fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

Bot Lets Hackers Easily Look Up Facebook Users’ Phone Numbers

A user of a low-level cybercriminal forum is selling access to a database of phone numbers belonging to Facebook users, and conveniently letting customers look up those numbers by using an automated Telegram bot.

Although the data is several years old, it still presents a cybersecurity and privacy risk to those whose phone numbers may be exposed—one person advertising the service says it contains data on 500 million users. Facebook told Motherboard the data relates to a vulnerability the company fixed in August 2019.

 

Source: Bot Lets Hackers Easily Look Up Facebook Users’ Phone Numbers

Grindr fined $11.7 million for illegally sharing private user information with advertisers

Grindr will be fined 100 million Norwegian kroner, or about $11.7 million, by the Norwegian Data Protection Authority for illegally sharing private information about Grindr users to advertisers.

Last January, the Norwegian Consumer Council filed three complaints against Grindr for sharing personal information, including users’ locations and information about the device they were using, with advertisers.

Source: Grindr fined $11.7 million for illegally sharing private user information with advertisers – The Verge

Data stolen from Scottish regulator in cyberattack published online

The Scottish Environment Protection Agency (SEPA) earlier this month revealed at least 4,000 files containing 1.2GB were stolen in an ongoing ransomware attack that began on Christmas Eve.

SEPA said that data accessed through the attack has now been illegally published. The agency said it does not know, and and may never know the full detail of the 1.2 GB of information stolen. It said some of it will have been publicly available, while some will not have been.

Source: Data stolen from Scottish regulator in cyberattack published online

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification.

The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.

Source: EDPB Publishes Guidelines on Examples regarding Data Breach Notification | Privacy & Information Security Law Blog

India just had the Biggest Medical Records Breach Ever

In a data breach unprecedented in its scale in India, a large multi-speciality private hospital in Kerala had its complete patient records from the last five years—involving hundreds of thousands of test results, scans, prescriptions, etc—leaked on the internet, all of it searchable by a unique patient ID.

This breach potentially involved several gigabytes of patient data—if not terabytes—documented in many hundreds of thousands of separate files. Most of these medical records included patient names, email addresses and/or phone numbers.

It remains unclear how many weeks or months (or years) these records remained in the public domain.

Source: Data, Privacy, Pandemic: India just had the Biggest Medical Records Breach Ever | ORF

BA facing potential ‘£800m’ lawsuit over data breach

British Airways (BA) is potentially facing the largest privacy class-action lawsuit in UK history over its mass customer data breach that affected 400,000 people, according to a law firm involved.

More than 16,000 people are now understood to have joined a case seeking compensation from the airline over the 2018 incident. PGMBM, the law firm representing the claimants, says each claimant could claim £2,000 each, bringing the total to more than £800m.

Source: BA facing potential ‘£800m’ lawsuit over data breach

WhatsApp private chat groups get EXPOSED again on Google search

Just days after rolling out its new policy obliging users to share their data with Facebook, WhatsApp has suffered an embarrassing privacy breach, with its private chat groups being indexed on Google’s search engine.

The privacy breach was reported on Sunday. Invite links to private WhatsApp messaging groups as well as some user profiles were indexed by Google and appeared in search results, essentially meaning anyone was able to join supposedly secure chats and see both chats and related phone numbers.

Source: WhatsApp private chat groups get EXPOSED again on Google search — RT World News

Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates

Microsoft confirmed that its network was among the thousands infected with tainted software updates from SolarWinds, even as new data the company has released suggest the likely Russian actors behind the campaign were focused on a smaller set of targets than originally thought.

Microsoft on Friday said that it had detected malicious SolarWinds binaries in its environment, which the company isolated and removed. However, the software giant denied a Reuters report on Thursday that claimed Microsoft’s own products were then used to distribute malware to other organizations in much the same way SolarWinds’ Orion network product management technology was abused.

Source: Microsoft Confirms Its Network Was Breached With …

Class action suit launched against Dell after data breach led to years of scam calls

A proposed class action suit has been launched against Dell Technologies on behalf of thousands of Canadians whose personal information was compromised in a data breach.

According to a claim filed in a Nova Scotia court, the suit’s proposed representative plaintiff is seeking compensation for two years of scam calls and emails he received after a 2017 data breach exposed information about him and more than 7,000 other Dell customers.

Source: Class action suit launched against Dell after data breach led to years of scam calls – National | Globalnews.ca

Twitter data breach decision due on December 17

Despite “very divergent views” between EU data protection authorities over a case of data breaches by Twitter, a final decision on the bloc’s first major cross-border online privacy case is due to be published on December 17th, it has been revealed.

Irish Data Commissioner Helen Dixon said on Thursday (3 December) that talks with fellow EU data protection regulators had been beset by “high levels of dispute” on a final decision as to Twitter’s punishment following a 2019 disclosure on a bug in its Android app. The bug had led to some Twitter users’ protected tweets being made public.

Source: Twitter data breach decision due on December 17: Irish data regulator – EURACTIV.com

1 2 3 44
>