New York’s Department of Financial Services hit OneMain Financial with a massive penalty, reflecting the severity of security failures found during an audit tied to multiple data breaches.

Researchers say the newly discovered malware targeting electric utilities is becoming easier for threat groups to leverage against OT and ICS systems.

After the Supreme Court overturned Roe v. Wade, Google committed to modifying data retention policies for sensitive locations that could put users at risk.

New York’s investigation into Practicefirst Medical after a reported breach impacting 1.2 million individuals found serious security program failures, including a failed software patch.

HIPAA requires entities to disclose breaches within 60 days, but it took 18 months for Apria Healthcare to inform over 1.8 million patients.

U.S. announces fresh sanctions against DPRK operatives the same day details emerged of the latest reconnaissance campaign by one of the rogue state’s infamous APT groups.

The FBI is working with the Louisville-based health network as it works to recover from a May 9 cyberattack. This week’s healthcare data breach roundup also includes a hack of PillPack accounts.

Google must also increase transparency about its location tracking settings, after a Washington state investigation determined consumers didn’t have control over their data privacy.