Class Action Lawsuits Emerge Following Large Job Applicant Data Breach
Description
DISA Global Solutions provides comprehensive background checks and drug testing services that help employers maintain workplace safety, ensure regulatory compliance, and manage risk through pre-employment screening programs and ongoing workforce monitoring solutions. On April 22, 2024, DISA detected a cyber incident within its network. They launched an immediate probe that determined that an unauthorized actor had gained access between February 9, 2024, and April 22, (more…)
Cybersecurity and Parking Apps – ParkMobile Settlement Offers $32 Million to Affected Users
Description
The use of parking apps has grown substantially in recent years. Parking apps also intake a great deal of personal information from drivers that use it. This makes them potential targets. March 5, 2025 was the final data to submit a claim for a share of the $32.8 million settlement involving the data breach of ParkMobile in March of 2025. ParkMobile is one of (more…)
The Cost of Neglecting Reasonable Security
Description
Regulatory agencies and courts don’t expect your organization to implement every possible security measure, but they do require you to take reasonable steps to protect your environment. A prime example is eyewear retailer Warby Parker, which was fined $1.5 million by the Department of Health and Human Services on February 20, 2025, for failing to meet security compliance standards. The imposed fine is regarding (more…)
Class Action Suit Illustrates Importance of an Incident Response Plan
Description
On January 13, 2025, Brittany Canup, a former Gas Express employee who last worked for the company in 2020, received a letter from her former employer informing her that the personal information retained by her former employer may have been compromised in a security incident that occurred on May 20, 2024, when unauthorized parties gained access to some of the company’s internal systems. According (more…)
Managing AI Risks in Organizational Adoption and Usage
The Heist
It started with an email. A routine request from the CFO to the finance department, instructing them to expedite payment to a new vendor. The message bore all the usual signs of legitimacy—familiar language, corporate jargon, and even the CFO’s signature, perfectly replicated. The email security system flagged nothing unusual.
The finance team complied, unaware that the CFO (more…)
The Silent Threat: How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities
While organizations rightly prioritize protecting employee accounts from cybersecurity threats, particularly those with elevated privileges, service accounts too often receive less attention despite their critical nature. Service accounts operate silently in the background, running critical business applications and services that are essential for operations.
The importance of securing service accounts is now formally recognized in PCI DSS v4.0.1, which introduces new requirements taking effect March 31, (more…)
Satisfying the SAQ-A Eligibility Criteria Update
Are You Outsourcing eCommerce?
Our recent article PCI SSC Updates SAQ A: Removal of Key E-Commerce Security Requirements & New Eligibility Criteria outlined significant requirement updates – who this affects and next steps. These requirements are still part of PCI DSS v4.0.1 and the March 31, 2025 deadline. However, SAQ type A merchants are no longer required to validate compliance with them, as long as (more…)
The New PCI DSS v4.0.1 Software Catalog Mandate: Are You Ready?
Some of the 51 future dated requirements of the new PCI DSS v4.0.1 that become effective on March 31, 2025, are related to inventory management. Let’s start by talking about software. In the digital era, software has become the fundamental engine powering organizational operations, and your organization undoubtedly relies on a variety of software applications to conduct business, many of which are bespoke or (more…)
