fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Security"

Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

The President of the Personal Data Protection Office imposed a fine of an amount higher than PLN 2.8 million (ca. 645,000 euros) on Morele.net.

The company’s organisational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data, which means that data of about 2.2 million people have fallen into the wrong hands.

Source: Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

Secret FBI Subpoenas Scoop Up Personal Data From Scores of Companies

The F.B.I. has used secret subpoenas to obtain personal data from far more companies than previously disclosed.

The requests, which the F.B.I. says are critical to its counterterrorism efforts, have raised privacy concerns for years but have been associated mainly with tech companies. Now, records show how far beyond Silicon Valley the practice extends — encompassing scores of banks, credit agencies, cellphone carriers and even universities.

Source: Secret F.B.I. Subpoenas Scoop Up Personal Data From Scores of Companies – The New York Times

33% of executives don’t trust their organization to protect employee data

A third of executives in the US are “not confident in their organization’s ability to protect employee data from bad actors,” according to Dell’s 2019 Workplace Security Report, published Tuesday.

The survey of 4,600 executives, conducted with Vanson Bourne, queried business leaders across 42 countries. This is only marginally higher than the global average of 29%. Executives in Belgium (38%) and France (37%) lead distrust in Europe, while executives in South Korea (51%) and Singapore (42%) lead in Asia.

Source: 33% of executives don’t trust their organization to protect employee data – TechRepublic

Major breach found in biometrics system used by banks, UK police and defence firms

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Recently Biostar 2 platform was integrated into another access control system – AEOS, that is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police. In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted.

Source: Major breach found in biometrics system used by banks, UK police and defence firms | Technology | The Guardian

Data breach activity at its worst in 2019

A new report by Risk Based Security says that 2019 is on track to being the “worst year on record” for data breach activity.

The 2019 Midyear Quickview Data Breach Report from Risk Based Security reports the number of data breaches is already up by 54% over last year, with half the year left to go.

Source: #privacy: Data breach activity at its worst in 2019, report finds

Tokyo man arrested for memorizing credit card info of over 1,300 customers to make purchases

As opposed to using data-stealing malware or other interception methods, a cashier at a mall in Kōtō, Japan was apparently able to use his eidetic memory to steal credit card details of customers as their purchases were processed at the POS terminal.

Yusuki Taniguchi would store these details in a notebook to make purchases online. The items he bought were then sold through a pawn shop and the resulting money was used to pay for his living expenses.

Source: Tokyo man arrested for memorizing credit card info of over 1,300 customers to make purchases – TechSpot

Study highlights greater risks run by small businesses that suffer a data breach

Almost a third of consumers have said that a small business would lose their loyalty in the event of a data breach.

While no business is free from the risk of cyber-crime, larger organisations are usually more able to deal with data breach incidents, as they typically have greater finances, IT resources and expertise to invest into cyber-combat and breach recovery.

Source: #privacy: Study highlights greater risks run by small businesses that suffer a data breach

Web feature developers need to pay more attention to privacy and security

Web feature developers are being warned to step up attention to privacy and security as they design contributions.

Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy Interest Group (PING) set out a series of revisions to the W3C’s Security and Privacy Questionnaire for web feature developers.

Full article: Web feature developers told to dial up attention on privacy and security | TechCrunch

Your Private Instagram Stories Aren’t Exactly Private

A shockingly simple work-around allows your followers to share private photos and videos posted to both Facebook and Instagram.

The hack — which works on Instagram stories as well — requires only a rudimentary understanding of HTML and a browser. It can be done in a handful of clicks. A user simply inspects the images and videos that are being loaded on the page and then pulls out the source URL. This public URL can then be shared with people who are not logged in to Instagram or do not follow that private user.

Source: Your Private Instagram Stories Aren’t Exactly Private

Why Bringing Data Privacy Management To The Board Level Will Reduce Data Breaches

Learning from recent breaches and the need for a greater understanding of privacy in the enterprise, it’s time for companies to take a new, proactive approach to data management.

Making data privacy decisions in a silo is no longer enough. Organizations must now implement robust data privacy practices that also involve their board members on an operational and technical level to protect themselves and their customers’ well-being.

Source: Council Post: Why Bringing Data Privacy Management To The Board Level Will Reduce Data Breaches

1 2 3 102
>