fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Security"

Bulgarian DPA fines bank €500,000 for data breach

Bulgaria’s data protection authority (DPA) – Commission for Personal Data Protection – has imposed a 1 million levs (about 500,000 euro) fine on DSK Bank for a data breach that impacted upon more than 33,000 of its clients.

During the course of its month-long investigation the DPA has found that DSK Bank did not apply the relevant technical and organisational measures in order to ensure the protection of the personal data of individuals and third persons connected to them.

Source: Personal Data Protection Commission

Microsoft: Using multi-factor authentication blocks 99.9% of account hacks

Old advice like “never use a password that has ever been seen in a breach” or “use really long passwords” doesn’t really help.

Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service.

Source: Microsoft: Using multi-factor authentication blocks 99.9% of account hacks | ZDNet

Dutch regulator sees potential privacy breach in Microsoft Windows

Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said on Tuesday.

The DPA said it had found the practices while it was testing privacy protection changes in Windows made last year by Microsoft at the agency’s request.

Source: Dutch regulator sees potential privacy breach in Microsoft Windows – Reuters

UK hacker must pay back £922k after cyber-attack spree

An English cyber-criminal who carried out targeted computer attacks on more than 100 firms from his UK base has been forced to pay back a stolen cryptocurrency haul worth £922.978.14, news reports reveal.

Argos, Uber and Sainsbury’s were among the victims of Mr Grant West, who was jailed for fraud for an elaborate hacking spree which duped company insiders into exposing huge swathes of confidential data.

Source: #privacy: UK hacker must pay back £922k after cyber-attack spree

Sharing your pet photos can lead to loss of privacy

People are hyper-vigilant these days about protecting their personal information, all the little details about themselves that can lead to stalking or harassment online.

But there’s one mistake they’re repeating so often it’s deserving of its own special reminder: leaving their home addresses and phone numbers exposed in photos of their beloved pets.

Full article: Stop Doxing Yourself With Your Pet Photos

Anonymisation does not work for big data

Recently, well-publicised research by data scientists at Imperial College in London and Université Catholique de Louvain in Belgium as well as a ruling by Judge Michal Agmon-Gonen of the Tel Aviv District Court have highlighted the shortcomings of outdated data protection techniques like “Anonymisation” in today’s big data world.

Anonymisation reflects an outdated approach to data protection developed when the processing of data was limited to isolated (siloed) applications prior to the popularity of “big data” processing that involves widespread sharing and combining of data.

Source: Anonymisation does not work for big data due to lack of protection for direct & indirect identifiers and easy re-identification vs pseudonymisation

Malware that can record computer screens discovered

A new malware has been discovered that is able to record the screen of an infected machine and identify a user who is viewing porn.

Researchers at IT security company ESET, first observed the malware dubbed “Varenyky” in May 2019. A month later, researchers saw the first malicious document infecting a victim’s computer which had been attached to an email message.

Source: #privacy: Malware that can record computer screens discovered

On privacy impact assessment and leaking data of millions of users

Anonymizing location data is hard. If you absolutely need to do this, better consult someone knowledgable.

Privacy impact assessments should not conform to fixed templates. These should be strict, technical analyses.

Full article: On privacy impact assessment and leaking data of millions of users

Tech giants unite to launch data security consortium

Big tech firms including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft and Red Hat have announced they are to create the Confidential Computing Consortium in a bid to boost security for data in use.

Founded by the Linux Foundation, the group will seek to unite hardware vendors, developers, open source experts and other leading organisations to help safeguard the confidentiality of computing, improve open source standards and instil better standards around data protection.

Source: #privacy: Tech giants unite to launch data security consortium

How hackers can use stolen fingerprints

Hackers could use a stolen fingerprint to break into a fairly rudimentary security system. A more advanced system might be possible, too, if they have lots of time and money at their disposal.

There are multiple ways to fool fingerprint readers. Stolen fingerprints are more helpful to hackers if they also have metadata – associated identities and login information, since two-factor security systems often require both conventional passwords and fingerprint scans.

Full article: How criminals might use stolen fingerprints.

>