fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Security"

Facebook app developers leaked millions of user records on cloud servers

Facebook app developers left hundreds of millions of user records exposed on publicly visible cloud servers.

The larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said.

A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 passwords apparently used for the app, rather than directly for Facebook.

Source: Facebook app developers leaked millions of user records on cloud servers, researchers say – The Verge

Facebook staff ‘flagged Cambridge Analytica fears earlier than thought’

Facebook employees raised concerns about Cambridge Analytica’s data-scraping practices three months earlier than thought, according to US court documents.

A US-based employee warned colleagues about the activity in September 2015. Facebook had said it previously discovered the improper sharing of data on 87 million people three months later, in December 2015. The firm said the September concerns related to a separate matter.

Source: Facebook staff ‘flagged Cambridge Analytica fears earlier than thought’ – BBC News

Children’s identity theft on rise

Cyber criminals are hacking into sensitive networks to steal the identities of children and are selling it on in underground market places.

Personal information is leaked in data breaches all the time, but what makes the data on children so useful to cyber criminals is how they don’t have any credit history – so they offer a free pass for fraudulent purchases, loans and other transactions without the barriers that might be associated with data belonging to adults.

Source: The latest dark web cyber-criminal trend: Selling children’s personal data | ZDNet

Cyber-attack costs spiral to over £25m for aluminium manufacturer

The hacking campaign that hit Norwegian aluminium producer, Hydro has already cost the company in excess of £25m.

A number of the firm’s smelting plants were brought to a standstill, while operations were redirected through alternative channels as bosses struggled with the cyber-attack. Most of the money has been lost through the company’s Extruded Solutions division which manufactures aluminium facades.

Source: Cyber-attack costs spiral to over £25m for aluminium manufacturer

Europe introduces IoT Cybersecurity standard

ETSI, the European Telecommunications Standards Institute has released a new cybersecurity standard for consumer Internet of Things devices in February 2019 (TS 103 645). These rules are intended to apply to consumer devices that are connected to network infrastructures.

The standard describes thirteen recommendations to realise the goal of ensuring safer IoT devices and to bridge the safety gap. The standard is not mandatory and remains a good practice document.

Source: Europe – Keeping your connected devices secure: Europe introduces IoT Cybersecurity standard

How to report a data breach under GDPR

Data breach notification requirements are now mandatory and time-sensitive under GDPR.

While the details of what an organization needs to report in the event of a breach is defined within the legislation, when to report a data breach and which authority you should report the incident to are not as clear.

Read full article: How to report a data breach under GDPR

Silicon Valley – Not Governments – Will Kill Encryption

It is Silicon Valley that will roll back the protections of encryption, not for the needs of governments to combat terrorists and criminals, but for their own profit-minded needs to continue mining, monetizing and manipulating their users.

The growing popularity of end-to-end encryption threatens to upend this uneasy truce between digital security and the ability of web companies to mine our personal data.

Full article: Silicon Valley – Not Governments – Will Kill Encryption

DLA Piper and its insurers clash over multi-million NotPetya payout

Multinational law firm DLA Piper was hit in the crossfire as Russia-backed ransomware spread, and Hiscox is reportedly declining to pay up citing an “act of war”.

DLA Piper has started proceedings against Hiscox, saying that the insurance firm has failed to pay out for the damages and costs associated with the NotPetya attack – a claim which may amount to several million pounds.

Source: DLA Piper and its insurers clash over multi-million NotPetya payout

61% of CIOs say employees are maliciously leaking data

A study of the root causes of insider breaches has found that 61% of IT leaders believe that employees have maliciously risked data in the last 12 months.

However, the research, which involved input from more than 250 US and UK IT leaders and 2,000 US and UK-based employees, found that employees had a very different view of the situation.

92% of employees said they had not accidentally leaked company data, while 91% said they had not done so intentionally. This suggests that employees may be unaware of being the perpetrators of insider breaches.

Source: Insider breaches: 61% of CIOs say employees are maliciously leaking data

With facial recognition, shoplifting may get you banned in places you’ve never been

There are hundreds of stores using facial recognition – none that have any rules or standards to prevent abuse.

With facial recognition, getting caught in one store could mean a digital record of your face is shared across the country. Stores are already using the technology for security purposes and can share that data – meaning that if one store considers you a threat, every business in that network could come to the same conclusion. One mistake could mean never being able to shop again.

Full article: With facial recognition, shoplifting may get you banned in places you’ve never been – CNET

>