Welcome to our round-up of the latest data breaches, leaks, and privacy intrusions from around the world. This week: Travelex gets hit by major ransomware attack, California’s Consumer Privacy Act goes into effect, and a data leak at Wyze affects 2.4 million users.

Travelex Hit by Major Ransomware Attack

Travelex, the world’s largest foreign exchange bureau, is being held ransom by hackers who are demanding $6 million in an attack that forced the company to shut down all of its global websites. Airport exchange kiosks are also closed and major banks, including Barclays and HSBC, have been unable to fill foreign currency orders since New Year’s Eve.

On Wednesday, the hackers told the BBC that they had downloaded 5GB of customer data from Travelex and would sell it if a $6 million ransom hadn’t been paid by January 14. The company has launched an investigation and is scrambling to contain the fallout. Travelex has more than 1,200 stores and kiosks in over 70 countries and bills itself as the largest foreign exchange provider in the world.

Ransomware continues to pose a major threat to companies, government agencies, and other organizations. Cities in particular have increasingly been targeted by hackers for their lax security practices. In August, a coordinated ransomware attack hit local government agencies in Texas, with IT systems in 22 towns being infiltrated, taken over, and held ransom by hackers. And over holiday break, Pittsburg's school district had to shut down its email server after being struck by a ransomware attack.

Wyze Leak Exposed Data of 2.4 Million Users

Home security camera systems are under attack once again. Wyze, the maker of popular home security budget cameras, admitted at the end of December that it had exposed the data of more than 2.4 million users. The leaked data included email addresses, list of cameras in each house, and WiFi SSIDs. Engadget reported that users' health information was also exposed, including height, weight, gender, bone density, and more.

The data was left exposed on an unprotected server. In a statement, Wyze said, “We are confirming that some Wyze user data was not properly secured and left exposed from December 4th to December 26th.” The company said that it has launched an investigation and will notify affected customers.

Check out our comprehensive privacy guide for steps you can take to protect your privacy and get more information on home WiFI and smart device security.

California’s Consumer Privacy Act is Now in Effect

California’s landmark privacy regulation, the Consumer Privacy Act, officially went into effect on New Year’s Day. Passed in June 2018, the CCPA, similar to the European Union's General Data Protection Regulation (GDPR), enshrines in law consumer data protections that privacy advocates have been fighting for for years. The regulations apply to any company that operates in California and brings in more than $25 million in annual revenue, collects data on over 50,000 customers, or makes more than half of its revenue from user data.

At the heart of the CCPA is the “right to know” and “right to say no”, which will allow users to see what data a company is collecting on them and opt-out of the sale of that data to third-parties. Under the law, companies can also be held liable for failing to take reasonable precautions to prevent data breaches. While the law is now in effect, California won’t start enforcing it until July 1, which will give companies that haven’t already implemented new processes to abide by the law some additional time to get their houses in order.

How the CCPA plays out in California could have major repercussions in DC, where policymakers have been earnestly discussing potential federal privacy legislation in recent months. The CCPA has put additional pressure on Congress to act, if only in an attempt to preempt and water down privacy regulation from the national level. For it’s part, California may soon also see additional ballot measures to strengthen and extend the existing law, which many privacy advocates argue has been watered down in the face of heavy industry opposition.

If you live in California, you now have a few options you can take to stop companies from selling your data. Most companies don’t make this easy, hiding information on how to opt-out in hard to find web pages or privacy policies. Luckily, this open-source California Privacy Directory provides a list of links for over 100 different companies that allow you to request your data and opt-out of being sold to third-parties.

For information on how to protect your privacy and enhance your digital security, check out our comprehensive guides below:

Bloom: Take Back Control of Your Data

At Bloom, we are giving you the tools to take back control of your data. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.

It’s time to take back control of your data and unlock the power of a secure, reusable identity today. Download the Bloom mobile app to build a cryptographically secure identity and get free data breach alerts with Radar!