What'd I Miss? May 2-4, 2025

Sherpa Intelligence: Your Guide Up a Mountain of Information!

This Information Security and Data Privacy news roundup includes items from Friday through Sunday, so that you can hit the ground running on Monday morning.

These news roundups are not comprehensive and focus on news that may have been overlooked or under reported, and from lesser-known sources like local press.

This Sherpa Intelligence newsletter is curated by Tracy Z. Maleeff (aka InfoSecSherpa) and is just the tip of the iceberg of the research, OSINT, and information security research services we provide.

---

Friday, May 2 - Sunday, May 5, 2025

---

Friday, May 2nd

1. Cost-effective testing method bolsters US election security amid federal cutbacks
   (Phys.org)
   - The study, "Improving the Security of United States Elections with Robust Optimization," presents a novel approach that helps detect vulnerabilities in voting machines before ballots are cast.
   - Developed in collaboration with the Michigan Bureau of Elections, the method equips election officials with a practical strategy to detect important kinds of attacks and human error in vote counting—without placing additional strain on already limited budgets.

2. Meta’s global privacy disaster finally gets an African chapter
   (Techloy)
   - In Nigeria, officials upheld a $220 million fine after a 38-month investigation found that Meta had been quietly sharing WhatsApp user data without proper consent.
   - Meta previously hinted that WhatsApp might exit Nigeria entirely if rules get too strict. Nothing’s confirmed yet, but with over 51 million Nigerian WhatsApp users, losing the service would leave a major gap.

3. TikTok hit with €530M fine after illegally sending users’ data to China
   (Politico)
   - The Irish Data Protection Commission (DPC) said TikTok breached the EU’s flagship data protection rules when it sent European user data to China because it couldn’t guarantee that the data was protected under China’s surveillance laws.
   - TikTok had for years claimed it did not store European or American user data on servers in China, but in April informed the regulator that it had discovered in February that “limited EEA User Data” had in fact been stored in China.

   ---

Saturday, May 3rd

1. AI Trust is the New Cyber Currency
   (Bank Info Security)
   - Estonia’s Ambassador at Large for Cyber Diplomacy urges a Trust-First AI strategy, saying, “trust, not tech, is the new cornerstone of national resilience.”
   - He outlined how Estonia's deep-rooted digital governance model is preparing the country to lead in secure AI integration across sectors at the RSAC Conference 2025.

2. Lagos Establishes Cyber Security Operation Centre
   (This Day)
   - Lagos State Government has established a Cyber Security Operation Centre which has successfully mitigated two data exfoliation attempts; thee Lagos State is the foremost data-compliant in the federation with periodic assessment and has employed 109 data protection officers to ensure compliance and protection.

3. Rare Look at a Cyber Ransom Demand on a Local Company
   (WGTD 91.1FM)
   - The IT manager of TG3 Electronics, a second-generation family-owned company based in Kenosha that produces custom keyboards and other electronics, talked about his small business’ experience with ransomware.

   ---

Sunday, May 4th

1. Almost half of Flemish companies suffered cyber attack last year
   (Belga News Agency)
   - Although 71 per cent of organisations believe they are well protected against cyber-attacks, procedures and measures are often inadequate.

2. Bangladesh warns about massive cyber attack ahead polls
   (BSS News)
   - The Information and Communication Technology Division of the Government of Bangladesh warned about massive cyber attacks on the digital infrastructures and propagation of rumors and misinformation ahead of the national election.

3. Quitting Nigeria Does Not Absolve Meta of Liability
   (TVC News)
   - Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) investigated Meta Platforms and WhatsApp for allegedly violating the Federal Competition and Consumer Protection Act (FCCPA) and the Nigeria Data Protection Regulation (NDPR).
   - The FCCPC says WhatsApp’s claim that it may be forced to exit Nigeria due to it’s recent order appears to be a calculated move aimed at inducing negative public reaction and potentially pressuring it to reconsider its decision.

---