Grindr faces fine of nearly $12 million in Norway for alleged privacy violations

Norway’s data protection agency is proposing a fine of $11.7 million against Grindr for the alleged improper sharing of users’ data to third-party companies for marketing purposes. The Norwegian Data Protection Authority (DPA) said Tuesday that Grindr, which bills itself as “the world’s leading LGBTQ+ social application,” had shared, without full consent, users’ GPS locations, profile data and other information with other companies. Grindr has until Feb. 15 to argue against the decision. The case, which applies to the free version of the app, originated with a 2020 complaint from the Norwegian Consumer Council, and it falls under Europe’s General Data Protection Regulation (GDPR). The DPA said the fine of 100 million Norwegian kroner would represent its largest ever, reflecting that “our findings suggest grave violations of the GDPR.” “Users were not able to exercise real and effective control over the sharing of their data,” the Norwegian authority says. The […]

The post Grindr faces fine of nearly $12 million in Norway for alleged privacy violations appeared first on CyberScoop.

Continue reading Grindr faces fine of nearly $12 million in Norway for alleged privacy violations

Health insurer Excellus penalized $5.1M by HHS for data breach

The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […]

The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop.

Continue reading Health insurer Excellus penalized $5.1M by HHS for data breach

Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets

Regulators in Ireland have fined Twitter for failing to report a data breach promptly and not adequately documenting the incident, marking the first time the regulator has penalized a “big tech” company for violations of Europe’s data protection law. The fine of 450,000 euros, or about $550,000, stems from a bug that allowed thousands of people’s private tweets to be made public between late 2014 and early 2019, when Twitter reported the problem to European authorities. The social media company said it could only identify specific users affected by the breach from September 2017 onward — about 89,000 total over that stretch. The bug only affected users of Twitter’s Android app. Ireland’s Data Protection Commission issued the decision Tuesday on behalf of the European Union, under the EU’s General Data Protection Regulation (GDPR). Twitter’s European headquarters are in Ireland, as are those of Google, Facebook and several other multibillion-dollar U.S. […]

The post Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets appeared first on CyberScoop.

Continue reading Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets

Negligent data center shutdowns bring $60 million fine for Morgan Stanley

Investment bank Morgan Stanley is paying a $60 million fine to the U.S. government for mishandling the decommissioning of two data centers in 2016, and potentially exposing customer information. The bank reported the problem to wealth management customers this summer, saying that pieces of hardware from the facilities still had some customer data on them after they reached a recycler. In 2019, a similar situation arose during the decommissioning of network devices that stored customer data, according to Office of the Comptroller of the Currency, the Treasury Department agency that announced the fine Thursday. The case is a reminder that potential data breaches come in many forms beyond the usual concepts of cybercriminals hacking into networks to or using business email compromise to trick employees. In both cases at Morgan Stanley, the bank “failed to adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in […]

The post Negligent data center shutdowns bring $60 million fine for Morgan Stanley appeared first on CyberScoop.

Continue reading Negligent data center shutdowns bring $60 million fine for Morgan Stanley