Portugal updates cybercrime law to exempt security researchers
Good news for “white hat” researchers. Bleeping Computer reports: Read more at Bleeping Computer.
UK Government Considers Computer Misuse Act Revision
Data Breach Today reports: The U.K. government is considering amending its three-decade-old hacking law to include a “statutory defense” cover for security researchers, Security Minister Dan Jarvis said. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices such as participating in bug bounties. Speaking at a Financial Times […]
Comcast to pay $1.5 million US fine after vendor data breach
Reuters reports: Comcast will pay a $1.5 million fine after a vendor breach exposed personal data from 237,000 current and former customers, the Federal Communications Commission said on Monday. The FCC said a debt collector used by Comcast until 2022, Financial Business and Consumer Solutions, suffered a 2024 data breach that exposed personal information of Comcast […]
SEC Voluntarily Dismisses SolarWinds Litigation
Covington and Burling writes: On November 20, 2025, the Securities and Exchange Commission (“SEC”) announced that it was voluntarily dismissing the case it brought against SolarWinds Corp. (“SolarWinds”) and its information security officer, Timothy Brown, regarding the company’s security practices and related statements in connection with the “Sunburst” cybersecurity incident. The SEC stated in a […]
Ontario and Alberta privacy commissioners release investigation findings into PowerSchool breach affecting school boards and other educational bodies
TORONTO, ON (November 18, 2025) — Ontario and Alberta information and privacy commissioners have released the findings of their investigations into a massive privacy breach involving PowerSchool education technology (edtech) used by schools in their respective provinces. The incident, which affected millions of Canadians across the country, highlights the importance for educational bodies, including school boards, […]
Sue The Hackers – Google Sues Over Phishing as a Service
Mark Rasch writes: When something goes wrong, after exhausting all other possible alternatives, a company may go to its lawyer with the silliest question you can ever ask a lawyer — “Can I sue?” The basic answer is, “if it moves, sue it…” “If it doesn’t move… move it… then sue it…” And when asked, […]
Intel says software engineer took ‘top secret’ documents after getting fired
The Oregonian reports: Intel says a former employee downloaded thousands of documents shortly after the company fired him in July, many of them classified as “Top Secret.” Jinfeng Luo lived in Seattle and had worked as a software developer for Intel since 2014, according to a lawsuit the company filed against him in Washington federal […]
Attorney General Bonta Joins States in Securing $5.1 Million in Settlements from Education Software Company for Failing to Protect Students’ Data
In 2022, Illuminate Education, Inc. suffered a major data breach. Now three states have announced a settlement with the edtech vendor. From the California Attorney General Rob Bonta’s office:
Lawsuits, Investigations Piling Up in Conduent Hack
Bank Info Security reports: Proposed federal class action litigation is piling up against Conduent Business Solutions following its recent public disclosure that an October 2024 hacking incident potentially compromised personal and health information of more than 10.5 million people. As of Tuesday, at least nine proposed class action lawsuits have been filed since Oct. 27 […]
Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs
The Register reports: Russia’s Interior Ministry says police have arrested three suspects it believes helped build and spread the Meduza infostealer. A statement issued by spokesperson Irina Volk via the Ministry’s Telegram channel on Thursday included video footage of all three arrests of men described as “young IT specialists” who are alleged to have helped […]