#EmployeeData

CyberMaterial

@cybermaterial.bsky.social

1 day ago

Starbucks Reports Employee Data Breach
Read More: buff.ly/isVLZvQ

#StarbucksBreach #EmployeeData #AccountCompromise #CorporateSecurity #DataExposure #BreachDisclosure #CyberIncident #InfosecNews

CyberMaterial

@cybermaterial.bsky.social

2 weeks ago

Prison Staff Data Breach Lasts 5 Months
Read More: buff.ly/gpiByK2

#DataBreach #NetherlandsCyber #PublicSectorSecurity #EmployeeData #GovernmentCyber #SecurityCertificates #CyberIncident #InfosecNews

CyberMaterial

@cybermaterial.bsky.social

2 weeks ago

ShinyHunters Demands $1.5M Ransom
Read More: buff.ly/R6dAwCB

#ShinyHunters #RansomDemand #DataExtortion #EmployeeData #CyberCrime #BitcoinRansom #BreachAlert #Infosec

CyberMaterial

@cybermaterial.bsky.social

1 month ago

Data Stolen After Ransomware Hit Texas Gas Chain
Read More: buff.ly/UioXGZ6

#RansomwareAttack #EnergySector #EmployeeData #SSNExposure #CriticalInfrastructure #CyberIncident #DataBreach #OTSecurity

CySecurity News

@cysecuritynews.bsky.social

3 months ago

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones   A recent Android update has marked a paradigm shifting change in how text messages are handled on employer-controlled devices. This means Google has introduced a feature called Android RCS Archival, which lets organisations capture and store all RCS, SMS, and MMS communications sent through Google Messages on fully managed work phones. While the messages remain encrypted in transport, they can now be accessed on the device itself once delivered. This update is designed to help companies meet compliance and record-keeping requirements, especially in sectors that must retain communication logs for regulatory reasons. Until now, many organizations had blocked RCS entirely because of its encryption, which made it difficult to archive. The new feature gives them a way to support richer messaging while still preserving mandatory records. Archiving occurs via authorized third-party software that integrates directly with Google Messages on work-managed devices. Once enabled by a company's IT, the software will log every interaction inside of a conversation, including messages received, sent, edited, or later deleted. Employees using these devices will see a notification when archiving is active, signaling their conversations are being logged. Google's indicated that this functionality only refers to work-managed Android devices, personal phones and personal profiles are not impacted, and the update doesn't allow employers access to user data on privately-owned devices. The feature must also be intentionally switched on by the organisation; it is not automatically on. The update also brings to the surface a common misconception about encrypted messaging: End-to-end encryption protects content only while it's in transit between devices. When a message lands on a device that is owned and administered by an employer, the organization has the technical ability to capture it. It does not extend to over-the-top platforms - such as WhatsApp or Signal - that manage their own encryption. Those apps can expose data as well in cases where backups aren't encrypted or when the device itself is compromised. This change also raises a broader issue: one of counterparty risk. A conversation remains private only if both ends of it are stored securely. Screenshots, unsafe backups, and linked devices outside the encrypted environment can all leak message content. Work-phone archiving now becomes part of that wider set of risks users should be aware of. For employees, the takeaway is clear: A company-issued phone is a workplace tool, not a private device. Any communication that originates from a fully managed device can be archived, meaning personal conversations should stay on a personal phone. Users reliant on encrypted platforms have reason to review their backup settings and steer clear of mixing personal communication with corporate technology. Google's new archival option gives organisations a compliance solution that brings RCS in line with traditional SMS logging, while for workers it is a further reminder that privacy expectations shift the moment a device is brought under corporate management. 

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones #Compliance #CyberSecurity #EmployeeData

ZwillGen

@zwillgen.com

3 months ago

CPPA Tills New Ground with Subpoena Enforcement in Tractor Supply Settlement The CPPA’s investigation into Tractor Supply’s privacy practices resulted in several alleged privacy violations.

