Armenian Extradited to US Over Ryuk Ransomware
The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.
Stay informed on the latest in information security trends, breaches, and best practices with our expertly curated content on cyber safety.
Search across headline titles and summaries.
Background for this topic.
A fine is a monetary penalty imposed by a competent authority or court for violating a law, regulation, or legally binding requirement. In information security and privacy, it may follow inadequate safeguards for personal data, unlawful processing, failure to meet required reporting or record-keeping duties, or non-compliance with sector-specific controls. The legal basis, maximum amount, and factors such as severity, duration, negligence, cooperation, and remediation vary by jurisdiction; a fine is generally punitive rather than compensation for affected parties.
For security practitioners, a fine signals that controls and security decisions may be examined as evidence of compliance. Maintain documented risk assessments, access reviews, patching decisions, supplier oversight, logging, and retention practices, especially where they protect regulated data. During an incident, preserve relevant records and establish an accurate timeline for containment, notification, and remediation. Privacy requirements such as data minimization and retention limits can therefore be security controls as well as legal obligations. A fine does not by itself establish that a particular attack or breach occurred.
Weekly headline count for the current query.
The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.
European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?
With $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who's walking into your systems is devastating.
Globally, security researchers and whistleblowers face increasingly hostile laws and judiciaries that are ready to levy fines and prison sentences.
New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.
Four companies — Avaya, Check Point, Mimecast, and Unisys — have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.
Regulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.
Threat actors were able to breach Blackbaud's systems and compromise sensitive data, largely because of the company's poor cybersecurity practices and lack of encrypted data, the AG said.
The political consultant who wrote the script and paid for the deepfake audio used in robocalls was fined $6 million by the FCC.
Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
Verizon, AT&T, and T-Mobile USA are being fined for sharing location data. They plan to appeal the decision, which is the culmination of a four-year investigation into how carriers sold customer data to third parties.
In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC's new data-breach disclosure rules.
The FTC found that Avast collected reams of personal data through its antivirus product, then sold it to more than 100 third parties without disclosing its practices.
The company, Modern Solutions, had misconfigured a cloud database, but argues the contractor could only have found the password through insider knowledge.
The text messages threaten fines if the victims don't provide personal and financial details.
Confidential AI integrates zero trust and confidential computing to guard data and models during inferencing, training, learning, and fine-tuning.
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
Kenyan data protection regulator issues monetary penalties to multiple firms for improper handling of personal data.
Ransomware becoming less of a factor as threat actors extort businesses with payment options that are less than regulatory fines.