fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Tech companies warn EU lawmakers over ‘anti-encryption’ push

Four European apps which secure user data via end-to-end encryption, ProtonMail, Threema, Tresorit and Tutanota, have issued a joint-statement warning over recent moves by EU institutions that they say are setting lawmakers on a dangerous path to backdooring encryption.

End-to-end encryption refers to a form of encryption where the service provider does not hold keys to decrypt the data, thereby enhancing user privacy — as there’s no third party in the loop with the technical capability to access data in a decrypted form.

Source: ProtonMail, Threema, Tresorit and Tutanota warn EU lawmakers over ‘anti-encryption’ push | TechCrunch

Bot Lets Hackers Easily Look Up Facebook Users’ Phone Numbers

A user of a low-level cybercriminal forum is selling access to a database of phone numbers belonging to Facebook users, and conveniently letting customers look up those numbers by using an automated Telegram bot.

Although the data is several years old, it still presents a cybersecurity and privacy risk to those whose phone numbers may be exposed—one person advertising the service says it contains data on 500 million users. Facebook told Motherboard the data relates to a vulnerability the company fixed in August 2019.

 

Source: Bot Lets Hackers Easily Look Up Facebook Users’ Phone Numbers

Grindr fined $11.7 million for illegally sharing private user information with advertisers

Grindr will be fined 100 million Norwegian kroner, or about $11.7 million, by the Norwegian Data Protection Authority for illegally sharing private information about Grindr users to advertisers.

Last January, the Norwegian Consumer Council filed three complaints against Grindr for sharing personal information, including users’ locations and information about the device they were using, with advertisers.

Source: Grindr fined $11.7 million for illegally sharing private user information with advertisers – The Verge

Is it time to leave WhatsApp – and is Signal the answer?

Earlier this month, WhatsApp issued a new privacy policy along with an ultimatum: accept these new terms, or delete WhatsApp from your smartphone. But the new privacy policy wasn’t particularly clear and prompted a fierce backlash, with many users threatening to stop using the service.

While update of Facebook’s privacy policy was widely misinterpreted, Facebook’s highly criticised data collection ethos has eroded trust in the social network. And the social network isn’t known for keeping promises.

Full article: Is it time to leave WhatsApp – and is Signal the answer? | WhatsApp | The Guardian

New Proposed Rule Requires US Banks to Notify Regulators within 36 Hours

On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPRM) titled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.

The Proposed Rule would require a “banking organization” to notify its primary regulator no later than 36 hours after reasonably determining that a qualifying incident has occurred, and it would require a “bank service provider” (both terms defined below) to notify a banking organization immediately upon detecting that an incident materially impacting such organization has occurred.

Source: New Proposed Rule Requires Banks to Notify Regulators within 36 Hours – Hogan Lovells Engage

A Home Security Tech Hacked Into Cameras To Watch People Undressing And Having Sex

A home security technician admitted Thursday that he secretly accessed the cameras of more than 200 customers, particularly attractive women, to spy on while they undressed, slept, or had sex, federal prosecutors said.

Telesforo Aviles, a 35-year-old former employee for the security company ADT, admitted he secretly accessed the customers’ accounts more than 9,600 times over more than four years, according to a guilty plea submitted in court.

Source: A Home Security Tech Hacked Into Cameras To Watch People Undressing And Having Sex, Prosecutors Say

Data stolen from Scottish regulator in cyberattack published online

The Scottish Environment Protection Agency (SEPA) earlier this month revealed at least 4,000 files containing 1.2GB were stolen in an ongoing ransomware attack that began on Christmas Eve.

SEPA said that data accessed through the attack has now been illegally published. The agency said it does not know, and and may never know the full detail of the 1.2 GB of information stolen. It said some of it will have been publicly available, while some will not have been.

Source: Data stolen from Scottish regulator in cyberattack published online

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification.

The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.

Source: EDPB Publishes Guidelines on Examples regarding Data Breach Notification | Privacy & Information Security Law Blog

How Law Enforcement Gets Around Your Smartphone’s Encryption

New research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption.

Full article: How Law Enforcement Gets Around Your Smartphone’s Encryption | WIRED

India just had the Biggest Medical Records Breach Ever

In a data breach unprecedented in its scale in India, a large multi-speciality private hospital in Kerala had its complete patient records from the last five years—involving hundreds of thousands of test results, scans, prescriptions, etc—leaked on the internet, all of it searchable by a unique patient ID.

This breach potentially involved several gigabytes of patient data—if not terabytes—documented in many hundreds of thousands of separate files. Most of these medical records included patient names, email addresses and/or phone numbers.

It remains unclear how many weeks or months (or years) these records remained in the public domain.

Source: Data, Privacy, Pandemic: India just had the Biggest Medical Records Breach Ever | ORF

1 2 3 128
>