At a glance.
- Amazon's European privacy issue.
- School district data exposed.
- A look at the Ryuk ransomware operation.
Amazon potentially faces largest GDPR fine ever.
The EU has drafted a decision to fine Amazon $425 million (or roughly 2% of the tech giant’s 2020 net income) for violation of the General Data Protection Regulation (GDPR), the Wall Street Journal reports. The CNPD, Luxembourg’s privacy commission and Amazon’s lead EU privacy regulator (Amazon’s EU headquarters are located in the Grand Duchy), has proposed the sanction for alleged data collection and handling violations. If approved by the EU’s other privacy authorities, this would be the largest fine since the GDPR was implemented in 2018. Though the details of Amazon’s offenses have not been disclosed, the size of the fine signifies a shift in the EU toward holding tech companies to task for their data privacy policies.
Ireland, which oversees privacy regulations for Facebook, Google, and Apple, also plans to draft decisions for several privacy cases this year.
US school district data exposed in cyberattack.
Union Community School District in the US state of Iowa has disclosed that an intruder gained unauthorized access to its computer systems in April, the Courier reports. The attack temporarily disrupted the district’s servers, and the subsequent investigation found the intruder had accessed school data. “Those documents are currently under review, and the District is committed to providing additional information to the community as quickly as possible,” Superintendent Travis Fleshner explained.
The relentless menace of Ryuk.
The Wall Street Journal offers a profile of the infamous Ryuk ransomware gang, responsible for numerous recent cyberattacks that crippled US medical institutions. The world’s most active ransomware group, Ryuk was tied to a third of the 203 million ransomware attacks in the US last year and raked in at least $100 million in ransom payouts. While some threat groups have avoided targeting vulnerable institutions like hospitals, especially during the pandemic, Ryuk has attacked more than two hundred thirty healthcare providers (lucrative targets due to their dependence on electronic records and their weak cybersecurity protections) since the gang was first identified in 2018. “They do not care. Patient care, people dying, whatever. It doesn’t matter,” explained Bill Siegel, CEO of ransomware recovery firm Coveware. Having emerged from a larger Eastern European threat group called the Business Club that US officials have been tracking since they began hijacking consumer bank accounts in 2007, Ryuk’s tenacity stems from its ability to revamp its strategies whenever authorities take chase. For instance, after US Cyber Command and Microsoft attempted to shut down the Ryuk botnet last September, the hackers wrote more resilient code, and the botnet recently switched to distributing Conti software, which experts suspect Ryuk has been renting to other hackers in a ransomware-as-a-service operation. While experts on Eastern European cybercrime say Ryuk has ties to Russian government security services, Moscow has denied any involvement.