fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

Twitter Data-Breach Case Won’t Be Resolved Before Year’s End

European privacy regulators are unlikely to issue a final ruling on Twitter’s handling of a 2019 data breach before the end of the year, Ireland’s data commissioner said.

Under the General Data Protection Regulation, the European Union’s 2018 data privacy law, Twitter faces a fine of up to 2% of its global revenue last year, or roughly $69 million, for failing to disclose the breach within 72 hours.

Helen Dixon, head of Ireland’s Data Protection Commission, in May submitted a draft decision to more than two dozen of the bloc’s privacy regulators for review, as required under the law. Eleven regulators objected to the proposed ruling, sparking a lengthy dispute-resolution mechanism, she said. The contents of the draft decision haven’t been disclosed.

Source: Twitter Data-Breach Case Won’t Be Resolved Before Year’s End, Ireland’s Regulator Says – WSJ

No GDPR damages after data breach, says German court

In a civil action following a personal data breach affecting a credit card bonus programme, the Regional Court (Landgericht) Frankfurt am Main rejected claims by a data subject who was affected by the breach for a cease-and-desist injunction and for compensation for non-material damage under Article 82(1) GDPR.

The decision is in line with the majority of similar restrictive interpretations of Article 82(1) GDPR by other German courts, requiring evidence of objective harm. Nevertheless, there are also a few more “generous” court decisions favoring a subjective test for proof of non-material damage.

Source: Germany: No GDPR damages after data breach – Privacy Matters

ICO fines British Airways £20m for data breach affecting more than 400,000 customers

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

Source: ICO fines British Airways £20m for data breach affecting more than 400,000 customers | ICO

Half of Organizations Experienced Security Incidents While Working Remotely

As businesses try to deliver a seamless hybrid experience of work from home and office, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks – making it the leading cause of security incidents during this period of remote working.

Source: Half of Organizations Experienced Security Incidents While Working Remotely, Reveals New Data – socPub

Shopify reports ‘rogue’ employees stole some customer data

The company’s software enables online shopping for other businesses, and in a blog post it revealed that two employees were caught “in a scheme to obtain customer transactional records of certain merchants.”

It’s unclear how much data they actually stole, which the blog post said came from fewer than 200 merchants. The information access included stuff like contact information as well as order details of what was purchased, but for now, the company says it did not include payment information like credit card or account numbers.

Source: Shopify reports ‘rogue’ employees stole some customer data | Engadget

Human error reveals personal data of 18,000 Welsh Covid-19 sufferers

Public Health Wales yesterday announced a data breach involving the personally identifiable data of 18,105 people resident in Wales who had received a positive test for Covid-19.

In a statement, the health body attributed the incident to “individual human error”, whereby the data was mistakenly uploaded to a public server on 30 August, remaining searchable for 20 hours before its removal on the morning of 31 August.

Source: Human error reveals personal data of 18,000 Welsh Covid-19 sufferers

Uber former security chief charged in connection with attempted data breach cover-up

The US Department of Justice has charged Joseph Sullivan, former chief security officer at Uber, with obstruction of justice following a data breach.

Mr Sullivan allegedly tried to cover up a 2016 hack that compromised data of millions of users and drivers, federal court papers filed last week in San Francisco said.

Source: Uber former security chief charged in connection with attempted data breach cover-up

Violation of personal data security by the Danish Data Protection Agency

Denmark’s data protection authority Datatilsynet has suffered a data breach when it discovered that its own documents, which should have been shredded, were disposed of in the normal wastepaper bin.

The case includes physical documents, which may have contained confidential and sensitive information about citizens, employees, etc. The agency notified itself of the breach per Article 33 of the General Data Protection Regulation, however 24 hours after the 72 hours required by law.

Source: Violation of personal data security by the Danish Data Protection Agency

Data breach at Experian, 24 million South Africans’ personal information exposed

Consumer, business and credit information services agency Experian has experienced a breach of data which has exposed personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

Experian said banks had been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers might have been exposed to the breach and to protect their personal information, even as the investigation unfolds.

Source: Data breach at Experian, 24 million South Africans’ personal information exposed

Companies with poor privacy practices are 80% more apt to suffer data breach

Poor privacy=data breach as reported by Osano was proven July 15 when Twitter was hacked and 130 accounts – including Joe Biden’s and Kanye West’s – were exposed.

There’s a direct correlation between a company’s poor privacy practices and the likelihood of a data breach, according to a report from the data privacy platform Osano, The Osano Data Privacy and Data Breach Link.

Source: Companies with poor privacy practices are 80% more apt to suffer data breach – TechRepublic

1 2 3 42
>