Taiwan Flags Chinese Apps Over Data Security Violations
Taiwan warned that popular Chinese-owned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China
PII covers information that identifies people, making its collection, storage, and disclosure central to privacy protection and breach response.
Search across headline titles and summaries.
Background for this topic.
PII (personally identifiable information) is information that identifies a person directly or can do so when combined with other data. Direct identifiers include names, government identification numbers, passport details, and email addresses; indirect identifiers can include birth dates, precise location, or unique account attributes. The term is used broadly in security, but its legal scope varies: laws and regulations may use different definitions, such as “personal data” under the GDPR or protected health information under HIPAA.
PII is a high-value target because unauthorized access or disclosure can enable identity fraud, targeted phishing, or privacy harm. It may be exposed through compromised applications, cloud storage, logs, endpoints, or third parties. Practitioners should inventory and classify it, collect and retain only what is needed, restrict access, and protect it with encryption or tokenization where appropriate. Monitoring and tested procedures for investigating exposure are important, while retention, deletion, and notification duties depend on the applicable jurisdiction and sector.
Taiwan warned that popular Chinese-owned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
Passengers' personal information was likely accessed via a third-party platform used at a call center, but didn't include passport or credit card info.
Agency: Fraudsters Used Valid Beneficiary Info to Create Fake Medicare.gov AccountsThe Centers for Medicare and Medicaid Services is notifying 103,000 people that their personal information was potentially compromised by fraudsters who set up scam beneficiary online accounts on Medicare.gov. CMS said it has deactivated the fake accounts and is taking other steps in response.
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors
AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. [...]
Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. [...]
Ahold Delhaize has confirmed a cyber-attack exposed personal data of over 2.2 million individuals in the US