fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Seven ‘no log’ VPN providers accused of leaking user logs onto the internet

A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.

This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.

Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet • The Register

LinkedIn Sued Over Access to Clipboard Data

Social networking company LinkedIn was hit with a class-action complaint alleging that it engaged in “a particularly brazen, indefensible privacy violation” by accessing material from Apple devices.

The allegations appear to stem from a report earlier this month by developer Don Morton, who tweeted that Microsoft’s LinkedIn was copying the clipboards on his iPad and MacBook.

Source: LinkedIn Sued Over ‘Brazen’ Privacy Breach 07/13/2020

UK government reported 500 personal data breaches to ICO in a year

Central government reported almost 500 personal data breaches to the Information Commissioner’s Office in the 2020 fiscal year, with one in ten requiring formal investigation and at least 10 incidents that have required the department in question to take remedial action.

During FY20, the regulator also received a collective tally of 1,006 data-breach reports from the local government sector. The overall number of reports filed across all sectors quadrupled following the introduction of GDPR, from 3,331 in 20178/18 to 13,840 the following year.

Source: EXCL: Whitehall departments reported 500 personal data breaches to ICO in FY20 | PublicTechnology.net

Germany proposes first-ever use of EU cyber sanctions over Russia hacking

Berlin has officially called for the use of a new EU sanctions framework to target Russian individuals following the 2015 hack attack against the German parliament’s IT system, an inquiry has revealed.

If agreed, the plan, which was recommended by Berlin last month, would be the first use of an EU cyber sanctions regime adopted in 2017.

Source: Germany proposes first-ever use of EU cyber sanctions over Russia hacking | News | DW | 12.07.2020

Republicans push bill requiring tech companies to help access encrypted data

A group of Senate Republicans is looking to force tech companies to comply with “lawful access” to encrypted information, potentially jeopardizing the technology’s security features.

The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants.

Source: Republicans push bill requiring tech companies to help access encrypted data – CNET

Privacy-preserving credentials for smartphones are coming

Mobile credentials for smartphones can help us securely and safely verify information about ourselves without revealing data unrelated to the question at hand.

Developers have been working for several years on a better way to design credentials. With COVID-19 and police surveillance now at the forefront of our political debates, it is time to bring this technology into the public conversation. The technology in question is privacy-preserving credentials hosted on smartphones, which have the potential to significantly improve privacy in cases where an individual needs to prove something like age or residence.

Source: Privacy-preserving credentials for smartphones are coming

Google says it will no longer save a complete record of every search

Google will no longer save a complete record of every search made by new users, the company says, as it launches a push to promote its privacy credentials against concerted competition from arch-rival Apple.

The company will now automatically delete its saved records of a new user’s activity on the web and in its apps after 18 months. Previously, such information had been kept indefinitely by default, which the company argued was necessary to personalise its services for individual users.

Source: Google says it will no longer save a complete record of every search | Google | The Guardian

São Paulo subway facial recognition system slammed over user data security and privacy

A new surveillance system is deemed “inefficient and dangerous” as it fails to protect the personal information of 4 million daily users, associations say.

The current legacy system includes an estate of non-integrated 2200 cameras that will be replaced by 5200 digital high-definition cameras controlled centrally. But the company responsible for the operation of São Paulo’s subway system has failed to demonstrate sufficient evidence that it is ensuring the protection of user privacy in the implementation of a new platform that will use facial recognition technology.

Source: São Paulo subway facial recognition system slammed over user data security and privacy | ZDNet

TikTok Will Never Hand Over Data to Chinese Govt, Says CEO

TikTok has claimed that the Chinese government has never requested for user data, nor would the company turn it over if asked.

TikTok has sought to distance itself from Beijing after it was banned in India earlier this week. In a letter to the Indian government dated June 28th, the company’s CEO, Kevin Mayer, said that the Chinese government has never asked for data of Indian users. He further claimed that the company wouldn’t comply with such an order even if Beijing asks for it.

Source: TikTok Will Never Hand Over Data to Chinese Govt, Says CEO | Beebom

More than half of organisations subject to GDPR collect more data than the regulation permits

A Data Risk and Security report released by the security software company Netwrix has revealed that companies are failing to follow GDPR and security best practices.

The survey of just over a thousand respondents revealed that security professionals are often bypassing many of the six stages of the data lifecycle. While security issues are mitigated at some stages, many important stages are being overlooked, resulting in vulnerable systems.

Source: More than half of organisations subject to GDPR collect more data than the regulation permits, a study has found

>