The Register: Europe coughs up €400 to punter after breaking its own GDPR data protection rules

Source URL: https://www.theregister.com/2025/01/13/data_broker_hacked/
Source: The Register
Title: Europe coughs up €400 to punter after breaking its own GDPR data protection rules

Feedly Summary: PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more
Infosec in brief Gravy Analytics, a vendor of location intelligence info for marketers which reached a settlement with US authorities last year over its alleged unlawful sale of location, has reportedly been hacked – potentially exposing millions of smartphone users.…

AI Summary and Description: Yes

Summary: The text discusses various security incidents and breaches within the realms of data privacy, compliance, and information security that are critical for professionals in the fields of AI, cloud, and infrastructure security. Highlights include the breach at Gravy Analytics revealing how sensitive data can be mishandled, an EU court ruling on GDPR violations, vulnerabilities in Cisco’s Identity Services Engine, and a new ransomware group’s questionable activities.

Detailed Description:
The content details multiple incidents that emphasize the ongoing challenges regarding data security, compliance with regulations, and the evolving landscape of threats targeting organizations. Key points include:

– **Gravy Analytics Breach**:
– Allegations of unlawful sales of location data by Gravy Analytics.
– Hacking incident that potentially exposed millions of smartphone users.
– Use of real-time bidding processes for collecting and selling sensitive personal data without user consent, highlighting issues with privacy permissions.
– Notable applications mentioned in the breach include Tinder, Grindr, and various fitness and utility apps, indicating the widespread risk involved across multiple platforms.

– **EU GDPR Ruling**:
– The European General Court’s decision ordering the European Commission to pay a fine for failing to protect a German citizen’s data transferred unlawfully to the US.
– This case sets a precedent for data protection enforcement, emphasizing the serious consequences of GDPR violations.

– **Cisco Identity Services Engine Update**:
– Cisco’s announcement of a critical security vulnerability concerning authentication processes due to changes in Microsoft Windows that are set to take effect in 2025.
– Highlighted the importance of timely updates and patches to maintain security compliance.

– **Emergence of FunkSec Ransomware Group**:
– Reported claims from the new ransomware group about multiple victims, which were found to be exaggerated by security researchers.
– Insights into their potential use of AI in malware programming, indicating a trend towards technologically advanced cyber threats.

– **Data Breach in Cannabis Retail**:
– Stiiizy, a cannabis retail company, revealed a theft of personal information from its customers through a compromised vendor’s point-of-sale system.
– The breach underscores vulnerabilities in supply chain partners and the critical need for robust security measures in every aspect of a business.

– **CrowdStrike Recruitment Scam**:
– Impersonation scams targeting job seekers at CrowdStrike point to the need for cybersecurity awareness, especially concerning recruitment processes.

These incidents collectively reflect significant implications for AI, cloud, and infrastructure security professionals regarding data governance, regulatory compliance, and the necessity for comprehensive security measures. Understanding these cases will help professionals shape strategies and improve security postures across organizations.