All news with #lawsuit tag

Google Sues to Dismantle 'Lighthouse' Smishing Kit

🛡️ Google has filed a civil lawsuit in the Southern District of New York to dismantle Lighthouse, a phishing-as-a-service kit used to power large-scale SMS phishing (smishing) campaigns. The company says the kit — likely run from China and marketed on Telegram — offered more than 600 templates mimicking over 400 organizations and targeted more than one million people across 121 countries. Google is pursuing legal remedies and supporting new legislation while deploying technical protections such as AI-powered scam flagging and expanded account recovery options.

4th Circuit Lowers Proof Threshold in Data Breach Suits

🔒 In October the 4th U.S. Circuit Court of Appeals ruled that listing stolen consumer data on the dark web can be sufficient to let plaintiffs proceed in data-breach lawsuits. The panel determined that dark-web publication — paywalled or not — increases the risk of fraud and is therefore materially different from mere theft. CISOs should monitor dark-web exposure and preserve evidence of publicization to assess legal and financial risk.

ACCC Sues Microsoft Over Copilot Subscription Practices

📝 The Australian Competition and Consumer Commission (ACCC) has sued Microsoft, alleging it misled 2.7 million Australian Microsoft 365 subscribers when integrating Copilot by obscuring the option to remain on existing plans at the same price. The ACCC says renewal communications presented the AI‑enabled tiers as the apparent way to keep service active while the choice to stay was only visible via the cancellation flow. The complaint alleges breaches of multiple Australian Consumer Law provisions and seeks civil penalties, injunctions, and consumer compensation. Microsoft says it is reviewing the ACCC's claim and will cooperate with the regulator.

Class Action in Germany Targets Meta over 2021 Facebook Leak

⚖️ A German consumer association has launched a model declaratory action against Meta after data from more than 530 million Facebook users was posted on the dark web in April 2021. The Federation of German Consumer Organisations argues Meta failed to protect user data and to inform affected people adequately. Plaintiffs seek tiered compensation of €100–€600 and the Hanseatic Higher Regional Court will first address jurisdictional and formal matters in the hearing.

LinkedIn Sues ProAPIs Over Use of 1M Fake Accounts

⚖️ LinkedIn has filed suit against Delaware-based ProAPIs Inc. and its founder, Rehmat Alam, alleging the company created more than one million fake accounts to scrape member data using a product called iScraper API. The complaint, filed in California, accuses ProAPIs of violating LinkedIn’s terms of service and of using invalid credit cards to obtain premium access. LinkedIn seeks a permanent injunction, deletion of scraped data, and payment of damages and attorney fees.

FTC Sues Sendit for Alleged Illegal Collection of Child Data

🔔 The FTC has filed a lawsuit against Iconic Hearts Holdings Inc., the operator of Sendit, and its CEO Hunter Rice, alleging unlawful collection of personal data from users under 13 and deceptive subscription practices. The complaint claims Sendit collected phone numbers, birthdates, photos, and social media usernames without parental consent, created fake anonymous messages (some deliberately provocative), and misrepresented a paid "Diamond Membership" while imposing recurring charges. The FTC has referred the matter to the Department of Justice; the allegations remain unproven.

TaskUs Employee Allegedly Central to Coinbase Breach

🔒 A US court filing identifies a TaskUs employee as a key conspirator in the December 2024 breach of Coinbase, a compromise publicly disclosed in May 2025. Prosecutors allege support agents were bribed and recruited to steal customer PII, impacting almost 70,000 users and facilitating social engineering and asset theft. The filing names employee Ashita Mishra, accuses her of stealing and photographing hundreds of records per day and selling data for $200 a record, and claims TaskUs tried to minimize and conceal its security failures. Plaintiffs seek monetary damages and court-ordered security reforms.

FinWise Insider Data Breach Affects 689K AFF Customers

🔒 FinWise Bank says a former employee accessed sensitive files after their employment ended, in a data security incident identified on May 31, 2024. The bank notified corporate partner American First Finance (AFF), which reported that data for 689,000 customers was affected. FinWise launched an external investigation, strengthened internal controls, and is offering 12 months of credit monitoring and identity theft protection to impacted individuals.

Whistleblower Lawsuit Alleges WhatsApp Security Failures

🛡️ Attaullah Baig, former head of security at WhatsApp, has filed a whistleblower lawsuit alleging that Facebook knowingly failed to fix multiple security flaws in breach of its 2019 settlement with the FTC. The complaint asserts that in 2022 roughly 100,000 accounts were compromised daily, rising to as many as 400,000 daily lockouts by last year, and that inadequate anti-scraping protections exposed profile data at scale. Baig invokes the whistleblower-protection provisions of the Sarbanes-Oxley Act, and the filing has prompted wider media coverage and potential regulatory scrutiny.

Smashing Security #434: Whopper Hackers and AI Failures

🍔 In episode 434 of the award‑winning Smashing Security podcast, Graham Cluley and guest Lianne Potter examine two striking security stories: an ethical hack of Burger King that revealed drive‑thru audio recordings, hard‑coded passwords and an authentication bypass, and an alleged insider theft at xAI where a former engineer, after receiving $7 million, is accused of taking trade secrets. The hosts blend sharp analysis with irreverent commentary on operational security and human risk.

Texas Sues PowerSchool After 62M-Student Data Breach

🔒 Texas Attorney General Ken Paxton has filed suit against PowerSchool after a December breach exposed personal data for 62.4 million students, including over 880,000 Texans. The attacker used a subcontractor’s stolen credentials to access the PowerSource portal, demanded a $2.85 million ransom, and later extorted individual districts. A 19‑year‑old subsequently pleaded guilty in connection with the attack and extortion efforts.

Alleged Mastermind Behind K-Pop Stock Heist Extradited

🔒 South Korean authorities have extradited a 34-year-old suspect from Thailand, accused of masterminding a coordinated campaign that siphoned millions in stocks from celebrities, including Jung Kook. Investigators say the group stole personal data from Korean telecom firms, used it to assume victims' identities and opened brokerage accounts between August 2023 and January 2024. With assistance from Interpol and Thai authorities, officials tracked and arrested the suspect, who has admitted some allegations while denying others.

Google Files Lawsuit to Dismantle BadBox 2.0 Botnet

🔒 Google has filed a lawsuit in New York federal court targeting the operators of the BadBox 2.0 botnet, which compromised over 10 million uncertified devices running the Android Open Source Project. In partnership with HUMAN Security and Trend Micro, Google’s Ad Traffic Quality team identified preinstalled malware used for large-scale ad fraud and other illicit activity. Google updated Play Protect to automatically block BadBox-associated apps and is coordinating with the FBI to further disrupt the criminal operation.