urgency to ensure they are complying with CCPA. 

More: Security Magazine | Attorney General Announcement | Compliance Week