All news with #regulatory action tag

⚖️ The U.S. Treasury's OFAC imposed sanctions on two North Korean financial institutions and eight individuals accused of laundering cryptocurrency stolen in cyberattacks and operating fraudulent IT worker schemes. Designated entities include Ryujong Credit Bank and Korea Mangyongdae Computer Technology Company (KMCTC), plus named bankers linked to ransomware proceeds. The actions block property under U.S. jurisdiction and warn financial institutions of secondary sanctions and enforcement risk for transacting with the listed parties.

🔒 Three cybersecurity professionals have been indicted for allegedly operating an ALPHV/BlackCat ransomware affiliate network that attacked at least five U.S. companies between May and November 2023. Prosecutors named former Sygnia incident response manager Ryan Clifford Goldberg and negotiator Kevin Tyler Martin of DigitalMint, accusing them of exfiltrating data, encrypting systems, and demanding cryptocurrency extortion payments. An FBI affidavit describes encrypted dark‑web negotiations, multi‑hop transfers using privacy coins such as Monero, and meticulous spreadsheets that tracked ransoms, receipts, and wallet addresses. Charges include conspiracy to extort and intentional damage to protected computers, with potential forfeiture of crypto assets.

🔒 Three former incident response employees from DigitalMint and Sygnia have been indicted for allegedly carrying out ALPHV/BlackCat ransomware attacks on five U.S. companies between May and November 2023. Prosecutors say the defendants accessed networks, exfiltrated data, deployed encryption malware, and demanded ransoms ranging from $300,000 to $10 million, with one victim paying $1.27 million. Two named defendants face federal extortion and computer-damage charges that carry up to 20 and 10 years in prison respectively.

🔒 A Ukrainian national extradited from Ireland has appeared in a US court, accused of conspiring to deploy Conti ransomware and manage stolen data and ransom notes. Authorities allege Oleksii Lytvynenko participated in attacks between 2020 and July 2022 that resulted in more than $500,000 in cryptocurrency extorted from victims in the Tennessee district and the publication of additional stolen data. He faces computer fraud and wire fraud conspiracy charges and could receive up to 25 years in prison if convicted.

🔒 In October the 4th U.S. Circuit Court of Appeals ruled that listing stolen consumer data on the dark web can be sufficient to let plaintiffs proceed in data-breach lawsuits. The panel determined that dark-web publication — paywalled or not — increases the risk of fraud and is therefore materially different from mere theft. CISOs should monitor dark-web exposure and preserve evidence of publicization to assess legal and financial risk.

🔒 Conduent has confirmed a breach affecting more than 10.5 million individuals, with customer notices sent in October 2025 after the incident was discovered on 13 January 2025. Unauthorized access reportedly began on 21 October 2024 and persisted for nearly three months. The criminal group SafePay claimed responsibility and said it exfiltrated large volumes of data, potentially including names, Social Security numbers, dates of birth, and medical and insurance information.

🔍 Clearview AI has been hit with a criminal complaint filed in Austria by the European Center for Digital Rights (noyb), alleging that the company ignored decisions by several EU data protection authorities. The complaint invokes GDPR provisions allowing criminal sanctions under Article 84 and seeks prosecution of executives, potentially including jail time and personal liability when traveling to Europe. The action follows fines and bans from multiple DPAs and ongoing appeals, notably only in the UK.

⚠️ CISA has ordered Federal Civilian Executive Branch agencies to remediate a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools (CVE-2025-41244), patched by Broadcom in October 2024. The flaw enables a local, non-administrative user on a VM to escalate privileges to root when Aria Operations’ SDMP is enabled or when VMware Tools runs in credential-less mode. Agencies must patch within three weeks under BOD 22-01; CISA also urges all organizations to prioritize mitigations or discontinue affected products if no fix is available.

🔒 Conduent has confirmed a 2024 data breach that state attorney general notifications indicate affected more than 10.5 million people. Reported exposed data includes names, Social Security numbers, full dates of birth, health insurance policy or ID numbers, and medical information. Conduent says the environment was first compromised on October 21, 2024 and discovered in January 2025; as of October 24, 2025 it reports no evidence the stolen data has been misused. Affected individuals are advised to obtain credit reports and consider fraud alerts or a security freeze; the company did not offer identity monitoring services.

🔒 Peter Williams, a former general manager at L3Harris Trenchant, pleaded guilty in U.S. court to stealing and selling protected cyber-exploit components between 2022 and 2025. Prosecutors say he removed at least eight sensitive trade-secret exploit components intended for exclusive government use and sold them to a broker that works with the Russian government for $1.3 million in cryptocurrency. He now faces up to 10 years in prison and significant fines.

