Indian data breach law: The Indian government passed an update to its Information Technology Act last week, requiring companies to report cybersecurity incidents to India's CERT team within six hours of when they occur. In addition, all cloud, VPS, and VPN providers will also have to record the names, emails, and IP addresses of all their subscribers, data that they must archive for at least five years. The new update is set to go into effect at the start of July.
French Muslim leak: French prosecutors opened a criminal investigation against Fdesouche—a French far-right website—after the site published the personal data of French Muslims last September. The leak allegedly contained the data of more than 100 individuals, such as Muslim activists, journalists, and imams. According to the French edition of the Huffington Post, this was the second leak published by Fdesouche after the organization published the email addresses and phone numbers of people working with organizations aiding migrants and refugees back in 2017.
Kronos fallout: Multiple class-action lawsuits have been filed over the month of April against some of the largest US companies that relied on the Kronos timekeeping apps to keep track and pay employees. Kronos (aka UKG) got hit by ransomware in December 2021 and took months to recover, causing long delays in employee payments. The company is the subject of several class-action lawsuits filed last year and in early January. But now, companies like PepsiCo, Mercedes-Benz, DHL, Frito-Lay, the Giant supermarket chain, call center giant Sitel Group, and the Cargill and Sodexo food corporations have all been sued for (still) unpaid wages related to the Kronos incident. As Zack Needles writes for BenefitsPro, this new wave of class-action lawsuits brings a new twist to ransomware-related mitigation, especially for attacks against large companies, where the legal consequences may now also start to impact their customers in the case of a super slow and bad recovery/response plan.