NAIC says public data stolen in ShinyHunters' PeopleSoft breach

Nissan discloses employee data breach linked to Oracle zero-day attacks

Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]

Who should care: Cybersecurity · Privacy officers · Administrators

MOVEit Breach Defendants Lose 2nd Bid to Toss Negligence Claims

Christopher Brown reports: Bellwether defendants in multi-district litigation over a massive data breach of Progress Software’s MOVEit file-transfer application failed to convince a federal court to toss negligence claims against them under the laws of California, Indiana, Michigan, and Ohio. The defendants—Progress and several of its customers—argued that the claims were barred under the economic-loss... Source

Who should care: Cybersecurity · Privacy officers · Administrators

UK businesses fear stigma of ransomware

Alex Scroxton reports: Fear of stigmatisation is likely leading businesses across the UK to drastically underreport data on ransomware attacks, especially when they have paid a ransom to a cyber criminal gang, as admission of such is often seen as supporting further criminal activity or defying compliance regulations. Data gleaned from the national Report Fraud service – which... Source

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

Central Bank of Libya investigates alleged data leak after cyberattack

SafaAlharathy reports: Libya’s central bank (CBL) says it is investigating data published on the dark web following a recent cyberattack. In a statement, the bank said its technical teams, working with international experts, were analysing the data to determine its nature and whether it is linked to the attack reported earlier this month. The bank... Source

Who should care: Cybersecurity · Privacy officers · Administrators

ZA: Copying the wrong person on an email could be considered a data breach in South Africa

A South African regulatory enforcement action against a technical college has clarified that accidentally sending an email to the wrong recipient can constitute a reportable data breach under POPIA, the country's data protection law. Legal experts say the ruling establishes that unintentional internal disclosures of personal information carry the same mandatory reporting obligations as deliberate breaches.

Why this matters: The ruling reinforces that individuals' personal data warrants protection even from inadvertent exposure, not just malicious actors. Organizations must now treat routine human error with the same rigor as cyberattacks, potentially strengthening everyday data hygiene around how personal information is handled and shared.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy

Red, white and glowing blue: Trump's push for new reactors reaches the finish line

A program initiated by the Trump administration has allowed small companies to rush their testing of several new nuclear reactor designs. Some worry that safety is being compromised.

Who should care: Cybersecurity · Privacy officers · Administrators