⚠️ The UK Information Commissioner’s Office fined sole trader Bharat Singh Chand £200,000 after he sent 966,449 unsolicited spam texts promoting fake debt relief and purported energy-saving grants between December 2023 and July 2024. Many recipients were already in financial hardship and were induced to reply, then contacted by callers posing as 'The Debt Relief Team'. The campaign used a SIM farm, false business names and unregistered numbers, generated 19,138 complaints, and Chand has appealed.

⚠️ The Greens are calling for a rapid, pre-Christmas security offensive to counteract sabotage, espionage and cyberattacks, saying the federal government is moving too slowly to act. Parliamentary deputies Konstantin von Notz and Irene Mihalic welcome recognition of the threat by Chancellor Friedrich Merz and Interior Minister Alexander Dobrindt but demand immediate, concrete measures and activation of the National Security Council. They also press for a major intelligence service reform and criticize weaknesses in the draft bill to transpose NIS-2 obligations, warning exemptions and gaps would undermine resilience across public administration, municipalities and critical infrastructure.

⚠️ The British Standards Institution warns of a widening AI governance gap as many organisations accelerate AI adoption without adequate controls. An AI-assisted review of 100+ annual reports and two polls of 850+ senior leaders found strong investment intent but sparse governance: only 24% have a formal AI program and 47% use formal processes. The report highlights weaknesses in incident management, training-data oversight and inconsistent approaches across markets.

📝 The Australian Competition and Consumer Commission (ACCC) has sued Microsoft, alleging it misled 2.7 million Australian Microsoft 365 subscribers when integrating Copilot by obscuring the option to remain on existing plans at the same price. The ACCC says renewal communications presented the AI‑enabled tiers as the apparent way to keep service active while the choice to stay was only visible via the cancellation flow. The complaint alleges breaches of multiple Australian Consumer Law provisions and seeks civil penalties, injunctions, and consumer compensation. Microsoft says it is reviewing the ACCC's claim and will cooperate with the regulator.

🔒 A new RUSI report published on 28 October finds cyber-related sanctions seldom fully disrupt state-backed attacks by themselves but can "toxify" networks, forcing intermediaries and collaborators to distance themselves from named actors. The study highlights the US as the most effective practitioner due to long-standing legal frameworks and coordinated use of diplomatic, legal and technical tools, while the EU and UK face operational and coordination limits. RUSI urges clearer strategic goals, cross-domain integration and targeted action against enablers like exchanges and service providers to boost impact.

🛡️ Federal Interior Minister Alexander Dobrindt's proposal for active cyber defense has drawn cross-party, cautious approval as he prepares a legal amendment to counter attacks originating from servers abroad. A ministry spokesperson says the measures would allow intervening steps to stop or mitigate attacks by manipulating or disrupting the IT systems or data traffic used, and stressed this is not about hackback or broad retaliatory strikes. Greens signaled conditional support if the approach follows rule-of-law principles, CDU security figures praised a more proactive stance, and Dobrindt expects to present the amendment to cabinet next year.

🔒 Europol, together with police in Estonia, Finland, Latvia and Austria, dismantled a cybercrime-as-a-service network during coordinated raids on October 10. Seven suspects were arrested and authorities seized five servers, some 40,000 active SIM cards, luxury vehicles, bank accounts and crypto wallets. Investigators say the operation created roughly 49 million fake accounts across about 80 countries and used those identities to swindle millions of euros.

🔒 FINTRAC has imposed a $176,960,190 penalty on Xeltox Enterprises Ltd., the operator of Cryptomus, after finding widespread failures to file suspicious transaction reports tied to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion. Regulators said the payments platform enabled dozens of Russian‑focused exchanges and cybercrime‑facing services to move illicit proceeds. The action follows investigative reporting showing numerous money service businesses clustered at shared Canadian addresses that appear to be fronts.

🔍 Experian Netherlands was fined EUR 2.7 million by the Dutch Data Protection Authority for collecting and using personal data from multiple public and private sources without properly informing individuals or obtaining consent. The AP found the company aggregated information from the Chamber of Commerce, telecom and energy firms to produce credit assessments that affected interest rates and upfront deposits. Experian acknowledged the violations, will not appeal, has ceased operations in the Netherlands, and pledged to delete its database of personal data before year-end.

🔍 Europol, together with national police units and the Shadowserver Foundation, dismantled an illegal SIM‑box service codenamed SIMCARTEL that rented phone numbers to criminals for creating fraudulent online accounts. The service operated about 1,200 SIM‑box devices with roughly 40,000 active SIM cards and offered numbers tied to individuals in more than 80 countries via seized sites gogetsms.com and apisim.com. Authorities linked the infrastructure to thousands of fraud cases and at least EUR 4.5 million in losses in Austria and EUR 420,000 in Latvia.