Stitcher Media held the top spot in May in Triton Digital’s U.S. podcast report with 59.6 million average weekly downloads and 14.8 million average weekly users, said the metrics firm Monday. NPR was second with 32.2 million average weekly downloads and 6.6 million average weekly users, followed by Audacy with 29.5 million and 7.7 million, respectively. The top 20 publishers had over 228 million weekly downloads in the month. By genre, news was the most downloaded category (27.1%), followed by true crime (20.3%), comedy (17.6%), society and culture (7.1%), and sports (6.3%). Most downloads occurred on mobile devices (93.1%); 1.8% occurred on a desktop or laptop, Triton said.

The former owner of e-commerce platform CafePress will pay $500,000 to settle allegations it failed to “secure consumers’ sensitive personal data and covered up a major breach” in 2019, the FTC said Friday, finalizing an order announced in March (see 2203150081). The commission voted 5-0 to finalize orders with Residual Pumpkin, the former owner of CafePress, and PlanetArt, which bought CafePress in 2020. The agreement requires PlanetArt to bolster its data security and requires the former owner to pay $500,000 to compensate small businesses affected by the breach.

The state of Florida and tech groups have agreed to request a stay in the industry’s lawsuit against Florida’s social media law and for the Supreme Court to review a 11th U.S. Circuit Court of Appeals decision in the case, NetChoice said Friday (see 2206170033). NetChoice cited the Supreme Court’s decision to reinstate an injunction against a similar law in Texas as foreshadowing of a ruling on the merits in Florida. That led to an agreement among NetChoice, the Computer and Communications Industry Association and Florida to request the stay, the association said: Florida will “file a petition for cert with the Supreme Court. And rather than oppose the petition, we will support the State’s request and likely file our own request, asking the Court to also review the transparency requirements.” The petition is due in the late summer, and the court can act on it when it chooses, NetChoice said. The court’s injunction will remain in place.

The U.S. District Court in Tallahassee won’t rule on Florida’s social media law until the Supreme Court reviews, Judge Robert Hinkle ruled Wednesday in docket 4:21cv220 (see 2206170033). Court proceedings are stayed until the deadline to file with the Supreme Court passes without a filing or until the high court issues a decision, Hinkle said.

EBay closed a deal to buy KnownOrigin, a non-fungible token marketplace, for an undisclosed sum. KnownOrigin enables artists and collectors to create, buy and resell NFTs via blockchain-support transactions, said eBay Wednesday. EBay began allowing the buying and selling of NFTs in May 2021, and buying KnownOrigin gives it further access to an audience of digital collectors, it said.

A former tech employee was convicted Friday of wire fraud and other federal crimes for hacking into Amazon Web Services cloud computing accounts and stealing data and computer power for her own benefit. Seattle resident Paige Thompson, 36, used a tool she built to scan AWS records in search of “misconfigured accounts,” said DOJ. She then used those accounts to hack and download the data of more than 30 entities, including Capital One bank, which alerted the FBI, it said. Thompson's intrusions affected more than 100 million Capital One customers, said DOJ. “With some of her illegal access, she planted cryptocurrency mining software on new servers with the income from the mining going to her online wallet,” it said. “Thompson spent hundreds of hours advancing her scheme, and bragged about her illegal conduct to others via text or online forums.” A jury in U.S. District Court in Seattle deliberated for more than 10 hours before finding her guilty on seven counts, while acquitting her of access device fraud and aggravated identity theft, said DOJ. Wire fraud is punishable by up to 20 years in prison, it said. Thompson faces sentencing on Sept. 15. Attempts to reach her lawyers for comment were unsuccessful.

The full damage of the average ransomware attack can extend well beyond the cost of the ransom payment itself, a GetApp survey found. The software recommendation platform canvassed 300 ransomware victims in May, finding only 11% who said the ransomware payment “was the most consequential impact of the ransomware attack,” it said. Six in 10 survey respondents reported suffering a “multifaceted extortion attack” in which the victim’s files are encrypted and a separate attack is launched to pressure victims to pay the ransom, it said. The survey found 58% of multifaceted extortion victims reported they paid the ransom, compared with only 31% of standard ransomware attack victims, it said. “The complex nature of multifaceted attacks can bring normal business functions to a standstill,” said GetApp. Among companies that paid the ransom, 70% said the attack made a major impact on productivity, it said. More than a third of victims cited productivity losses “as the single most consequential impact of a ransomware attack, more than any other effect surveyed,” it said.

President Joe Biden intends to nominate Arati Prabhakar to be director of the Office of Science and Technology Policy, the White House announced Tuesday. Prabhakar led the National Institute of Standards and Technology 1993-1997 after unanimous Senate confirmation. She directed the Defense Advanced Research Projects Agency 2012-2017. Prabhakar will “leverage her exceptional experience” as an applied physicist and engineer, said Senate Commerce Committee Chair Maria Cantwell, D-Wash. She’s the “right person at the right time to support the U.S. innovation ecosystem.”

President Joe Biden signed two pieces of cyber legislation into law Tuesday, the White House announced. The Federal Rotational Cyber Workforce Program Act (S-1097) establishes a federal rotational cyber workforce program. The State and Local Government Cybersecurity Act (S-2520) directs the Department of Homeland Security to “increase collaboration with state, local, tribal and territorial governments on cybersecurity issues.”

The U.S. District Court in Washington should allow DOJ 45 days to reopen depositions in an antitrust suit against Google because the platform has finally shared deprivileged documents, the department argued Thursday in a joint filing with the company in docket 1:20-cv-03010 (see 2204130068). DOJ claims Google misused attorney-client privilege to hide business documents relevant to the antitrust lawsuit (see 2203210054 and 2204070065). Google has since produced some 37,000 “deprivileged” documents. New depositions with employees may be in order “due to Google’s late productions of deprivileged documents,” DOJ said. The U.S. Court of Appeals for the D.C. Circuit on Friday announced oral argument for Sept. 19 in a separate antitrust lawsuit against Facebook in docket 21-7078. Nearly 50 state attorneys general sued Facebook for allegedly abusing its market dominance, forcing smaller rivals out of business and reducing competition.