Intesa Sanpaolo has confirmed it alerted Italy’s data protection authority regarding a data breach caused by one of its employees after carrying out detailed investigations into the incident. The bank explained that the notification was made only after conducting careful checks on the events surrounding the violation.
Despite media reports, Intesa has not yet received any formal communication from prosecutors. News agency ANSA previously reported that both the bank and its employee are being investigated following the data breach.
The breach, which is said to have affected thousands of customers, includes the personal data of high-profile individuals such as Prime Minister Giorgia Meloni. The investigation has raised concerns about data security at one of Italy‘s largest financial institutions.
As the situation develops, the bank faces increasing scrutiny over its handling of the breach, with both authorities and the public awaiting further details on the investigation.
The UK government prioritises adopting innovative technologies through its draft industrial strategy, ‘Invest 2035.’ The comprehensive plan aims to accelerate the integration and scaling of new technologies across eight key growth sectors, including cybersecurity solutions and ensuring that all emerging technologies are secure by design.
To support this technological advancement, the strategy focuses on strengthening cyber resilience by enhancing supply chain resilience to mitigate vulnerabilities that could impede long-term growth. Implementing strengthened cyber resilience measures is essential for safeguarding growth-driving sectors against potential digital threats, thereby reinforcing the overall security of the economy.
Additionally, a crucial element of the strategy is the investment in skills and workforce development, as the UK government acknowledges the need to prepare the workforce for future challenges through substantial investments in skills and training. Promoting cybersecurity education is vital, empowering individuals and organisations to protect themselves better and leverage technological advancements.
Furthermore, the draft strategy emphasises public consultation and stakeholder engagement, inviting input from businesses, experts, unions, and other stakeholders to refine the plan before its final publication in spring 2025. The government also highlights the importance of collaboration between itself and the cyber industry, as these partnerships are essential for addressing existing challenges, such as the skills gap and outdated cyber laws. Ultimately, this strategy aims to support the growth of a secure and resilient economy, fostering an environment where organisations can thrive safely in an increasingly digital world.
The Cyber Security Agency of Singapore (CSA) has launched its Guidelines and Companion Guide on Securing AI Systems at the Singapore International Cyber Week (SICW) 2024, highlighting the critical need for AI systems to be secure by design and by default. These guidelines aim to assist organisations in implementing AI securely by identifying potential threats such as adversarial attacks and data breaches.
Furthermore, they provide essential security controls and best practices principles, referencing established international standards to ensure alignment with global best practices. To effectively mitigate risks throughout the system’s lifespan, CSA advocates for a holistic approach across five key stages of the AI life cycle – Planning and Design, Development, Deployment, Operations and Maintenance, and End of Life.
In addition, the Companion Guide serves as a community-driven resource that offers practical measures for system owners, thereby reinforcing the importance of collaboration in addressing AI security challenges. Moreover, the development of the Guidelines was enriched by a public consultation conducted from 31 July to 15 September 2024, which received valuable feedback from various stakeholders, including AI and tech companies, cybersecurity firms, and professional associations.
That input was instrumental in refining the guidelines, improving clarity, and ensuring alignment with international standards. Consequently, CSA encourages organisational leaders, business owners, and AI and cybersecurity practitioners to adopt these Guidelines as a strategic imperative to enhance the overall cybersecurity posture of AI systems. By doing so, organisations can foster user confidence in their AI implementations, ultimately promoting innovative, safe, and effective outcomes.
WhatsApp is facing potential sanctions from India’s Competition Commission (CCI) over its controversial 2021 privacy policy update, which has raised significant privacy concerns. The CCI is reportedly preparing to take action against the messaging platform, owned by Meta, for allegedly breaching antitrust laws related to user data handling. The policy, which allows WhatsApp to share certain user data with Meta, has faced widespread criticism from regulators and users who view it as intrusive and unfair.
The CCI’s investigation suggests that WhatsApp’s data-sharing practices, particularly involving business transaction data, may give Meta an unfair competitive advantage, violating provisions against the abuse of dominance. A draft order has been prepared to penalise both WhatsApp and Meta, as the CCI’s director general has submitted findings indicating these violations.
In response, WhatsApp stated that the case is still under judicial review and defended its privacy policy by noting that users had the choice to accept the update without losing access to their accounts. If sanctions are imposed, this could represent a pivotal moment in India’s efforts to regulate major tech firms and establish precedents for the intersection of privacy and competition laws in the digital age.
A bipartisan group of US lawmakers is demanding answers from major telecom companies such as AT&T, Verizon, and Lumen Technologies after reports that Chinese hackers accessed sensitive US broadband networks. According to The Wall Street Journal, the breach involved systems the federal government uses for court-authorised wiretapping, sparking concerns about national security.
Led by House Energy and Commerce Committee Chair Cathy McMorris Rodgers and Democrat Frank Pallone, the lawmakers have requested a briefing and detailed answers from the companies by next Friday. They want to know what data was compromised and when the telecoms discovered the intrusion, pointing to broader cybersecurity risks embedded in US telecommunications networks.
While AT&T and Lumen declined to comment, and Verizon has not yet responded, China’s foreign ministry denied involvement, accusing the US of fabricating the allegations. The timeline of the hacking remains unclear, but reports suggest that the hackers may have had access to the networks for months, potentially compromising vast amounts of internet traffic and communication data.
As much as $1.3 billion in Ethereum, seized from the notorious PlusToken Ponzi scheme, is expected to be sold on exchanges soon. On-chain analysts have confirmed that a portion of the 542,000 ETH remaining from the scheme has already been transferred to platforms like Binance and OKX, suggesting plans to sell off the assets.
The PlusToken scheme, which was dismantled in China in 2019, attracted millions of participants and saw vast amounts of cryptocurrency seized. Analysts warn that any significant liquidation of this Ethereum could increase selling pressure, possibly affecting its market value, which is currently around $2,448.
Experts from blockchain analytics firms are monitoring the situation closely. They suggest that the sale of such a large amount of Ethereum could have a ripple effect on the crypto market, leading to potential price drops and further impacting investor sentiment.
British police forces are scaling back their presence on X, formerly known as Twitter, due to concerns over the platform’s role in spreading extremist content and misinformation. This decision comes after riots broke out in the UK this summer, fueled by false online claims, with critics blaming Elon Musk’s approach to moderation for allowing hate speech and disinformation to flourish. Several forces, including North Wales Police, have stopped using the platform altogether, citing misalignment with their values.
Of the 33 police forces surveyed, 10 are actively reviewing their use of X, while others are assessing whether the platform is still suitable for reaching their communities. Emergency services have relied on X for more than a decade to share critical updates, but some, like Gwent Police, are reconsidering due to the platform’s tone and reach.
This shift is part of a larger trend in Britain, where some organisations, including charities and health services, have also moved away from X. As new online safety laws requiring tech companies to remove illegal content come into effect, digital platforms, including X, are facing growing scrutiny over their role in spreading harmful material.
Star Health, India‘s largest health insurer, has revealed it received a $68,000 ransom demand following a data breach that exposed customer details, including medical records. The cyberhacker used Telegram chatbots and a website to leak sensitive information, leading to significant reputational damage and a drop in the company’s stock value.
The hacker, who made the ransom demand in August, sent the request to Star Health’s managing director and CEO. While the company has launched an internal investigation, it also faces allegations that its chief security officer was involved in the data leak, although no evidence of wrongdoing has been found so far.
Star Health has taken legal action against both the hacker and Telegram, which has not permanently banned the accounts linked to the hacker. The company has sought help from Indian cybersecurity authorities to identify the individual behind the attack.
Telegram has not responded to requests for comment but previously removed the chatbots linked to the hack after Reuters brought them to its attention. The investigation continues as Star Health works to contain the damage from the breach.
Donald Trump‘s presidential campaign has strengthened its cybersecurity measures by acquiring secure mobile phones and laptops after facing Iranian cyberattacks and assassination threats. The campaign partnered with Green Hills Software, a California-based company known for its secure operating systems used by various US agencies. The customised phones are designed for basic functions like calls and texts, featuring advanced security protocols such as end-to-end encryption and two-factor authentication.
Green Hills Software CEO Dan O’Dowd, who initiated contact with the campaign, stressed the importance of safeguarding the democratic process. Though the campaign has not made any public statements, insiders revealed that security devices have recently been upgraded. This decision comes after the Iranian hacking group APT42 infiltrated the campaign’s internal communications during a recent cyber espionage operation.
The newly acquired devices create a secure communication network, allowing only those using the same system to connect. The campaign also invested in secure laptops designed to operate in an isolated environment, following the same security principles as the phones. Green Hills Software’s technology is already trusted by US military branches and FBI field offices to maintain secure communications and protect sensitive data.
Meta Platforms announced it had removed a network of accounts targeting Russian speakers in Moldova ahead of the country’s October 20 election, citing violations of its fake accounts policy. Moldovan authorities have also blocked numerous Telegram channels and chatbots allegedly used to pay voters to cast “no” votes in a referendum on EU membership being held alongside the presidential election. Pro-European President Maia Sandu, seeking a second term, has made the referendum central to her platform.
The deleted Meta accounts targeted President Maia Sandu, pro-EU politicians, and the strong ties between Moldova and Romania while promoting pro-Russia parties. This network featured fake Russian-language news brands masquerading as independent media across various platforms, including Facebook, Instagram, Telegram, OK.ru, and TikTok. Meta’s actions involved removing multiple accounts, pages, and groups to combat coordinated inauthentic behaviour.
Moldova’s National Investigation Inspectorate has blocked 15 Telegram channels and 95 chatbots that were offering payments to voters, citing violations of political financing laws. Authorities linked these activities to supporters of fugitive businessman Ilan Shor, who established the ‘Victory’ electoral bloc while in exile in Moscow. In response, Moldovan police have raided the homes of Shor’s associates, alleging that payments were funnelled through a Russian bank to influence the election. Shor, who was sentenced in absentia for his involvement in a significant 2014 bank fraud case, denies the bribery allegations. Meanwhile, President Maia Sandu accuses Russia of attempting to destabilise her government, while Moscow claims that she is inciting ‘Russophobia.’