CPPA breaks new ground with judicial enforcement of an investigative subpoena in Tractor Supply settlement, looks to cultivate compliance with a crop of GPC-related enforcement actions involving employee data.
#LegalCompliance #CCPA #EmployeeData #PrivacyLaw

www.zwillgen.com/general/cppa...

Matern Law Group, PC

@maternlawgroup.bsky.social

3 months ago

California Senate Bill 464 Sharpens State’s Pay Reporting Teeth California Governor Gavin Newsom signed Senate Bill (SB) No. 464 into law on October 13, 2025, making significant changes as of January 1, 2026, to the state’s pay data reporting requirements. These c...

California Senate Bill 464 Sharpens State’s Pay Reporting Teeth

ogletree.com/insights-res...

#SB464 #PayReporting #EmployeeData #PayEquity #EmploymentLaw

CySecurity News

@cysecuritynews.bsky.social

4 months ago

Sotheby’s Investigates Cyberattack That Exposed Employee Financial Information   Global auction house Sotheby’s has disclosed that it recently suffered a data breach in which cybercriminals accessed and extracted files containing sensitive information. The company confirmed that the security incident, detected on July 24, 2025, led to unauthorized access to certain internal data systems. According to a notification filed with the Maine Attorney General’s Office, the compromised records included details such as full names, Social Security Numbers (SSNs), and financial account information. While the filing listed only a few individuals from the states of Maine and Rhode Island, the overall number of people affected by the breach has not been publicly confirmed. Sotheby’s stated that once the intrusion was identified, its cybersecurity team immediately launched a detailed investigation, working alongside external security experts and law enforcement authorities. The process reportedly took nearly two months as the company conducted a comprehensive audit to determine what type of information was taken and whose data was affected. In its notice to those impacted, the company wrote that certain Sotheby’s data “appeared to have been removed from our environment by an unknown actor.” It added that an “extensive review of the data” was carried out to identify the affected records and confirm the individuals connected to them. As a precautionary measure, Sotheby’s is offering affected individuals 12 months of free identity protection and credit monitoring services through TransUnion, encouraging them to register within 90 days of receiving the notification letter. Initially, it was unclear whether the compromised data involved employees or clients. However, in an update on October 17, 2025, Sotheby’s clarified in a statement to BleepingComputer that the breach involved employee information, not customer data. The company emphasized that it took the incident seriously and immediately involved external cybersecurity experts to support the response and remediation process. “Sotheby’s discovered a cybersecurity incident that may have involved certain employee information,” a company spokesperson said in an official statement. “Upon discovery, we promptly began an investigation with leading data protection specialists and law enforcement. The company is notifying all impacted individuals as required and remains committed to protecting the integrity of its systems and data.” Sotheby’s is among the world’s most recognized auction houses, dealing in high-value art and luxury assets. In 2024, the firm recorded total annual sales of nearly $6 billion, highlighting the scale and sensitivity of the data it manages, including financial and transactional records. Although no ransomware groups have claimed responsibility for this breach so far, similar attacks have previously targeted high-end auction platforms. In 2024, the RansomHub gang allegedly breached Christie’s, stealing personal data belonging to an estimated 500,000 clients. Such incidents indicate that cybercriminals increasingly view global art institutions as lucrative targets due to the financial and personal data they store. This is not the first time Sotheby’s has dealt with cybersecurity issues. Between March 2017 and October 2018, the company’s website was compromised by a malicious web skimmer designed to collect customer payment information. A comparable supply-chain attack in 2021 also led to unauthorized access to sensitive data. The latest breach reinforces the growing risks faced by major cultural and financial institutions that handle valuable client and employee data. As investigations continue, Sotheby’s has urged affected individuals to remain vigilant, review their financial statements regularly, and immediately report any suspicious activity to their bank or credit institution.

Sotheby’s Investigates Cyberattack That Exposed Employee Financial Information #DataBreach #EmployeeData #FinancialInformation

ransomNews

@ransomnews.online

5 months ago

🚨 Vegas gambling firm suffers employee data breach

A major Las Vegas casino operator Boyd Gaming reported a cyber incident that compromised employee personal information and other limited data. Investigation ongoing; extent and attackers not yet confirmed.

