Download free GDPR compliance checklist!

Tag Archives for " data breach "

Capital One Fined $80 Million in Data Breach

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders.

Capital One failed in 2105 to establish effective risk management when it migrated information technology operations to a cloud-based service. The bank’s own internal audit failed to identify “numerous weaknesses” in its management the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”

Source: Capital One Fined $80 Million in Data Breach | SecurityWeek.Com

Morgan Stanley Hit with Class Lawsuit Over Alleged Data Breaches

Former and current Morgan Stanley customers have filed a putative class-action lawsuit alleging negligence and invasion of privacy over the firm’s failure to properly scrub decommissioned hardware of personal information such as social security numbers, account numbers and other personal data.

Morgan Stanley earlier this month began notifying brokers and customers that some client information remained on hardware from two data centers that were closed in 2016.

Source: Morgan Stanley Hit with Class Lawsuit Over Alleged Data Breaches – AdvisorHub

UK data watchdog having a hard time making GDPR fines stick

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog – while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again.

Mishcon’s Baines pondered whether the amount of ICO effort devoted to the two cases had disrupted its other data protection enforcement work: “One wonders if the effect of the BA and Marriott investigations has also been to cause work on other enforcement action to be paused, or at least delayed,” he mused, referring to boasts from Information Commissioner Elizabeth Denham last year that she was about to announce more big GDPR fines.

Source: UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat • The Register

Garmin global outage caused by ransomware attack

The WastedLocker ransomware, used by a notorious Russian hacking group, is said to be to blame.

The incident began late Wednesday and continued through the weekend, causing disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.

Source: Garmin global outage caused by ransomware attack, sources say | TechCrunch

Seven ‘no log’ VPN providers accused of leaking user logs onto the internet

A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.

This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.

Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet • The Register

LinkedIn Sued Over Access to Clipboard Data

Social networking company LinkedIn was hit with a class-action complaint alleging that it engaged in “a particularly brazen, indefensible privacy violation” by accessing material from Apple devices.

The allegations appear to stem from a report earlier this month by developer Don Morton, who tweeted that Microsoft’s LinkedIn was copying the clipboards on his iPad and MacBook.

Source: LinkedIn Sued Over ‘Brazen’ Privacy Breach 07/13/2020

UK government reported 500 personal data breaches to ICO in a year

Central government reported almost 500 personal data breaches to the Information Commissioner’s Office in the 2020 fiscal year, with one in ten requiring formal investigation and at least 10 incidents that have required the department in question to take remedial action.

During FY20, the regulator also received a collective tally of 1,006 data-breach reports from the local government sector. The overall number of reports filed across all sectors quadrupled following the introduction of GDPR, from 3,331 in 20178/18 to 13,840 the following year.

Source: EXCL: Whitehall departments reported 500 personal data breaches to ICO in FY20 | PublicTechnology.net

Police Are Buying Access to Hacked Website Data

Hackers break into websites, steal information, and then publish that data all the time, with other hackers or scammers then using it for their own ends. But breached data now has another customer: law enforcement.

Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more.

Source: Police Are Buying Access to Hacked Website Data

Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

The researchers found 845 gigabytes and close to 2.5 million records, likely representing data from hundreds of thousands of users.

The information was particularly sensitive and included sexually explicit photos and audio recordings. The researchers also found screenshots of private chats from other platforms and receipts for payments, sent between users within the app as part of the relationships they were building. And though the exposed data included limited “personally identifying information,” like real names, birthdays, or email addresses, the researchers warn that a motivated hacker could have used the photos and other miscellaneous information available to identify many users. The data may not have actually been breached, but the potential was there.

Source: Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More | WIRED

Apple Pays Hacker $100,000 Bug Bounty for Finding Huge Apple Security Hole

A bug bounty hunter in India found an Apple security hole. Essentially, anyone could request a token for any email ID. Apple’s servers would then verify that token, so an attacker could gain access to any account you had linked to it.

‘Sign In With Apple’ is supposed to increase your online security and privacy by not revealing personal information when you sign up for accounts on websites or in apps. In fact, Apple requires that developers make it available as an option when they also include social sign-up capability from companies like Facebook or Google. Actually, however, it potentially opened up your online accounts to anyone who had your email address and was technical enough to post a simple request to the Apple ID servers.

Source: Hacker Finds Huge Apple Security Hole; Apple Pays $100,000 Bug Bounty

1 2 3 41