A new class action in the U.S. District Court for the Northern District of California alleges that Ace Hardware tracked users’ online activity through third-party tools before users could make meaningful choices through cookie consent tools, and that it continued even after users took steps to opt out. The plaintiffs claim that the Ace Hardware
Privacy & Data Security
FBI Warns: Iran Cyber Actors Using Telegram to Push Malware
The Federal Bureau of Investigation (FBI) recently released a FLASH warning highlighting malicious cyber activity conducted by threat actors operating on behalf of Iran’s Ministry of Intelligence and Security. According to the FBI, these threat actors are using Telegram as a command-and-control infrastructure to push malware “targeting Iranian dissidents, journalists opposed to Iran, and other…
Whose Voice Is It Anyway: The Likeness Line in AI Product Design
By Roma Patel
A recent class action complaint filed in the Southern District of New York, Angwin v. Superhuman Platform, Inc., No. 26 Civ. 02005, 2026 WL 704131 (S.D.N.Y. 3/11/26), highlights an evolving issue in artificial intelligence (AI) product design: what happens when an AI feature uses a real person’s name or identity as part of the…
Privacy Tip #484 – What is Loyalty Fraud + How Do You Prevent It?
While a good friend of mine was recently traveling, his flight was cancelled and he was booked on a new flight the next day. He travels a lot and he decided to use some of his hotel loyalty points to stay over at the hotel adjacent to the airport. Checking in, he discovered that more…
Skullcandy Can’t Transfer its CIPA Case Out of California
A federal court in the Southern District of California declined to dismiss wiretapping and eavesdropping claims tied to Skullcandy Inc.’s alleged use of online trackers on its retail website, allowing the lawsuit to move forward. Plaintiff alleges that Skullcandy used tracking tools from Meta Platforms and Google to collect browser and purchase data. Jones v.
Ford Settlement Highlights Simple Practice: Opt-Outs Must be Easy
The California Privacy Protection Agency (CPPA) issued a decision requiring Ford Motor Company to pay a fine of $375,703 and update its privacy practices following a settlement for its alleged violations of the California Consumer Privacy Act (CCPA). Under the CCPA, California residents have the right to direct a business to stop selling or sharing…
No Good Deed Goes Unpunished: Victim Stryker Sued for Iranian-Backed Cyber Attack
As we reported last week, Stryker was attacked by Iranian-backed hackers in retaliation for Israeli and U.S. strikes against Iran. It was a significant cyberattack, known as a wiper attack. A wiper attack is designed not to extort money from a victim, but instead to send a message and destroy the victim’s data to…
Expel Annual Threat Report Shows Identity Compromise Continues to Be Threat Actors’ Favorite Tool
Cybersecurity firm Expel recently published its 2026 Threat Report, which analyzed over 1,000,000 alerts in its Security Operations Center throughout 2025. The results showed that threat actors continue to use compromised credentials to gain access to company systems. The Report highlights the need for companies to educate their employees on an ongoing basis of how…
Privacy Tip #483 – Whistleblower Alleges DOGE Employee Stole Social Security Data on a Thumb Drive
The Washington Post has published a report detailing a whistleblower complaint alleging that a former Department of Government Efficiency (DOGE) employee stole two complete databases from the U.S. Social Security Administration while employed as a DOGE software engineer.
The databases stolen include the “’Numident’ and the ‘Master Death File,’ which could cover records for more…
North Korean Threat Groups Using AI in Remote Technical Employee Schemes
Microsoft Threat Intelligence issued a report on March 6, 2026, entitled, “AI as tradecraft: How threat actors operationalize AI,” which outlines how threat actors, including those from North Korea, are “operationalizing AI along the cyberattack lifecycle…to bypass safeguards and perform malicious activity.” The threat actors are adopting AI “as operational enablers, embedding AI…