fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

The DNA database used to find the Golden State Killer is a national security leak waiting to happen

A private DNA ancestry database that’s been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers.

Security flaws in the service, called GEDmatch, not only risk exposing people’s genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample.

Source: The DNA database used to find the Golden State Killer is a national security leak waiting to happen – MIT Technology Review

Over 21 million stolen login credentials found on the dark web

Stolen login credentials from Fortune 500 companies have been found in numerous places on the dark web, many of which are available in plaintext form.

Amid the 21 million records exposed, it is noted that only 4.9 million of them were fully unique passwords, suggesting that many users have identical or similar passwords. 16 million of them being compromised during the last 12 months.

Source: State of Stolen Credentials in the Dark Web from Fortune 500 Companies | ImmuniWeb Security Blog

Supply chains show their weaknesses following Avast and NordVPN attacks

Antivirus solution provider Avast and VPN service NordVPN each disclosed a data breach that were traced back to a case of exposed credentials.

The security incidents are indicative of a key threat that exploits insecurities in the digital supply chain to mount a variety of attacks on businesses and critical infrastructure. Exploiting a third-party also vastly increases the scale of an attack, as a successful break-in opens up access to multiple businesses, making them all vulnerable at once.

Source: Supply chains show their weaknesses following Avast and NordVPN attacks

Ireland publishes note on data breach trends

Ireland’s Data Protection Commission has published information note on data breach trends from the first year of the General Data Protection Regulation (GDPR).

The total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach.

a total of 13% failed to satisfy the requirement of notification to the DPC ‘without undue delay’ (normally within 72 hours), as required under the provisions of GDPR.

Source: Data Breach Trends from the First Year of the GDPR

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

£100 million data breach claim against Equifax

North West based data breach and cybersecurity specialist Hayes Connor Solicitors is the first in the UK to serve a representative data breach claim in the High Court.

The action could see Equifax ordered to pay up to £100 million in compensation to its estimated 15 million UK customers affected by its 2017 data breach.

The action follows the Court of Appeal’s decision on the Lloyd v Google case on 2nd October which ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire affected population.

Source: Hayes Connor issues landmark £100 million data breach claim against Equifax | Business Up North

Former Yahoo! engineer hacked user emails for smutty snaps

Former Yahoo! software engineer has pleaded guilty in a California federal court to one count of computer intrusion after breaking into customers’ Yahoo! emails and accounts at other service providers to obtain private data, mainly sexual images and videos of account holders.

He abused his internal access at Yahoo! to hack into about 6,000 accounts in May and June last year. He then used the information he obtained to compromise other online services used by Yahoo! customers, such as Dropbox, Facebook, Gmail, and iCloud.

Source: Former! Yahoo! engineer! admits! to! hacking! user! emails! for! smutty! snaps! • The Register

Over 50% of companies have experienced a data breach

New research by Bitdefender discovered that 24% of companies have already suffered a data breach halfway through 2019.

While 57% of companies have experienced a data breach during the last years, 36% of infosec professionals stated that their companies could likely be facing a breach without knowing about it.

The security firm conducted a survey of more than 6,000 infosecurity professionals from organisations across the US, EMEA and APAC.

Source: #Privacy: Over 50% of companies have experienced a data breach

Non-disclosure of Data Breaches Negatively Affects Acquisitions and Mergers

A recent study has shown that a company’s cybersecurity program, and how it has handled any history of data breaches, has a significant impact on its monetary sales value.

The report, by (ISC)2, asked 250 US-based mergers and acquisitions experts looking at the importance of a company’s cybersecurity program, and how much of an impact its breach history has on its valuation ahead of a potential acquisition.

Their findings revealed that 49% of those experts have seen deals completely derailed after due diligence brought an undisclosed breach to light. Furthermore, 86% of respondents said that if a company publicly reported a breach of customer or other critical data in its past, it would detract from the allocated acquisition price.

Source: #SECURITY: Non-disclosure of Data Breaches Negatively Affects Acquisitions and Mergers

Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

The President of the Personal Data Protection Office imposed a fine of an amount higher than PLN 2.8 million (ca. 645,000 euros) on Morele.net.

The company’s organisational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data, which means that data of about 2.2 million people have fallen into the wrong hands.

Source: Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

1 2 3 35
>