fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Max Schrems files complaint against Amazon

Max Schrems, head of None Of Your Business (noyb), has announced the not-for-profit organisation is to file a complaint to the German data protection authority over data protection standards at Amazon.

According to the NGO, Amazon is at fault due to a major lapse in data security. Noyb maintains that Amazon is in breach of the EU’s General Data Protection Regulation (GDPR) because its email servers, used to support direct communication between third-party sellers on the platform and consumers, do not accommodate baseline industry encryption in some instances.

Source: #Privacy: Max Schrems files complaint against Amazon

Firm Tracking Purchase, Transaction Histories of Millions Maybe Not Really Anonymizing Them

The nation’s largest financial data broker, Yodlee, holds extensive and supposedly anonymized banking and credit card transaction histories on millions of Americans.

Internal documents, however, appear to indicate that Yodlee clients could potentially de-anonymize those records by simply downloading a giant text file and poking around in it for a while. That includes a unique identifier associated with the bank or credit card holder, amounts of transactions, dates of sale, which business the transaction was processed at, and bits of metadata.

Source: Report: Firm Tracking Purchase, Transaction Histories of Millions Maybe Not Really Anonymizing Them

Over 15 billion records were exposed last year

The total number of records exposed in 2019 increased by 284 percent compared to 2018. In total, there were over 15.1 billion records exposed.

There were 7,098 breaches reported in 2019, a one percent increase on 2018, though the gap is anticipated to grow throughout Q1 2020 as more 2019 incidents come to light, says the new Risk Based Security report, 2019 Year End Data Breach QuickView Report.

Source: #Privacy: Over 15 billion records were exposed last year

Macs in greater cybersecurity danger than Windows for first time

The “State of Malware” report published by endpoint protection and remediation specialist, Malwarebytes, shows Mac threats are growing faster than their Windows counterparts for the first time ever, with nearly twice as many Mac threats detected per endpoint as Windows threats.

Malwarebytes detected an average of 11 threats per Mac endpoint in 2019—nearly double the average of 5.8 threats per endpoint on Windows. Overall Mac threats increased by more than 400 percent, year-over-year.

Source: #Privacy: Macs in greater cybersecurity danger than Windows for first time, malware report finds

ICO issues maximum pre-GDPR fine on major UK retailer

Last month the Information Commissioner’s Office (ICO), the UK data protection regulator, imposed a monetary penalty notice of £500,000 on electronics retailer DSG Retail Limited (DSG), a company better known by its trading brands, such as Currys PC World and Dixons Travel. DSG is a subsidiary of Dixons Carphone plc.

The personal data breach occurred during a compromise of DSG’s systems in the time period between 24 July 2017 to 25 April 2018 – before GDPR came into force.

The ICO’s decision to impose the maximum penalty is another clear example of the fact that the ICO is determined to use its fining powers when it considers it appropriate and to impose high fines for what it considers to be serious failures.

Source: #Privacy: ICO issues maximum pre-GDPR fine on major UK retailer

Software error exposes the ID numbers for 1.26 million Danish citizens

Danish tax portal accidentally shares tax payer identification numbers with Google and Adobe analytics services.

The error lasted for five years (between February 2, 2015, and January 24, 2020) before it was discovered by Danish Agency for Development and Simplification (Udviklings-og Forenklingsstyrelsen, or UFST).

Source: Software error exposes the ID numbers for 1.26 million Danish citizens | ZDNet

Russian hackers sponsoring cyber-crime competitions

Researchers have uncovered a new cybercriminal trend where Russian hackers are running contests on cybercriminal forums, such as Exploit and XSS, with increasingly high-stakes prizes.

According to Digital Shadows researchers , these forum-based contests are not exactly new, but prize values have recently increased as major hacking teams, such as Sodinokibi (aka REvil), are signing on to sponsor such competitions.

Source: #Privacy: Russian hackers sponsoring cyber-crime competitions

Human Error Not Cybersecurity is Leading GDPR Data Breach Trend

Human error is the main data breach trend under the new GDPR regime not cybersecurity incidents according the Irish Data Protection Commission (DPC).

The DPC has detailed the data breach trends it has observed during the first year of GDPR and unauthorised disclosure tops the list accounting for 83 percent of all reported breaches.

During the first year of GDPR, beginning on the 25 of May 2018, the Irish Data Protection Commission received 5,818 data breach notifications. The DPC notes that approximately 4 percent of all reported breaches were deemed to have not meet the definition of a ‘personal data breach’ when GDPR is applied.

Source: Human Error Not Cybersecurity is Leading GDPR Data Breach Trend

European parliament says it will not use facial recognition tech

Statement comes after leaked memo on use of technology in security provoked outcry The European parliament has insisted it has no plans to introduce facial recognition technology after a leaked internal memo discussing its use in security provoked an outcry.

The European parliament has insisted it has no plans to introduce facial recognition technology after a leaked internal memo discussing its use in security provoked an outcry.

Source: European parliament says it will not use facial recognition tech

Researchers Find ‘Anonymized’ Data Is Even Less Anonymous Than We Thought

Corporations love to pretend that ‘anonymization’ of the data they collect protects consumers. Studies keep showing that’s not really true.

When it was revealed that Avast is using its popular antivirus software to collect and sell user data, Avast CEO Ondrej Vlcek first downplayed the scandal, assuring the public the collected data had been “anonymized”—or stripped of any obvious identifiers like names or phone numbers.

But analysis from students at Harvard University shows that anonymization isn’t the magic bullet companies like to pretend it is. Previous studies have shown that even within independent individual anonymized datasets, identifying users isn’t all that difficult. But when data from different leaks are combined, identifying actual users isn’t all that difficult.

Source: Researchers Find ‘Anonymized’ Data Is Even Less Anonymous Than We Thought – VICE

1 2 3 110
>