Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: California bans data broker reselling health data of millions
The recent enforcement action by the California Privacy Protection Agency against Datamasters highlights a critical turning point in the regulation of the data brokerage industry. By banning the Texas-based firm from reselling the sensitive health data of millions, including records on individuals with Alzheimer’s and drug addiction, the state has signaled that the era of unregulated trafficking in medical vulnerabilities is coming to an end. This move is not merely a bureaucratic slap on the wrist but a direct application of the California Delete Act, which mandates transparency and provides consumers with a centralized mechanism to reclaim their digital autonomy.
The urgency of this intervention cannot be overstated, as the commodification of such intimate information creates profound risks that extend far beyond intrusive advertising. When lists of people struggling with cognitive decline or financial instability are bought and sold, they become high-value targets for predatory actors and sophisticated fraud schemes. Given these stakes, your view that this oversight is worth doing is well-founded; the potential for real-world harm necessitates a regulatory framework that prioritizes human safety over the profit margins of “shadowy middlemen” who operate without public consent.
Ultimately, this case serves as a vital proof of concept for the newly launched Delete Request and Opt-out Platform (DROP). While the industry has long relied on the practical impossibility of consumers contacting hundreds of individual brokers to delete their data, California’s centralized approach shifts the burden of compliance back onto the corporations. As other states look to this model, the permanent removal of non-compliant firms from the marketplace provides a necessary deterrent, ensuring that the protection of sensitive health information is treated as a fundamental right rather than an optional business practice.
Projects
- TryHackMe – FlareVM: Arsenal of Tools – In Progress
Articles
- California bans data broker reselling health data of millions – The California Privacy Protection Agency (CalPrivacy) has taken action against the Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker.
- Instagram denies breach amid claims of 17 million account data leak – Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online.
- Spanish energy giant Endesa discloses data breach affecting customers – Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the company’s systems and accessed contract-related information, which includes personal details.
- Spain arrests 34 suspects linked to Black Axe cyber crime – Authorities in Spain have arrested 34 individuals allegedly part of a criminal network involved in cyber fraud and believed to be connected to the Black Axe group responsible for illicit activities across Europe.
- Ireland recalls almost 13,000 passports over missing ‘IRL’ code – Ireland’s Department of Foreign Affairs has recalled nearly 13,000 passports after a software update caused a printing defect.
- Dutch Port Hacker Sentenced to Prison – The 44-year-old individual planted remote access malware on a logistics firm’s systems, with help from employees.
- Convincing LinkedIn comment-reply tactic used in new phishing – Scammers are flooding LinkedIn posts this week with fake “reply” comments that appear to come from the platform itself, warning users of bogus policy violations and urging them to visit an external link.
- Former U.S. Navy Sailor Sentenced to 200 Months for Spying for China – Former U.S. Navy sailor Jinchao Wei was sentenced to 200 months in prison for selling sensitive military information about Navy ships to a Chinese intelligence officer for $12,000 between 2022 and 2023.
- Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen – Everest ransomware claims to have breached Nissan Motor Corporation, alleging the theft of 900GB of internal data, including documents and screenshots.
- Spanish Energy Company Endesa Hacked – Hackers stole complete customer information, including contact details, national identity numbers, and payment details.
- California bans data broker reselling health data of millions – The California Privacy Protection Agency (CalPrivacy) has taken action against the Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker.
- Man to plead guilty to hacking US Supreme Court filing system – A resident of Springfield, Tennessee, is expected to plead guilty to hacking the U.S. Supreme Court’s electronic document filing system dozens of times over several months.
- US gov’t: House sysadmin stole 200 phones, caught by House IT desk – Scheme allegedly cost taxpayers $150,000.