fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " cybersecurity "

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

European privacy authorities have received nearly 65,000 data breach notifications since the EU’s General Data Protection Regulation went into full effect in May 2018.

In addition, regulators in 11 European countries have imposed almost €56 million in General Data Protection Regulation fines. Though biggest part of it comes from Google €50 million GDPR fine.

Source: GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Companies’ Stock Value Dropped 7.5% after Data Breaches

After analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.

Research also showed that these breaches have cost an average of $347 million in legal fees, penalties and remediation costs. “Marriott uncovered the breach while seeking GDPR compliance; the company is now being fined $912 million under the regulation,” the report said.

Source: Companies’ Stock Value Dropped 7.5% after Data Breaches – Infosecurity Magazine

Trump declares national emergency over IT threats

President Donald Trump has declared a national emergency to protect US computer networks from “foreign adversaries”.

He signed an executive order which effectively bars US companies from using foreign telecoms believed to pose national security risks.

Source: Trump declares national emergency over IT threats – BBC News

Unsecured server exposes data for 85% of all Panama citizens

An Elasticsearch server left connected to the internet without a password, or firewall protection, has leaked what appears to be personal records and patient information for roughly 85 percent of Panama’s citizens.

Information stored in the leaky Elasticsearch server included names, home addresses, phone numbers, email addresses, national ID numbers, dates of birth, medical insurance numbers, and other.

Source: Unsecured server exposes data for 85% of all Panama citizens | ZDNet

Administrative fine of 170.000 € imposed on Bergen Municipality

The Norwegian Supervisory Authority (Datatilsynet) has imposed an administrative fine of 1.6 million Norwegian kroner, or the equivalent of 170.000 €, on the Municipality of Bergen.

The incident relates to computer files with usernames and passwords to over 35000 user accounts in the municipality’s computer system. The user accounts related to both pupils in the municipality’s primary schools, and to the employees of the same schools. Due to insufficient security measures, these files have been unprotected and openly accessible. The lack of security measures in the system made it possible for anyone to log in to the school’s various information systems, and thereby to access various categories of personal data relating to the pupils and employees of the schools.

Source: Administrative fine of 170.000 € imposed on Bergen Municipality | Datatilsynet

Turkish watchdog fines Facebook $271,000 for data breach

Turkey’s Personal Data Protection Authority (KVKK) said on Friday it had fined Facebook a total of 1.65 million lira ($270,976.01) in April due to a data breach.

It cited a Facebook statement from December as saying the company had discovered a photo API bug that allowed third-party applications to access Facebook user photos.

Source: Turkish watchdog says it fines Facebook $271,000 for data breach – Reuters

Benchmarking Data on the First Anniversary of the GDPR

Organizations should already have most of the basic structures for compliance with GDPR in place – the ability to respond to data subject access requests, the extensive mapping and tracking of data that is processed, etc.

But how are organizations responding to data breaches when they occur? And how are they making some of the critical determinations around if they need to provide notification, to whom, and when?

Full article: Benchmarking Data on the First Anniversary of the GDPR

61% of IT professionals have experienced a serious data breach

McAfee revealed in its Grand Theft Data II – The Drivers and Shifting State of Data Breaches, that IT security professionals are struggling to secure their organisation despite improvements.

The report revealed that 61% of IT professionals have experienced at least one data breach at their current company and 48% at a previous company.

Source: 61% of IT professionals have experienced a serious data breach, research reveals

Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance.

Given the findings in the 2019 Data Security Incident Report (“DSIR”), what rule of thumb or general guidance exists to guide decision-making regarding acceptable financial risk allocation?

Full article: Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

New laws should strengthen security across Internet of Things

New laws may soon be passed to improve the security of IoT gadgets, in the wake of an increasing number of hacking incidents taking place on favourite consumer devices.

New legislation designed to shore up protection may force such items to have their own unique password that users would have to key in before the gadgets can be activated.

The new laws, which have been launched by Digital Minister, Margot James, would also oblige manufacturers to install a new labelling system on IoT products to clearly inform consumers of the product’s safety levels.

Source: New laws should strengthen security across Internet of Things

1 2 3 92
>