June 1, 2023
Meta has been fined $1.3B by the Irish Data Protection Commission, for violating the EU’s GDPR. This is the record fine for violating the GDPR, surpassing the $808M Amazon fine in 2021.
Meta has said it will appeal the fine, which has been announced following the failure of the company to comply with a 2020 decision by the European Union’s highest court regarding the level of protection of Facebook data.
According to Kovrr’s Threat Intelligence Database, a total of 187 fines have been issued by the GDPR in 2023, for issues related to data protection and data privacy, with an average fine amount of €8.87M. However, as there are some extremely high fines (such as the fine issued to Meta), the median fine is much lower, at €5000.
Luxottica, the world’s largest eyewear company, has confirmed that one of its third party contractors has suffered a data breach in 2021, which they were made aware of in November 2022.
Suspicions of a breach have surfaced after a database of Luxottica users was distributed for free on hacking forums, earlier this month. The database contained over 70M unique email addresses of Luxottica customers, with the most recent record dated from March 16th 2021.
According to Kovrr’s Threat Intelligence Database, the average number of data records impacted in attacks in the past 24 months is 1.66M, while the average number of data records impacted in attacks against companies in the retail industry is around 3 times greater, at 4.54M records per breach.
A joint cybersecurity advisory from government agencies in the U.S. and Australia, published by the Cybersecurity and Infrastructure Security Agency (CISA), is warning organizations that the BianLian ransomware group is abandoning its double extortion model, and moving to extortion-only attacks.
In a double extortion attack, the attacker both steals and encrypts the victim’s data. However, since Avast released a decryptor for this ransomware in January 2023, the ransomware group has moved to only steal victim data, and demand a fee from victims so that the data will not be published.
According to Kovrr’s Threat Intelligence Database, there have been a total of 1500 observed ransomware attacks in 2023, an average of around 10 attacks per day. The top attacked industries this year have been Business Services, Financial Services, and Healthcare Providers, together accounting for 15% of observed ransomware attacks.
February 15, 2024
Combining traditional cyber risk methods with CRQ turns ambiguity into actionable data for CISOs, driving informed decision-making.
February 12, 2024
Risk Progression feature empowers CISOs and CRQ users to inspect and understand the changes in their cyber risk over time.