India‘s largest health insurer, Star Health, is investigating allegations that its Chief Information Security Officer (CISO), Amarjeet Khanuja, was involved in a data breach linked to a hacker named xenZen. The hacker, who used Telegram chatbots and websites to distribute customers’ medical records and personal data, claimed that Khanuja ‘sold all this data to me.’ Star Health stated that Khanuja is cooperating with the investigation, which has so far found no evidence of his involvement.
Star Health has initiated legal proceedings against Telegram and the hacker known as xenZen after reports surfaced that the hacker exploited the platform’s chatbots to leak customer data and created websites for easier access. The company stressed that it was a victim of a targeted cyberattack, resulting in unauthorised access to specific information. Independent cybersecurity experts are currently conducting a forensic investigation, and Star Health is collaborating closely with authorities. According to the company’s preliminary assessment, there is no evidence of widespread data compromise, and sensitive customer information is reported to be secure.
A Tamil Nadu court has issued a temporary injunction requiring Telegram and the hacker xenZen to block any chatbots or websites in India that share leaked data. Telegram, which is under heightened scrutiny for its platform’s role in illegal activities, has not yet commented on the lawsuit. In contrast, the hacker has expressed a willingness to participate in the court hearings online. Although Telegram had previously removed flagged chatbots, xenZen’s website remains operational, enabling users to access samples of policy-related data with just a click. In response, Star Health has called on all platforms and users to take swift action to prevent further data exposure.
Mexico has become the focal point for cybercrime in Latin America, accounting for over 50% of all reported cyber threats in the region during the first half of 2024, according to a study by cybersecurity firm Fortinet. With 31 billion cybercrime attempts, hackers are taking advantage of Mexico’s strategic ties with the US and booming industries like logistics and manufacturing, which are being targeted for larger ransom payouts.
Fortinet’s report highlighted how cybercriminals are using advanced tools, such as AI, to streamline attacks and focus on specific sectors for maximum impact. The rapid shift of production closer to the US, known as nearshoring, has made Mexico’s electronics and automotive industries prime targets. Despite a slight dip in attack numbers compared to last year, the overall threat level remains significant.
Experts, including Fortinet executives, emphasised the need for Mexico to strengthen its cybersecurity laws. While President Claudia Sheinbaum has pledged to establish a cybersecurity and AI center, there has been no mention of legal measures yet. Cybersecurity professionals warn that urgent action is needed as Mexico’s role in global supply chains continues to grow.
The Bureau of Industry and Security (BIS) of the US Department of Commerce has introduced a Notice of Proposed Rulemaking to address national security risks associated with the connected vehicle supply chain, particularly concerning foreign adversaries such as China and Russia. Building on Executive Order 13873, which focuses on securing the US information and communications technology supply chain, the proposed rule outlines three main categories of prohibited transactions.
First is importing vehicle connectivity system (VCS) hardware from entities owned or controlled by China or Russia. Second, the sale of completed connected vehicles that incorporate software developed by these foreign adversaries and third, restrictions on manufacturers linked to these countries from selling connected vehicles.
Additionally, the rule mandates compliance mechanisms, including mandatory annual Declarations of Conformity certifying adherence to regulations and general and specific authorisations for certain otherwise prohibited transactions. Furthermore, it imposes recordkeeping requirements that necessitate maintaining documentation related to compliance declarations for ten years.
Notably, prohibitions on software are set to take effect for the model year 2027, while hardware prohibitions will begin in 2030. In addition, violations of the proposed rule may incur significant penalties, with civil fines reaching up to $368,136 and criminal penalties as high as $1 million. The regulatory framework reflects the US government’s commitment to safeguarding national security by regulating the import and sale of connected vehicle systems tied to foreign adversaries.
Why does it matter?
Consequently, it underscores the importance of compliance for stakeholders in the automotive and technology sectors, highlighting the need for vigilance in navigating these new regulatory challenges.
Argentina’s Federal Public Revenue Administration (AFIP) has appointed a Data Protection Officer (DPO). Data protection experts in the country have long expressed concern about the urgent need to implement this figure in Argentine public bodies, especially considering the security incidents and leaks of sensitive information reported in the past years.
The DPO figure is widely recognised internationally by regulations like the General Data Protection Regulation (GDPR) of the European Union and the General Data Protection Law (LGPD) of Brazil but has not been implemented in Argentina yet, although a resolution by the Agency for Access to Public Information (AAIP) established a model policy for the protection of personal data for public bodies.
According to Daniel Monastersky, an expert in Data Governance in the region, that measure represents a significant advance in compliance with personal data protection regulations. It also sets an important precedent for other state institutions.
Telecommunications Regulatory Authority (TRA) in Oman has launched several initiatives to protect children’s internet usage in Oman, responding to alarming statistics revealing that nearly 86% of children in the Sultanate engage with the internet. Recognising that a substantial portion of this demographic spends considerable time online, 43.5% using it for information searches and 34% for entertainment and communication, the authority is actively pursuing a proposed law to regulate children’s internet activities.
