DataBreachToday.com

Vendor Providing Employee Screenings Across Multiple Sectors Reports Cyber Incident
DISA Global Solutions, a third-party administrator of background checks and drug and alcohol testing for employers in multiple industries, said 3.3 million individuals are affected by a data theft incident that happened a year ago. The firm is already facing several lawsuits involving the breach.

Swedish Prime Minister Proposes Fast-Tracking Bill to Surveil Minors
A proposal by the Swedish prime minister to fast track legislation allowing police to surveil minors could cause end-to-end encrypted chat app Signal to leave the country. The government in effect is asking for backdoor access, said Signal President Meredith Whittaker.

CEO Raymond Brancato: Ex-Skybox Customers Get Express Onboarding, Flexible Pricing
Tufin has purchased select Skybox assets and business information, focusing on migrating affected customers to its platform. CEO Raymond Brancato outlines the company's transition strategy, including special pricing, dedicated support and plans to hire former Skybox Security employees.

Republicans Block Probe Into Cyber Workforce Cuts, DOGE Access to Federal Systems
Republican lawmakers on the U.S. House Committee on Homeland Security blocked a Democratic effort to investigate Elon Musk's access to sensitive federal networks and the impact of President Donald Trump's hiring freeze on an already strained cyber workforce.

'Have I Been Pwned' Flags Emails Found in Infostealer Malware Logs It Obtains
How bad has the information stealing malware problem become? Here's a metric: The free breach-notification service Have I Been Pwned found a single infostealer service provided "284 million unique email addresses alongside the websites they were entered into and the passwords used."

Claude 3.7 Sonnet Can Give Rapid or Deliberate, Complex Answers to Prompts
Anthropic introduced a new artificial intelligence model designed to adapt its reasoning time based on user preferences. Marketed as the industry's first "hybrid AI reasoning model," Claude 3.7 Sonnet aims to deliver rapid responses and more deliberate, complex answers to prompts.

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the Last
A proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the Last
A proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington State's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.

Some Lawmakers Fear Regulation Could Stymie Innovation
The British Labour Government has reportedly delayed plans to put forward a draft bill on artificial intelligence over concerns that binding AI regulation could stifle the country's AI growth potential. A spokesperson said the government remains "committed to bringing forward a legislation."

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat
The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information Security Media Group.

eSafety Regulator Seeks Platform's Policy on Extremist and Child Sexual Content
Australia regulators on Monday fined social networking company Telegram nearly 1 million Australian dollar for delaying its response to questions on how the company regulates violent, extremist and child sexual content on its platform. Telegram was the only media firm to miss the May 6 deadline.

Disruptive Data-Stealing Attackers Hit Vehicle Retail Giant Right Before Christmas
Cyber resilience lessons learned: In the wake of a disruptive ransomware attack, the head of automotive retail giant Arnold Clark said continually practicing and refining the organization's resilience plan has driven its response time down from at least 12 hours, to just one or two.

Group Cross-Referenced Open-Source Victim Intelligence With Infostealer Hauls
The leak of 200,000 internal chat messages for the Black Basta operation provides an overview of how a modern ransomware group organizes itself to take down victims in the most efficient, profit-maximizing manner possible, using a variety of tactics that should be, in theory, easy to repel.

A proposed state privacy law awaiting the signature of New York State's governor promises to make the processing of and sale of health information by a wide array of organizations much more complicated and restrictive, said regulatory attorney Angie Matney, who explains why.

Report Also Flags Threats Linked to North Korea, Iran
Chinese influence operations are using artificial intelligence to carry out surveillance and disinformation campaigns, OpenAI said in its latest threat report. The report details two major Chinese campaigns that misused AI tools, including OpenAI's own models, to advance state-backed agendas.

Crypto Firm Offers Up to $140M Bounty for Recovery of Hacked Funds
Hacked crypto exchange Bybit replenished the $1.4 billion in Ether stolen days ago, CEO Ben Zhou said Monday. A new proof-of-reserves audit will confirm that client assets are back to a 1:1 ratio using a Merkle Tree verification system, Zhou tweeted.

Citing Security Concerns, Australia Joins Others in Banning Anti-Virus Products
The Australian Department of Home Affairs on Friday banned the use of Kaspersky Lab products in public offices citing an "unacceptable security risk" to the government networks and data. All government offices must uninstall all Kaspersky products and report the completion of the task to the agency.

Withdrawal of Advanced Data Protection for British Users Could Have Global Impact
Apple's decision to withdraw iCloud end-to-end encryption in the United Kingdom has privacy and security advocates worried that the British government could scan and surveil sensitive information of Apple users worldwide. Apple on Friday deactivated its Advanced Data Protection feature in the U.K.