Recent Class-Action Settlement and FCC Fine Underscore the High Costs of Failed Data Security


Two notable data breaches, each impacting millions of US consumers, resulted in companies paying over $40 million in fines or settlements in mid-September, including 23andMe settling a class-action suit for $30 million and AT&T agreeing to pay the Federal Communications Commission (FCC) a $13 million fine. The AT&T fine was related to a data breach impacting an AT&T cloud vendor in 2023, while the 23andMe incident was related to a credential stuffing attack that led to data compromise of nearly 7 million user accounts.

The 23andMe settlement pertains to an incident that was first announced in October 2023, after the intrusion had been going on for 6 months. In a statement to USA Today, a 23andMe representative said the company reached a settlement of $30 million related to a class-action suit “to settle all US claims regarding the 2023 credential stuffing security incident.” The company expects that $25 million of the settlement and associated legal fees will be covered by their cyber insurance policy.

Credential stuffing attacks utilize username and password pairs compromised in data breaches, attempting to access accounts created by the breach victim using the same credential pair, typically via bots or automated means. The parties behind the credential stuffing attacks were able to successfully gain access to 14,000 23andMe customer accounts, then access the ancestry data of 6.9 million profiles connected via DNA Relative profiles and Family Tree service features.

Compromised data include user account information, dates of birth, family names, location, DNA matches and more. 23andMe has also agreed to strengthen security protocols including enhanced protections against credential stuffing attacks.

AT&T reached an agreement to pay the FCC a $13 million fine following “investigation into the company’s supply chain integrity and whether it failed to protect the information of AT&T customers in connection with a data breach of a vendor’s cloud environment,” as stated in an FCC press release. The FCC found in their investigations that AT&T failed to ensure this vendor adequately protected customer information or return/destroy customer information as required by contract.

In addition to the fine, AT&T will “make significant investments in and prioritize the safeguarding of customer’s information shared with third parties.” Note that this fine is related to a 2023 incident, and that a more recent AT&T data breach made public in July of may result in significantly large fines or settlements.


Source link
ScamBuzz

Share
Published by
ScamBuzz

Recent Posts

Audit executives, regulators move to curb fraud in financial sector – Guardian Nigeria

Audit executives, regulators move to curb fraud in financial sector  Guardian Nigeria Source link

7 minutes ago

TRUSTED CRYPTOCURRENCY RECOVERY EXPERT FOR HIRE; HIRE CYBER CONSTABLE INTELLIGENCE

I was part of Harborview Capital Partners, a venture capital firm in New Zealand, when…

9 minutes ago

विश्व के सबसे बड़े घोटाले | Biggest Financial Scams #scam #financequiz #shorts

विश्व के सबसे बड़े घोटाले | Biggest Financial Scams of the 21st Century | Ultimate…

10 minutes ago

How to Use ChatGPT to Create a Digital Product in 24 Hours (Make money on demand!)

📌Grab my Reels to Riches Playbook: https://coursescashflowgo.com/first-training?sl=YT030525 💰Free Training - How To Make Money On…

12 minutes ago

Biggest Cyber Threats to the Healthcare Industry Today – Dark Reading

Biggest Cyber Threats to the Healthcare Industry Today  Dark Reading Source link

28 minutes ago

PowerSchool data breach preceded by months-long systems compromise – SC Media

PowerSchool data breach preceded by months-long systems compromise  SC Media Source link

28 minutes ago