Key developments
Connecticut Enacts Broad Privacy Update
FPF's Megan McCollum reported that Connecticut Governor Ned Lamont signed SB 4 on May 27, updating the state's privacy framework. The law tightens deletion rights, narrows what counts as publicly available information, bars sale of precise geolocation data, and requires transparency around facial recognition used for security and fraud prevention. It also adds data-broker registration and audit rules, bans surveillance pricing by retail sellers and third-party delivery services, and expands rights over direct-to-consumer genetic testing data and biological samples.
Why it matters
It materially raises privacy compliance requirements in a major U.S. state and could shape other state bills.
Sources & driving stories
FPF · Megan McCollum
FPF coverageFBI Warns Law Firms of In-Person Theft
The Record's Daryna Antoniuk and BleepingComputer's Sergiu Gatlan reported that the FBI warned Tuesday about Silent Ransom Group targeting U.S. law firms with phishing, fake IT-support calls, and, in some cases, in-person visits. The bureau said attackers try to win remote-desktop access first and, when that fails, send someone to the victim site to plug in USB or external storage devices and steal data. The group, also known as Luna Moth, Chatty Spider, and UNC3753, has been active since at least 2022 and has targeted legal and financial organizations since early 2023.
Why it matters
It shows extortion crews are combining social engineering with physical access to bypass conventional defenses.
Sources & driving stories
THE RECORD · Daryna Antoniuk
The Record coverageBLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageDutch Police Arrest Ajax Breach Suspect
The Record's Daryna Antoniuk reported that Dutch police arrested a 35-year-old man in Buren on suspicion of repeatedly and unlawfully accessing Ajax's computer systems. Officers searched his home and seized digital storage devices. The arrest follows Ajax's March disclosure of a breach involving an unpatched vulnerability that could have exposed email addresses and limited personal information and may have enabled ticket transfers and stadium-ban changes.
Why it matters
It is the first visible law-enforcement action tied to the Ajax breach and may help clarify the intrusion's scope.
Sources & driving stories
THE RECORD · Daryna Antoniuk
The Record coverageBLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageWorth noting
WORTH NOTING
Charter breach claim hits 40 million
TechRadar reported Charter Communications confirmed a breach while attackers claimed access to roughly 40 million records, though Charter said sensitive personal information and CPNI were not exfiltrated.
WORTH NOTING
Louisiana delays app store law to 2027
The change pushes age-verification and parental-consent obligations for app stores and developers back by a year, extending the compliance runway.
WORTH NOTING
Romanian hacker gets 56-month sentence
The sentencing closes a long-running Oregon state hacking case and underscores the continuing exposure of traded credentials tied to U.S. organizations.
Still unclear
OPEN QUESTION
How much Charter data was exposed?
Charter denies sensitive personal information and CPNI were exfiltrated, but the attacker narrative and record count remain unresolved.
OPEN QUESTION
Will more states delay app-store rules?
Louisiana's postponement adds to an already unsettled landscape shaped by First Amendment challenges and prior delays in other states.