fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data breach "

Human error still the major cause of data breaches

More than half of all executives (53%) and nearly three in 10 Small Business Owners (28%) who suffered a breach, reveal that human error or accidental loss by an external vendor/source was the cause of the data breach, according to a Shred-it survey conducted by Ipsos.

The report found that nearly half of all executives (47%) and one in three SBOs (31%) say human error or accidental loss by an employee/insider was the cause.

Source: Human error still the cause of many data breaches – Help Net Security

Users must receive specific and helpful information in case of a data breach

No generic information may be provided to users in case of a data breach, whilst specific guidance must be made available on how to prevent unlawful use of one’s personal data – in particular identity thefts.

This is the decision issued by the Italian Supervisory Authority (Garante per la protezione dei dati personali) against one of Italy’s leading email service providers following the proceeding initiated after the company had notified the Garante of a data breach.

Source: Italian SA: Users must receive specific, helpful information in case of a data breach

Hackers are stealing personal medical data to impersonate your doctor

While personally identifiable information — full names, social security numbers, home addresses, dates of birth, credit card numbers — can be exploited by criminals to commit identity fraud, the theft of medical information can have equally serious impact on victims.

How hackers exploit medical data? Administrative paperwork — like medical licenses — to forge a doctor’s identity sells on the dark web for around $500.  Insurance provider’s login information can be used to steal victim’s identity to claim insurance. Forging health insurance cards, prescriptions, and drug labels with an intention to carry drugs through the airport. Using hacked personal health information against individuals who have health issues for extortion and other crimes.

Source: Hackers are stealing personal medical data to impersonate your doctor

Vulnerability versus incident

The news is filled with stories nearly every day of things going awry in technical systems: security, privacy, abuse, ethics and more.

Yet one of the most important distinctions — the difference between a vulnerability and an incident — is often overlooked. In short, a vulnerability holds the potential for harm; an incident is where harm has occurred.

Full article: Tech talk: Vulnerability versus incident

Employees are almost as dangerous to business security as hackers and cybercriminals

Non-malicious insiders are among the top three threat actors, according to an ISACA report. Employee mistakes and system errors are a larger threat to data security than hackers or insiders, one report found, while 75% of IT professionals say they are vulnerable to insider threats, another survey said.

Top three threat actors to businesses:

  1. Cybercriminals (32%)
  2. Hackers (23%)
  3. Non-malicious insiders (15%)

Source: Employees are almost as dangerous to business security as hackers and cybercriminals

Only 0.25% of reported data breach cases fined under GDPR

Data requested by digi.me shows that of 11,468 data breach cases closed by the Information Commissioner’s Office (ICO) since GDPR’s implementation, only 29 have resulted in financial penalties. That makes a penalty rate of just 0.25 per cent.

The data also revealed that 37,798 data protection concerns have been raised by members of the public since 25 May 2018. This figure is nearly three times the number of actual data breach cases investigated by the ICO during this same period (12,854).

Source: Digi.me investigation reveals only 0.25pc of reported data breach cases fined under GDPR – digi.me

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

European privacy authorities have received nearly 65,000 data breach notifications since the EU’s General Data Protection Regulation went into full effect in May 2018.

In addition, regulators in 11 European countries have imposed almost €56 million in General Data Protection Regulation fines. Though biggest part of it comes from Google €50 million GDPR fine.

Source: GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Companies’ Stock Value Dropped 7.5% after Data Breaches

After analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.

Research also showed that these breaches have cost an average of $347 million in legal fees, penalties and remediation costs. “Marriott uncovered the breach while seeking GDPR compliance; the company is now being fined $912 million under the regulation,” the report said.

Source: Companies’ Stock Value Dropped 7.5% after Data Breaches – Infosecurity Magazine

Unsecured server exposes data for 85% of all Panama citizens

An Elasticsearch server left connected to the internet without a password, or firewall protection, has leaked what appears to be personal records and patient information for roughly 85 percent of Panama’s citizens.

Information stored in the leaky Elasticsearch server included names, home addresses, phone numbers, email addresses, national ID numbers, dates of birth, medical insurance numbers, and other.

Source: Unsecured server exposes data for 85% of all Panama citizens | ZDNet

Administrative fine of 170.000 € imposed on Bergen Municipality

The Norwegian Supervisory Authority (Datatilsynet) has imposed an administrative fine of 1.6 million Norwegian kroner, or the equivalent of 170.000 €, on the Municipality of Bergen.

The incident relates to computer files with usernames and passwords to over 35000 user accounts in the municipality’s computer system. The user accounts related to both pupils in the municipality’s primary schools, and to the employees of the same schools. Due to insufficient security measures, these files have been unprotected and openly accessible. The lack of security measures in the system made it possible for anyone to log in to the school’s various information systems, and thereby to access various categories of personal data relating to the pupils and employees of the schools.

Source: Administrative fine of 170.000 € imposed on Bergen Municipality | Datatilsynet

1 2 3 32
>