Good day. Microsoft Corp. President Brad Smith wants companies and governments to more aggressively police cyberattacks on healthcare facilities and pressure countries that provide safe harbor to hackers, WSJ Pro’s David Uberti reports.

Mr. Smith warned that hackers will weaponize personal data over the next decade, and referred to a surge in ransomware attacks on healthcare facilities during the pandemic. Microsoft said Friday that hackers in Russia and North Korea targeted seven companies working on coronavirus vaccines and drugs.

Also today: Ticketmaster was fined $1.6 million for its 2018 data breach; hackers escalate ransomware attacks on schools; ransomware attacks on the manufacturing industry tripled in last year; and a breach at eyewear company Luxottica exposed data from 829,454 patients.

Microsoft head calls for global crackdown on cyberattacks. Microsoft Corp. President Brad Smith on Friday called for more aggressive policing of cyberattacks against governments and businesses around the world, warning that hackers would increasingly weaponize personal data over the coming decade.

Speaking at the Paris Peace Forum, a gathering of government officials and civil-society leaders, Mr. Smith cited an explosion this year of ransomware attacks on healthcare facilities intended to extort cash, steal confidential data or glean information related to the coronavirus pandemic. Cybersecurity experts say such attacks could disrupt medical care and endanger patients.

More collaboration among companies and governments could help track hackers across borders, Mr. Smith said, pressuring nation states that provide safe harbor to cyber criminals.

“This is not a world without law,” he added. 

Despite the prosecution of hackers in various countries, international norms for conducting cyberwarfare and producing digital weaponry are unclear.

Read more here. 

U.K. regulator fines Ticketmaster $1.6 million for 2018 data breach. The U.K. Information Commissioner’s Office fined Ticketmaster UK Ltd. £1.25 million ($1.6 million) for a 2018 data breach that potentially exposed information from more than 9 million customers in Europe, BBC reports. Hackers accessed payment-card details from Ticketmaster customers through a chatbot operated by a third-party supplier. Ticketmaster took nine weeks to start monitoring fraud on its website after it received alerts about possible fraud, the regulator said. Investigators said 60,000 payment cards from Barclays Bank customers were subject to fraud as a result of the breach. The regulator said Ticketmaster violated Europe’s General Data Protection Regulation by failing to assess the risks of using the chatbot on its payment page, and said the company didn’t use appropriate security measures or identify the breach fast enough.

Hackers escalate ransomware attacks on schools. There have been at least three dozen ransomware attacks on school districts since the pandemic began in March, WSJ reports. After an attack on Ohio’s Toledo Public Schools, a hacker posted students’ and employees’ personal data on their website last month, including Social Security numbers and dates of birth, and students’ disciplinary and disability information. Attackers can use that information for identity theft of young people. Other school districts have paid ransom fees. The Athens Independent School District in Athens, Texas, delayed the new school year by a week due to a ransomware attack.

Ransomware attacks on the manufacturing industry tripled in last year. Publicly recorded ransomware attacks against the manufacturing sector increased in the last year and at least five hacking groups are actively targeting the industry, ZDNet reports. Researchers from cybersecurity company Dragos Inc. said manufacturers may be likely to pay ransom fees because they require continuous uptime to keep production running. There were at least 262 vulnerabilities found in industrial equipment used by manufacturers this year.

Luxottica breach exposed data from 829,454 patients. Eyewear company EssilorLuxottica S.A. ADR suffered a data breach in August that exposed personal data and health data from 829,454 patients, Bleeping Computer reports. The data was from patients at LensCrafters, Target Optical, EyeMed and other eye care practices. Luxottica said an unauthorized person accessed its appointment scheduling application in August and a hacker may have accessed patient information including names, contact information, health insurance policy numbers and doctors’ notes about prescriptions and health conditions. Some patients’ social security numbers and credit card details may also have been exposed.

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.