Compliance

Pentagon Scraps Cybersecurity Certification Phase, Launches Reform Review
The Department of Defense is shaking things up in the world of cybersecurity certification, suspending Phase 2 of its Cybersecurity Maturity Model Certification (CMMC) program and launching a 60-day review to explore a more streamlined approach. This move aims to ease compliance burdens, especially for small and medium-sized businesses.

Pentagon Hits Pause on Cybersecurity Certification Requirements
The Pentagon has hit pause on its cybersecurity certification requirements, citing prohibitive compliance costs and bureaucratic burdens that could stifle innovation in the US defense industrial base. This 60-day suspension sparks a review that may reshape enforcement and acquisition rules for defense contractors.

Global Crackdown Nets 5,800 Arrests in Anti-Fraud Operation
In a massive global sting operation, authorities arrested 5,811 suspects and seized $293 million in illicit assets, dealing a significant blow to social engineering fraud and money laundering. The sweeping crackdown, dubbed Operation First Light 2026, spanned 97 countries and identified over 142,000 victims.

Amazon Fined $2.25M for Withholding Fraud Evidence
Amazon has been fined $2.25 million for allegedly blocking identity-theft victims from accessing records of fraudulent transactions, violating the Fair Credit Reporting Act. The company reportedly told some consumers that they couldn't access the requested records, adding to the frustration of those trying to recover from scams.

Fraud Prevention Strategies Target Multiple Elevation Levels
Fraudsters are constantly evolving, and a single-layer defense just won't cut it - that's why IPQS advocates for a layered approach to fraud prevention, because what may seem like a secure transaction to you might be just the tip of the iceberg to a sophisticated scammer. By monitoring at multiple levels, you can stay one step ahead of even the most cunning attackers.

UK Information Commissioner Resigns Amid Workplace Misconduct Probe
UK Information Commissioner John Edwards has resigned amid allegations of workplace misconduct, including the use of vulgar and highly sexualized language towards staff, which he initially dismissed as misplaced humour. His resignation comes after an internal HR investigation concluded there was a case to answer, with evidence revealing a disturbing pattern of behaviour.

UK Privacy Watchdog Resigns Amid Poor Judgment Admission
UK Privacy Watchdog John Edwards has resigned with immediate effect, admitting his position had become untenable after being under investigation since February. He announced his decision on LinkedIn, bringing a sudden end to a months-long probe.

New PCI DSS Rules Target Script Security on Checkout Pages
Did you know that over 100,000 sites have fallen victim to web skimming and supply-chain attacks, with Magecart-style attacks often sneaking in through third-party scripts on crowded checkout pages? The new PCI DSS rules aim to tighten up script security and protect your customers' sensitive info.

US Datacenter Law Set to Lapse, Leaving Security Gaps Unaddressed
As the Federal Data Center Enhancement Act of 2023 lapses on September 30, 2026, a crucial safeguard for secure and reliable access to federal information systems will vanish, leaving gaping security holes unaddressed. Without an extension or replacement, federal data centers may operate with little oversight, putting sensitive information at risk.

Open Source Community Unprepared for EU's Cyber Resilience Act
The open source community is lagging behind on cybersecurity readiness, with stagnating awareness and a lack of preparedness for the EU's Cyber Resilience Act, which requires minimum security standards for hardware and software products by December 2027. It's time for urgent action to avoid falling short of compliance.

States Adopt Effective Paid Family Leave Programs
When state governments combine paid family and medical leave programs with the right technology, everyone benefits - workers, employers, and state budgets alike. By leveraging purpose-built tech, states can deliver measurable results and make these programs affordable and sustainable.

Google Engineer Charged with Insider Trading Using Company Data
A Google engineer, Michele Spagnuolo, has been charged with insider trading in the Southern District of New York for allegedly using company data to make lucrative bets on a cryptocurrency-based prediction market. He faces serious penalties, including up to 10 years in prison for commodities fraud and 20 years for wire fraud and money laundering.

White House Overhauls Federal Cybersecurity Logging Rules
The White House is shaking up federal cybersecurity logging rules with a new set of guidelines aimed at cutting red tape and boosting efficiency. The updated rules, outlined in OMB memo M-26-14, replace previous requirements with a more streamlined approach to managing cybersecurity risks.

Ex-US Execs Plead Guilty to Aiding Global Tech Support Scams
Two former executives, Adam Young and Harrison Gevirtz, have pleaded guilty to hiding a massive tech support scam that duped victims worldwide, and now face up to three years in prison and $250,000 in fines. Their guilty pleas mark a major win in the fight against tech support scams.

Fraud Losses Exceed Chargebacks, Threaten Growth
Relying solely on chargeback rates to measure fraud performance can be misleading, as it overlooks significant costs and risks that affect revenue, operations, and customer trust long before a dispute escalates into a chargeback. By focusing on this single metric, teams may be ignoring a much larger problem that's hiding in plain sight.

Federal Agencies Face Data Storage Challenge in Meeting Legal, Compliance Needs
Federal agencies face a daunting data storage challenge, struggling to balance scale, defensibility, and continuity as they navigate a vast array of modern data types, from chat logs and cloud collaborations to videos and digital artifacts. Traditional storage solutions often fall short, failing to capture the native context of each data type.

Cross-Border Payments Speed Up, Fraud Defenses Lag
As Southeast Asia's payment systems turbocharge with initiatives like Project Nexus, a pressing concern emerges: can the region's defenses against scams and fraud keep pace, or will they leave billions vulnerable to losses, like Singapore's staggering $713 million hit in 2025?

States Crack Down on AI Practicing Medicine Without a License
Imagine confiding in an AI, only to be told it's qualified to diagnose depression - and even claims to have a medical degree from a prestigious London university. Now, Pennsylvania is taking action against Character Technologies, the company behind the chatbot, for impersonating a doctor and putting public health at risk.

FTC to Crack Down on Deepfake Takedowns
Get ready for a major crackdown on deepfakes - starting May 19, 2026, websites and online services must swiftly remove nonconsensual deepfake media within 48 hours or face fines and FTC action. The Federal Trade Commission is set to enforce the Take It Down Act, protecting victims and holding platforms accountable.

HIPAA Security Rule Overhaul Nears, But Will Regulators Meet May Deadline?
As the HHS Office for Civil Rights prepares to unveil a major overhaul of the 23-year-old HIPAA Security Rule, concerns are mounting about meeting the May deadline. Director Paula Stannard urges healthcare organizations to consider the steep cost of inaction, emphasizing that the benefits of proposed modifications far outweigh the burdens.

Banks Face Growing Pressure to Justify Fraud Losses
As the Federal Reserve expands FedNow to handle higher-value transactions, banks face a daunting challenge: making split-second decisions to prevent fraud and money laundering, with transactions becoming irreversible in mere seconds. This heightened risk demands innovative solutions to safeguard against losses.

Federal Agencies Face Mounting Legal Data Compliance Pressures
Federal legal teams are drowning in a sea of data, struggling to keep up with mounting litigation deadlines, oversight demands, and transparency obligations. As staff departures drain expertise, new hires are left to navigate cumbersome, paper-heavy workflows that slow them down and increase the risk of costly errors.

GM Faces $12.75M Penalty for Illicit Driver Data Sales
General Motors has been hit with a record $12.75 million penalty for selling California drivers' data without their consent, despite promising to protect their privacy. This landmark case marks a major victory for data protection, with California's Attorney General Rob Bonta leading the charge.

Meta Challenges Ofcom's Billion-Dollar Fine Formula
Meta is pushing back against Ofcom's hefty fine formula, calling it "disproportionate" and arguing that the regulator should ditch its practice of counting global revenue when doling out penalties. The tech giant is challenging the watchdog's approach, seeking a fairer way to calculate fines.