Consumer identity breaches surged an “unprecedented” 450% last year from 2019, reported ForgeRock Monday. The digital identity platform evaluated electronic data breaches in Australia, Germany, Singapore, the U.K. and the U.S., finding unauthorized access was the leading cause for the third straight year, rising 43% from 2019. “Questionable yet common security practices, like sharing or reusing passwords, gave bad actors an easy path to gaining access to personally identifiable information,” such as dates of birth and Social Security numbers, which ForgeRock found recurring in a third of 2020 breaches. Phishing (25%) and ransomware (17%) were the second and third most frequent causes. Healthcare was the most targeted industry for a second straight year, but tech “paid the highest aggregate cost of recovery from breaches at $288 billion,” it said.

The European Commission and U.K. Competition and Markets Authority are investigating Facebook's use of advertising data, they said Friday. The EC launched an antitrust probe to determine whether Facebook violated EU competition law by using data gathered from advertisers to compete with them in markets where it's active, such as classified ad services. The CMA said it's considering whether the company gained an unfair advantage over rivals in providing services for online classified advertisements and online dating through its methods for gathering and using data. The competition bodies said they will "seek to work closely" together. Facebook said it will "continue to cooperate fully with the investigations to demonstrate that they are without merit."

Donald Trump is suspended from Facebook and Instagram until at least January 2023, Facebook Vice President-Global Affairs Nick Clegg announced Friday in response to its oversight board’s recommendations. After two years from his initial suspension on Jan. 7, Facebook will “look to experts to assess whether the risk to public safety has receded,” said Clegg. “When the suspension is eventually lifted, there will be a strict set of rapidly escalating sanctions that will be triggered if Mr. Trump commits further violations.” The board said in May an indefinite suspension wasn’t “appropriate,” and the platform should review the matter to justify a proportionate response consistent with rules for others (see 2105050009). Trump's office didn’t comment now. Facebook said it will follow the board’s recommendation and suspend accounts of high government officials if their posts repeatedly pose a risk of harm.

Fifty of 72 federal websites checked passed an accessibility test for their homepages, the Information Technology and Innovation Foundation reported Thursday. But nearly half “failed the test on at least one of their three most popular pages,” ITIF said. “This creates obstacles for millions of Americans, especially as the COVID-19 pandemic has moved many government services online.” Recommendations include that the General Services Administration create a federal accessibility testing lab and add to its Digital Analytics Program “real-time accessibility testing.” The report didn't include independent agencies such as the FCC and FTC, “since they are not necessarily obligated to follow OMB requirements or guidance,” ITIF co-author Daniel Castro emailed.

The Supreme Court narrowed the scope of what's a computer crime under the Computer Fraud and Abuse Act, in Van Buren v. U.S., (see 2011300067). By 6-3 Thursday, the court overturned a 2017 conviction against former Georgia police officer Nathan Van Buren. He used his police computer to access a law enforcement database to obtain data about a license plate number owned by a potential undercover officer, in exchange for thousands of dollars. In an opinion delivered by Justice Amy Coney Barrett, the majority ruled Van Buren didn’t violate CFAA: “This provision covers those who obtain information from particular areas in the computer -- such as files, folders, or databases -- to which their computer access does not extend. It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.” Chief Justice John Roberts and Justices Clarence Thomas and Samuel Alito dissented. Van Buren “had permission to retrieve license-plate information from a government database, but only for law enforcement purposes,” Thomas wrote. Van Buren exceeded “authorized access” in violation of the statute, Thomas added. Van Buren’s attorney Jeffrey Fisher emailed: “We’re very pleased with the Court’s opinion and are happy that the CFAA is now restricted to its proper reach.” DOJ didn't comment. SCOTUS recognized "the terribly written CFAA crossed the line by criminalizing everyday activities like using your work computer to read the news or send personal emails,” said Sen. Ron Wyden, D-Ore., in a statement. “Today's ruling helps rectify the damage caused by that reactionary law.” The American Civil Liberties Union also backed the majority opinion.

After holding its latest Prime Day event in October due to inventory shortages caused by e-commerce demand during COVID-19, Amazon stuffed this year’s into Q2 for the first time. The June 21-22 event was announced Wednesday. Amazon teamed with Instagram and TikTok for previews of Prime Day deals.

Public Citizen said WhatsApp “backed down” from implementing “degraded” privacy protections for its users (see 2105140057). “Thank you for stopping what you never should have started,” Digital Rights Program Director Burcu Kilic said Tuesday. “Now please also undo what you coerced millions of people into accepting.” The company didn’t comment.

Slightly fewer than 10% of U.S. internet subscribers were provisioned for gigabit speeds at the end of Q1, compared with 3.8% in Q1 2020, OpenVault said Tuesday. It said the portion of subscribers provisioned for such rose 75% over the past two quarters. It said the monthly weighted average data used by subscribers in Q1 was 461.7 GB, up nearly 15% from Q1 2020. It said data usage was relatively flat compared with Q1, but usage is elevated from pre-pandemic.

NTIA requested comment Friday for publishing minimum elements for a software bill of materials (SBOM). Comments will be due 15 days after notice in the Federal Register. President Joe Biden’s cybersecurity executive order directed the Commerce Department to publish the minimum elements (see 2105240072).

USTelecom's Wednesday report on broadband prices is "flawed and misleading," said Free Press Thursday (see 2105260063). It "grossly manipulates FCC data on standalone non-promotional advertised rates," said Research Director Derek Turner. USTelecom didn't comment.