#ransomNews #VegasBreach #employeeData

CySecurity News

@cysecuritynews.bsky.social

8 months ago

UBS Acknowledges Employee Data Leak Following Third-Party Cyberattack   Swiss financial institution UBS has confirmed that some of its employee data was compromised and leaked online due to a cybersecurity breach at one of its external service providers. The incident did not impact client information, according to the bank. The breach came to light after reports surfaced from Swiss media suggesting that data belonging to roughly 130,000 UBS staff members had been exposed online for several days. The compromised records reportedly include employee names, job titles, email addresses, phone numbers, workplace locations, and spoken languages. UBS stated that it responded immediately upon learning of the breach, taking necessary steps to secure its operations and limit potential risks. The cyberattack did not directly target UBS but rather a company it works with for procurement and administrative services. This supplier, identified as a former UBS spin-off, confirmed that it had been targeted but did not specify the extent of the data breach or name all affected clients. A threat group believed to be behind the breach is known for using a form of cyber extortion that involves stealing sensitive data and threatening to publish it unless a ransom is paid. Unlike traditional ransomware attacks, this group reportedly skips the step of encrypting files and focuses solely on the theft and public exposure of stolen information. So far, only one other company besides UBS has confirmed being impacted by this incident, though the service provider involved works with several major international firms, raising concerns that others could be affected as well. Cybersecurity experts warn that the exposure of employee data, even without customer information can still lead to serious risks. Such data can be misused in fraud, phishing attempts, and impersonation scams. In today’s digital age, tools powered by artificial intelligence can mimic voices or even create fake videos, making such scams increasingly convincing. There are also fears that exposed information could be used to pressure or manipulate employees, or to facilitate financial crimes through social engineering. This breach serves as a reminder of how cyber threats are not limited to the primary organization alone. When suppliers and vendors handle sensitive internal information, their security practices become a critical part of the larger cybersecurity ecosystem. Threat actors increasingly target third-party providers to bypass more heavily secured institutions and gain access to valuable data. As investigations continue, the focus remains on understanding the full scope of the incident and taking steps to prevent similar attacks in the future.

UBS Acknowledges Employee Data Leak Following Third-Party Cyberattack #CyberAttacks #EmployeeData #swissmedia

HRSINGAPORE

@hrsingapore.bsky.social

8 months ago

Sharing Information with Unions – HRSINGAPORE Are employers required to share all staff data with unions, including non-members? Understand your PDPA obligations and legal risks of refusing such requests.

Are employers required to share all staff data with unions, including non-members? Understand your PDPA obligations and legal risks of refusing such requests.
👉 hrsingapore.org/sharing-information-with-unions

#PDPA #HRCompliance #UnionRelations #EmployeeData #SingaporeHR #HRLegalRisks #HRSINGAPORE

HRLAW

@hrlaw.bsky.social

8 months ago

Sharing Information with Unions – HRSINGAPORE Are employers required to share all staff data with unions, including non-members? Understand your PDPA obligations and legal risks of refusing such requests.

Are employers required to share all staff data with unions, including non-members? Understand your PDPA obligations and legal risks of refusing such requests.
👉 hrsingapore.org/sharing-information-with-unions

#PDPA #HRCompliance #UnionRelations #EmployeeData #SingaporeHR #HRLegalRisks #HRSINGAPORE

Radio World

@radio-world.bsky.social

9 months ago

Court Blocks FCC Gender/Race Data Collection - Radio World Broadcasters won’t be required by the FCC to report employee demographic data after all, due to a federal appeals court ruling in Texas.

Broadcasters will not be required to report employee race, ethnicity and gender data to the FCC, after a unanimous court ruling in Texas. ✍️

The NRB, which represents Christian media, called it a significant legal victory.

Randy Stine reports. ⬇️

#EEO #EmployeeData #FCC

Sascha Stumpler 💻

@sastu-insights.com

1 year ago

Dayforce PowerShell Module via PlanetPowerShell #Dayforce #PowerShell #EmployeeData #SSO