fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data breach "

Data breaches ‘major contributor’ to UK fraud

Data breaches are a “major contributor” to fraud experienced in the UK, a new report by a banking industry trade association has said.

UK Finance’s ‘fraud the facts 2019’ report said £1.2 billion was successfully stolen “through fraud and scams” in 2018. Personal data stolen from businesses was used to perpetrate much of that fraud, according to the report.

Source: Data breaches ‘major contributor’ to UK fraud

Finland to investigate Nokia about sending data to China

Finland’s data protection ombudsman said on Thursday he would investigate whether Nokia-branded phones had breached data rules after a report said the handsets sent information to China.

Nokia-branded mobile phones are developed under licence by Finnish company HMD Global, which said no personal data had been shared with a third party although it said there had been a data software glitch with one batch of handsets that had been fixed.

Source: Finland to investigate Nokia-branded phones after data breach report | Reuters

Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google

European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they’re just warming up. However, almost all of it comes from French data watchdog CNIL’s €50m fine for Google.

One thing that did change immediately under GDPR, if not the fines, was the number of incident reports. This was particularly so for companies turning themselves in over data breaches. In the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area.

Source: Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google • The Register

Most ICO data breach reports late and incomplete prior to GDPR

A Freedom of Information (FOI) request from the Information Commissioner’s Office (ICO) was released today revealing the amount of late and incomplete data breach reports prior to GDPR.

It found that businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment.

On average, businesses waited three weeks after discovery to report a breach to the ICO, while the worst offending organisation waited 142 days. The vast majority (91%) of reports to the ICO failed to include important information such as the impact of the breach, recovery process and dates.

Source: Most ICO data breach reports late and incomplete prior to GDPR, reveals FOI

Data breaches up 400 percent, 15 billion records compromised

The number of data breaches increased more than 400 percent in 2018 exposing almost 15 billion records, according to the identity intelligence company 4iQ.

The company’s annual report confirmed 12,440 new breaches, a 424 percent increase compared to 2017, and of the 14.9 billion records compromised, 3.6 billion were confirmed real and exposed for the first time and were not part of an earlier breach. Government agencies were fastest growing target suffering a 291 percent increase in data breach incidents and the United States and China were home for 47 percent of all breached records, 4iQ found.

Source: Data breaches up 400 percent, 15 billion records compromised: report | SC Media

2 Billion Unencrypted Records Leaked In Marketing Data Breach

Another day, another mega data breach. Except this one is different. More than two billion unencrypted records with very detailed information including mortgage data and credit scoring. So, what’s happened and what should you do next?

Full article: 2 Billion Unencrypted Records Leaked In Marketing Data Breach — What Happened And What To Do Next

Organizations Taking Less Time to Detect Breaches

Internal security teams at enterprise organizations are generally getting better at detecting compromises, but it’s still taking them well over a month to discover them.

A FireEye analysis of global breach data from 2018 shows that half of all organizations last year took 50.5 days or longer to detect an intrusion after it first began. That was one week faster than the median of 57.5 days it took them in 2017.

Source: Organizations Taking Less Time to Detect Breaches

The Marriott Breach Shows Just How Inadequate Cyber Risk Disclosures Are

Recently, Marriott waited 11 weeks to reveal that 383 million customer records had been compromised, exposing at least 25 million passport numbers and 8 million payment cards.

The Marriott breach offers four takeaways that can be useful to both senior managers and regulators: 1) cyber risk disclosure continues to be inadequate; 2) special events such as mergers and associated cost cutting can trigger cyber breaches; 3) systemic cyber risk in the system is building; and 4) boards continue to be unprepared or unqualified to deal with cyber risk.

Full article: The Marriott Breach Shows Just How Inadequate Cyber Risk Disclosures Are

Data protection authorities in Sweden launch investigation into medical service providers

Sweden’s Data Protection Authority has divulged that it has opened investigations into medical service providers, Voice Integrate Nordic. The organisation is part of Vardguiden, the country’s phone-up medical information service.

Recent news reports allege that a high number of recorded phone calls received by Voice Integrate Nordic were placed in the public domain online and had become open to public access without protection through encryption or passwords.

Source: Data protection authorities in Sweden launch investigation into medical service providers

>