fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

£100 million data breach claim against Equifax

North West based data breach and cybersecurity specialist Hayes Connor Solicitors is the first in the UK to serve a representative data breach claim in the High Court.

The action could see Equifax ordered to pay up to £100 million in compensation to its estimated 15 million UK customers affected by its 2017 data breach.

The action follows the Court of Appeal’s decision on the Lloyd v Google case on 2nd October which ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire affected population.

Source: Hayes Connor issues landmark £100 million data breach claim against Equifax | Business Up North

Cyberattacks cost small companies $200K, putting many out of business

About 43% of cyberattacks are aimed at small businesses. On average, these cost $200,000, putting 60% of these companies out of business in six months.

At the same time, though, 66% of senior decision-makers at small businesses still believe they’re unlikely to be targeted by online criminals. Similarly, 6 in 10 have no digital defense plan in place whatsoever, underscoring the need for heightened industry awareness and education across the board.

Source: Cyberattacks cost small companies $200K, putting many out of business

Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Adaptive Mobile Security has published a new report detailing SimJacker attacks and the number of countries affected. The report identified 29 countries across five continents to which mobile operators ship SIM cards vulnerable to Simjacker attacks.

The countries include Mexico, Dominican Republic, Brazil, Peru, Saudi Arabia, Iraq, Italy, Bulgaria, Nigeria, Ivory Coast and more. Of the 29 countries, customers of a total of 61 mobile operators are currently using vulnerable SIMs with S@T Browser toolkit.

Source: #Privacy: Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Study Finds Rampant Lapses in Securing Access to Sensitive Information

Sila Solutions Group, a North American technology and management consulting firm, in partnership with the Ponemon Institute, a leading research organization on data protection and emerging information technologies, today released the results of The 2019 Study on Privileged Access Security.

70 percent think it likely that privileged users within their organizations are accessing sensitive or confidential data for no discernible business need and more than half expect privilege user abuse to increase in next 12-24 months.

According to respondents, privileged access rights also regularly remain active even after a role change (30 percent). 62 percent of participants felt it likely that their organization assigns privileged access rights that go beyond an individual’s role or responsibilities. This proliferation of access is emphasized with more than 75 percent of respondents having privileged access to three or more IT resources.

Source: Sila and Ponemon Institute Study Finds Rampant Lapses in Securing Access to Sensitive Information

Organisations worldwide failing to adequately protect sensitive data in the cloud, study finds

A new global study from Thales, with research from the Ponemon Institute, has exposed an increasing disparity between the rapid growth of data stored in the cloud and an organisation’s approach to cloud security.

Although nearly half (48%) of corporate data is stored in the cloud, only a third (32%) of organisations admit they employ a security-first approach to data storage in the cloud.

Source: #Privacy: Organisations worldwide failing to adequately protect sensitive data in the cloud, study finds

Phone numbers users provided for security Twitter used for ad

Twitter revealed Tuesday that it mishandled an unspecified number of users’ email addresses and phone numbers, allowing that data to be used “inadvertently” for advertising purposes.

The incident marks the latest security mishap for the social-networking company, but one that could carry with it some legal headaches. Federal regulators penalized Facebook earlier this year for a similar situation.

Source: Twitter security mishap: Users’ phone numbers were ‘inadvertently’ used for ad purposes – The Washington Post

Former Yahoo! engineer hacked user emails for smutty snaps

Former Yahoo! software engineer has pleaded guilty in a California federal court to one count of computer intrusion after breaking into customers’ Yahoo! emails and accounts at other service providers to obtain private data, mainly sexual images and videos of account holders.

He abused his internal access at Yahoo! to hack into about 6,000 accounts in May and June last year. He then used the information he obtained to compromise other online services used by Yahoo! customers, such as Dropbox, Facebook, Gmail, and iCloud.

Source: Former! Yahoo! engineer! admits! to! hacking! user! emails! for! smutty! snaps! • The Register

Over 50% of companies have experienced a data breach

New research by Bitdefender discovered that 24% of companies have already suffered a data breach halfway through 2019.

While 57% of companies have experienced a data breach during the last years, 36% of infosec professionals stated that their companies could likely be facing a breach without knowing about it.

The security firm conducted a survey of more than 6,000 infosecurity professionals from organisations across the US, EMEA and APAC.

Source: #Privacy: Over 50% of companies have experienced a data breach

French Liberte Tested by Nationwide Facial Recognition ID Plan

France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity — whether they want it or not.

Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target. The country’s data regulator says the program breaches the European rule of consent and a privacy group is challenging it in France’s highest administrative court. It took a hacker just over an hour to break into a “secure” government messaging app this year, raising concerns about the state’s security standards.

Source: French Liberte Tested by Nationwide Facial Recognition ID Plan – Bloomberg

>