fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

170m passwords stolen in Zynga hack, monitor says

Words With Friends company admitted hack in September but size only now revealed.

More than 170m usernames and passwords were stolen from the company behind Words With Friends in a hack this year. The information accessed by the hacker included email addresses, usernames and passwords stored in securely. The dump also included some Facebook IDs and phone numbers for users who had provided that information to the company.

Source: 170m passwords stolen in Zynga hack, monitor says | Games | The Guardian

Cyber risk index increased in 2019

Trend Micro Incorporated a specialist in cybersecurity solutions, today released the results of its latest Cyber Risk Index (CRI) study.

The results show businesses remain at an elevated risk of cyber attack due to organizations’ increased concerns over disruption or damages to critical infrastructure.

Source: #Privacy: Cyber risk index increased in 2019, study reveals

Thief Stole Payroll Data for Thousands of Facebook Employees

Personal banking information for tens of thousands of Facebook Inc. workers in the U.S. was compromised last month when a thief stole several corporate hard drives from an employee’s car.

The hard drives, which were unencrypted, included payroll data like employee names, bank account numbers and the last four digits of employees’ social security numbers, according to an email Facebook shared with staff Friday morning. The drives also included compensation information, including salaries, bonus amounts, and some equity details.

Source: Thief Stole Payroll Data for Thousands of Facebook Employees

Bitcoin ransomware locks 10 years’ worth of government data in Argentina

Bitcoin-hungry hackers have attacked a data center in Argentina which houses local government files.

The size of the Bitcoin ransom is unknown, but reports suggest attackers asked for somewhere in between approximately $37,000 and $370,000 (0.5 and 50 BTC) in exchange for decrypting the files.

The center had already recovered 90 percent of the encrypted data. Decrypting the files will take at least 15 days, mostly due to the sheer size of the archive. Some 7,700 GB — approximately 10 years worth data — was originally compromised as a result of the attack.

Source: Bitcoin ransomware locks 10 years’ worth of government data in Argentina

Top 10 GDPR Breaches in 2019 Cause €402.6 Million Fines

Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalizing companies and organizations that don’t adequately protect consumer information.

The ten most significant GDPR breaches in 2019 have caused €402.6 million fines in total. The three highest data breach penalties in 2019 make nearly 90 percent of this sizeable amount:

  • British Airways was fined a record €204.6 by UK’s ICO;
  • Marriott International was fined a €110.3 million by UK’s ICO;
  • Google inc. was fined a €50 million by french DPA.

Source: Top 10 GDPR Breaches in 2019 Cause €402.6 Million Fines – Virus Solution and Removal

The DNA database used to find the Golden State Killer is a national security leak waiting to happen

A private DNA ancestry database that’s been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers.

Security flaws in the service, called GEDmatch, not only risk exposing people’s genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample.

Source: The DNA database used to find the Golden State Killer is a national security leak waiting to happen – MIT Technology Review

Over 21 million stolen login credentials found on the dark web

Stolen login credentials from Fortune 500 companies have been found in numerous places on the dark web, many of which are available in plaintext form.

Amid the 21 million records exposed, it is noted that only 4.9 million of them were fully unique passwords, suggesting that many users have identical or similar passwords. 16 million of them being compromised during the last 12 months.

Source: State of Stolen Credentials in the Dark Web from Fortune 500 Companies | ImmuniWeb Security Blog

Supply chains show their weaknesses following Avast and NordVPN attacks

Antivirus solution provider Avast and VPN service NordVPN each disclosed a data breach that were traced back to a case of exposed credentials.

The security incidents are indicative of a key threat that exploits insecurities in the digital supply chain to mount a variety of attacks on businesses and critical infrastructure. Exploiting a third-party also vastly increases the scale of an attack, as a successful break-in opens up access to multiple businesses, making them all vulnerable at once.

Source: Supply chains show their weaknesses following Avast and NordVPN attacks

Ireland publishes note on data breach trends

Ireland’s Data Protection Commission has published information note on data breach trends from the first year of the General Data Protection Regulation (GDPR).

The total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach.

a total of 13% failed to satisfy the requirement of notification to the DPC ‘without undue delay’ (normally within 72 hours), as required under the provisions of GDPR.

Source: Data Breach Trends from the First Year of the GDPR

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

>