The initiative aligns with ITU’s definition of a child, per Oman’s Child Protection Law No. 22/2014, which defines children as individuals under 18. Among these initiatives are the ‘Be Aware’ national awareness campaign, aimed at educating families on safe internet practices, the Secure Net program developed in partnership with Omantel and UNICEF to offer parental control features, and the Safe Net service designed to protect users from online threats such as viruses and phishing attacks.
Through these efforts, the TRA is committed to promoting a safe and responsible digital environment for children in Oman. By addressing the growing challenges of internet usage among minors, the authority aims to foster a culture of awareness and security that empowers families and protects the well-being of the younger generation in the digital landscape.
Elon Musk has reignited his legal fight with OpenAI, accusing the company’s co-founders of manipulating him into investing in the nonprofit startup before turning it into a for-profit business. Musk claims they enriched themselves by draining OpenAI’s key assets and technology. OpenAI, however, has dismissed these claims, describing the lawsuit as part of Musk’s efforts to gain a competitive edge.
OpenAI, which transitioned to a for-profit subsidiary in 2019, attracted billions in outside funding, including from Microsoft. Musk argues the company deviated from its original mission, but OpenAI maintains it remains committed to developing safe and beneficial AI. The startup also suggested Musk’s departure came after his attempt to dominate the organisation failed.
OpenAI has had a turbulent year with leadership changes and rapid growth. The company’s headcount more than doubled, and despite losing key figures, it remains a major player in AI innovation. Recent investments pushed OpenAI’s valuation to $157 billion, underscoring continued investor confidence.
Musk’s ongoing rivalry with OpenAI coincides with his other AI ventures, including xAI, which he launched in 2023. He’s also facing allegations in a Delaware lawsuit accusing his AI company of draining talent and resources from Tesla, potentially harming shareholders.
Turkey has blocked access to the messaging platform Discord after the company refused to share information requested by the government. A court in Ankara issued the decision, citing concerns over child sexual abuse and obscene content being shared by users on the platform. The Information Technologies and Communication Authority confirmed the ban.
The action follows outrage after a 19-year-old in Istanbul murdered two women, with Discord users allegedly praising the incident online. Justice Minister Yilmaz Tunc explained that there was sufficient suspicion of illegal activity linked to the platform, which prompted the court to intervene.
Transport Minister Abdulkadir Uraloglu added that monitoring platforms like Discord is difficult, as security forces can only act when users report content. Discord’s refusal to provide data, such as IP addresses, further complicated the situation, leading to the decision to block the service.
The ban in Turkey coincides with a similar action in Russia, where Discord was blocked for violating local laws after failing to remove prohibited content. The platform has faced growing scrutiny over its handling of illegal activity.
Marriott International will implement an information security program following a settlement with the US Federal Trade Commission (FTC) over data breaches that impacted more than 344 million customers between 2014 and 2020. The settlement requires Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, to address the vulnerabilities that led to multiple breaches over several years.
The hotel chain also agreed to provide US customers with a way to request deletion of their personal data linked to their email address or loyalty rewards account. In addition, Marriott will review loyalty rewards accounts upon request and restore stolen points. A separate settlement sees Marriott paying $52 million to resolve similar data security claims across 49 states and the District of Columbia.
Marriott has stated that protecting guests’ personal data remains a top priority and that the company continues to invest heavily in improving its cybersecurity measures. However, Marriott did not admit liability for the breaches in either the FTC settlement or the agreements with state Attorneys General.
In 2020, the company faced a class action lawsuit in London brought by millions of former guests seeking compensation after their personal information was compromised during the breaches, considered one of the largest in history.
Russia‘s communications regulator, Roskomnadzor, has blocked the messaging platform Discord for alleged violations of Russian law, according to the TASS news agency. The San Francisco-based company becomes the latest foreign tech platform to face restrictions in Russia. Discord has yet to respond to the decision.
For years, Russia has pressured foreign tech companies to remove content it deems illegal, imposing frequent, though generally small, fines for non-compliance. Last week, Roskomnadzor ordered Discord to delete nearly 1,000 pieces of content it classified as illegal and had previously fined the platform for failing to remove banned material.
Moscow has also blocked other major platforms, including Twitter (now X), Facebook, and Instagram, shortly after the invasion of Ukraine in February 2022.
LEGO Group’s website was briefly compromised on 5 October, with a scam promoting a fake ‘LEGO Coin’ token appearing on the homepage. The message encouraged users to purchase the token in exchange for ‘secret rewards’ but redirected them to a phishing site. The scam was removed after about 75 minutes, and LEGO confirmed that no user accounts had been compromised.
LEGO has since assured customers that the issue has been resolved and steps are being taken to prevent future incidents. Despite earlier hints in 2021 about entering the NFT space, LEGO has not officially pursued any crypto-related ventures.
This incident highlights the ongoing threat of cryptocurrency scams, which saw $127 million stolen from victims in the third quarter of 2024, with September alone accounting for $46 million in losses.
