IT Governance Podcast 20.10.23: Casio, Cisco, MOVEit (again) and the ICC

This week, we discuss a data breach affecting Casio users in 149 countries, two zero-day vulnerabilities in Cisco’s IOS XE web user interface, a slew of legal action against Progress Software following the MOVEit Transfer breach, and an update on last month’s cyber attack on the International Criminal Court.

This week, we discuss another GDPR fine for TikTok relating to its processing of child users’ personal information, more data breaches caused by MOVEit Transfer, including Sony Interactive Entertainment, and the exposure of a mammoth 3.8 billion data records.

This week, we discuss a cyber attack on MGM Resorts that has allegedly cost the company millions of dollars in revenue even before it began its remediation efforts, the leak of 38 terabytes of Microsoft data and a cyber attack on the International Criminal Court in The Hague.

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi.

This week, we discuss “insider wrongdoing” at Tesla, a data breach affecting 2.6 million Duolingo users and the conclusion of a two-month court case against members of the Lapsus$ gang.

This week, we discuss data breaches affecting the Electoral Commission and the Police Service of Northern Ireland, and the financial repercussions of Capita’s March ransomware incident.

This week, we discuss the new EU adequacy decision for the US, based on the Data Privacy Framework (plus Max Schrems’s inevitable reaction), and a proposed UK-US ‘data bridge’; fixes for three more vulnerabilities in Progress Software’s MOVEit Transfer app; plus this month’s Patch Tuesday and other security updates.

This week, we discuss 100,000 compromised ChatGPT credentials, a data breach affecting the LetMeSpy stalkerware app, and a potential security vulnerability in Microsoft Teams that could be exploited to spread malware. Plus, Alan Calder discusses the current cybersecurity and regulatory landscape, and how they affect organisations.

This week, we discuss a data breach affecting users of Progress Software’s MOVEit file transfer app, GDPR fines for LinkedIn and Spotify, and the delay of Google Bard’s EU launch because of privacy concerns.

This week, we discuss more organisations affected by Capita’s security issues, the security implications of 20 NHS trusts’ use of Meta Pixel, Meta’s €1.2 billion GDPR fine and its potential effects for other organisations, and the progress of the DPDI (No. 2) Bill. Plus, Alan Calder discusses cyber regtech and how organisations can use it to manage their regulatory compliance.