NBC News reports that cosmetics retailer Sephora has agreed to pay $1.2 million to settle with California for charges alleging its failure to adhere to online privacy rules under the state's Consumer Privacy Act.
Sephora was found by the office of Calif. Attorney General Rob Bonta to have failed to disclose the sale of consumer data with third-party companies. Bonta also claimed that Sephora failed to honor opt-out requests for the sale of information, as well as address the violations.
Sephora pushed back on the definition of 'sale' of data as stated in the California law.
"'Sale' includes common, industry-wide technology practices such as cookies, which allow us to provide consumers with more relevant Sephora product recommendations, personalized shopping experiences and ads," said Sephora in a statement, adding that no data breach has impacted the cosmetics retailer.
More than 100 violation notices have already been issued by Bonta to other companies across the state.
Cybercrime operation Gold Melody, also known as UNC961 and Prophet Spider, has been discovered by SecureWorks Counter Threat Unit researchers to be an initial access broker peddling compromised network access for further attacks, according to The Hacker News.