Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

General Motors Reaches Settlement in Data-Harvesting Case

By Kim S. Nash
 

Hello. A big trove of data not only makes a ripe target for hackers. It also draws scrutiny from regulators.

General Motors settled a case with the Federal Trade Commission over collecting and selling data vacuumed up through its OnStar connected-car system without driver permission.

OnStar, the FTC said, harvested data points every three seconds, including driver habits and which radio station was playing, and can pinpoint locations to within 4.5 inches. GM sold the data to brokers such as Lexis Nexis Risk Services, which then shared it with insurance companies and others. Drivers were surprised when their premiums were raised or policies canceled, the FTC said. 

GM wasn't fined but the settlement says it must stop these practices for five years and if it resumes collection, the company has to get driver permission, take only minimum data for certain purposes and store it for a defined period of time. GM also has to delete within six months all the data it previously collected in violation of privacy regulations—a big job in itself.

The deal restricts GM in lots of other ways for the next 20 years. Read the original complaint and the settlement. 

More news below.

Note: The WSJ Pro Cybersecurity newsletter will be off Monday in observance of Martin Luther King Jr. Day. We’ll be back Tuesday.
 

‏‏‎ ‎
CONTENT FROM: ZSCALER
CISOs: Stop AI-Powered Threats with Zero Trust + AI

Your workforce is using AI to improve productivity. Keep sensitive data safe without slowing innovation. Zscaler Zero Trust + AI protects sensitive data, blocks malware and enables safe GenAI adoption for every user, app, and location.

Empower AI Innovation

 

More Cyber News

PHOTO: LEONARDO FERNANDEZ VILORIA

/REUTERS

Venezuela’s state-owned oil company, Petróleos de Venezuela, or PDVSA, is still working to recover tech systems knocked out in a cyberattack more than a month ago. Enterprise SAP software, email and other applications are down and delays in payments to employees and contractors are ongoing. (Bloomberg)

China-backed hackers are targeting U.S. government officials in a phishing campaign that mentions recent events in Venezuela, including the capture of leader Nicolás Maduro, according to cybersecurity company Acronis. Malware linked to the operation would steal information from computers on which it was activated, Acronis said. (Reuters)

PHOTO: MARIAM ZUHAIB/AP

Lt. Gen. Joshua Rudd, who is President Trump's nominee to lead the National Security Agency and U.S. Cyber Command, said if confirmed he would protect U.S. elections from foreign attack. 
  • Rudd was noncommittal at Thursday's confirmation hearing on whether the U.S. should pursue an aggressive "hack first" cyber strategy against adversaries, as Trump has been advocating. 
  • The NSA and Cyber Command have been without a permanent head since April, when Trump fired Gen. Timothy Haugh without giving a reason. (New York Times)

GrubHub confirmed a recent data breach, saying financial data and order histories weren't affected. The food delivery service didn't specify which or how much data was downloaded and said it is investigating the incident. (Bleeping Computer)

PHOTO: KEVIN DIETSCH

/GETTY IMAGES

Landed: Jen Easterly, former director of the Cybersecurity and Infrastructure Agency, is now chief executive of RSAC, one of the cyber industry's most important conferences. Before leaving CISA a year ago, at the start of President Trump's second term, Easterly held senior positions at the National Security Agency and Morgan Stanley. 
 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2026 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe