fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Retailer fined half a million pounds for data breach of at least 14 million people

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Source: National retailer fined half a million pounds for failing to secure information of at least 14 million people | ICO

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

LifeLabs faces proposed class action after data breach affects up to 15M clients

A proposed class action lawsuit has been filed against medical services company LifeLabs over a data breach that allowed hackers to gain access to the personal information of up to 15 million customers.

The plaintiffs allege LifeLabs “failed to implement adequate measures and controls to detect and respond swiftly to threats and risks to the Personal Information and health records of the class members,” in violation of the company’s own privacy policy.

Source: LifeLabs faces proposed class action after data breach affects up to 15M clients | CTV News

170m passwords stolen in Zynga hack, monitor says

Words With Friends company admitted hack in September but size only now revealed.

More than 170m usernames and passwords were stolen from the company behind Words With Friends in a hack this year. The information accessed by the hacker included email addresses, usernames and passwords stored in securely. The dump also included some Facebook IDs and phone numbers for users who had provided that information to the company.

Source: 170m passwords stolen in Zynga hack, monitor says | Games | The Guardian

Cyber risk index increased in 2019

Trend Micro Incorporated a specialist in cybersecurity solutions, today released the results of its latest Cyber Risk Index (CRI) study.

The results show businesses remain at an elevated risk of cyber attack due to organizations’ increased concerns over disruption or damages to critical infrastructure.

Source: #Privacy: Cyber risk index increased in 2019, study reveals

Thief Stole Payroll Data for Thousands of Facebook Employees

Personal banking information for tens of thousands of Facebook Inc. workers in the U.S. was compromised last month when a thief stole several corporate hard drives from an employee’s car.

The hard drives, which were unencrypted, included payroll data like employee names, bank account numbers and the last four digits of employees’ social security numbers, according to an email Facebook shared with staff Friday morning. The drives also included compensation information, including salaries, bonus amounts, and some equity details.

Source: Thief Stole Payroll Data for Thousands of Facebook Employees

Bitcoin ransomware locks 10 years’ worth of government data in Argentina

Bitcoin-hungry hackers have attacked a data center in Argentina which houses local government files.

The size of the Bitcoin ransom is unknown, but reports suggest attackers asked for somewhere in between approximately $37,000 and $370,000 (0.5 and 50 BTC) in exchange for decrypting the files.

The center had already recovered 90 percent of the encrypted data. Decrypting the files will take at least 15 days, mostly due to the sheer size of the archive. Some 7,700 GB — approximately 10 years worth data — was originally compromised as a result of the attack.

Source: Bitcoin ransomware locks 10 years’ worth of government data in Argentina

Top 10 GDPR Breaches in 2019 Cause €402.6 Million Fines

Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalizing companies and organizations that don’t adequately protect consumer information.

The ten most significant GDPR breaches in 2019 have caused €402.6 million fines in total. The three highest data breach penalties in 2019 make nearly 90 percent of this sizeable amount:

  • British Airways was fined a record €204.6 by UK’s ICO;
  • Marriott International was fined a €110.3 million by UK’s ICO;
  • Google inc. was fined a €50 million by french DPA.

Source: Top 10 GDPR Breaches in 2019 Cause €402.6 Million Fines – Virus Solution and Removal

The DNA database used to find the Golden State Killer is a national security leak waiting to happen

A private DNA ancestry database that’s been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers.

Security flaws in the service, called GEDmatch, not only risk exposing people’s genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample.

Source: The DNA database used to find the Golden State Killer is a national security leak waiting to happen – MIT Technology Review

1 2 3 36
>