corrickwales + databreach   45

German Regulator Fines Firm for GDPR Failings - Infosecurity Magazine
A German privacy regulator has issued its first GDPR fine after a hacker stole unencrypted data on hundreds of thousands of customers of a local chat app.

The Baden-Württemberg Data Protection Authority (LfDI) fined Knuddels just €20,000 ($22,700) despite the firm having stored user passwords and emails in plain text.

As a result, hackers were able to make off with 330,000 legitimate credentials, publishing them in September 2018 on Pastebin and Mega.

The breach itself is thought to have been much bigger, with over 800,000 email addresses and over 1.8 million passwords stolen, although only 330,000 have been confirmed.
germany  fine  GDPR  security  encryption  enforcement  databreach  example 
6 weeks ago by corrickwales
Facebook hack affected 3 million in Europe, first big test for GDPR
Approximately 3 million Europeans were affected by a September Facebook security breach in which users' personal information was stolen, the Irish Data Protection Commission told CNBC on Tuesday.
facebook  databreach  GDPR  Ireland  IDPC  security 
october 2018 by corrickwales
Heathrow Airport Limited fined £120,000 for serious failings in its data protection practices | ICO
On 16 October 2017 a member of the public found a USB memory stick, which had been lost by a HAL employee. The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected.

Although the amount of personal and sensitive personal data held on the stick comprised a small amount of the total files, of particular concern was a training video which exposed ten individuals’ details including names, dates of birth, passport numbers, and the details of up to 50 HAL aviation security personnel.

The stick was passed to a national newspaper which took copies of the data before giving the stick back to HAL.
example  fine  BA  ICO  databreach  security  personaldata 
october 2018 by corrickwales
Cybersecurity Roundup: October 2, 2018 | Violet Blue on Patreon
Includes detailed discussion of the consequences of Facebook's data breach, affecting 50 million accounts (thanks, @violetblue )
facebook  databreach  security  dataprotection 
october 2018 by corrickwales
Security Update | Facebook Newsroom
Facebook discloses a data breach affecting tens of millions of people. If you were unexpectedly forced to re-login to Facebook today, you may be one of them.
personaldata  databreach  facebook 
september 2018 by corrickwales
Twitter warns direct messages were exposed - BBC News
Twitter has told an undisclosed number of users their private messages may have been leaked to third-parties for more than a year.

The software “bug”, which has since been fixed, involved direct messages between users and businesses that offer customer services via Twitter.
databreach  dataprotection  GDPR  twitter 
september 2018 by corrickwales
Dixons Carphone says data breach affected 10 million - BBC News
Dixons Carphone has said a huge data breach that took place last year involved 10 million customers, up from its original estimate of 1.2 million.
databreach  dataprotection  dixons  example  GDPR 
august 2018 by corrickwales
Data Breach reporting webinar
The ICO posts a recording of their data breach reporting webinar on their YouTube channel
ico  databreach  breach  webinar  GDPR  UK 
july 2018 by corrickwales
This fitness app lets anyone find names and addresses for thousands of soldiers and secret agents
Polar’s widely used fitness app endangers military personnel, intelligence operatives, and people who work at sites where nuclear weapons are stored.
locationdata  dataprotection  databreach  privacy 
july 2018 by corrickwales
Data Breach Reporting webinar | ICO | 12pm 19 July
On Thursday 19 July, we will be hosting a webinar on Data Breach Reporting. It’s aimed at Data Controllers and will give advice and guidance on how and when to report security breaches to the ICO

We will also share our experience of the first few weeks of breach reporting under the GDPR, and respond to some frequently asked questions.
databreach  GDPR  ICO  guidance 
july 2018 by corrickwales
ICO statement in response to Dixons Carphone breach announcement | ICO
ICO deciding whether to treat the Dixons breach under the 1998 or 2018 Data Protection Act
dataprotection  databreach  ICO  security  regulation  GDPR 
june 2018 by corrickwales
Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage — Krebs on Security
MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.
databreach  example 
june 2018 by corrickwales
TSB letter error 'may have broken law' - BBC News
TSB has been including other people's details in letters sent to customers about its recent IT problems
databreach  personaldata  banking 
june 2018 by corrickwales
#Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc • The Register
According to documents provided by Equifax to the US Senate Banking Committee, and revealed this month by Senator Elizabeth Warren (D-MA), the attackers also grabbed taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.
security  databreach  equifax  US  example 
february 2018 by corrickwales
Mountain of sensitive FedEx customer data exposed, possibly for years | Ars Technica
In all, Kromtech Security Center said, researchers found 119,000 scanned documents stored in a publicly available Amazon S3 bucket. The photo ID scans were accompanied by completed US Postal Service forms that included names, home addresses, and phone numbers of people who requested to have mail delivered by an authorized agent.

"Citizens from all over the world left their scanned IDs—Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia—to name a few,"
databreach  example  fedex  dataprotection  research 
february 2018 by corrickwales
EU Privacy Regulators Gang Up on Uber Over Its Data Breach | Fortune by @superglaze
On Wednesday, the [EU] regulators decided to form a task force to deal with the Uber breach, in which the company covered up the fact that hackers had stolen the details of 57 million users around the world.
uber  databreach  EU  regulation  law  example  dataprotection 
december 2017 by corrickwales

Copy this bookmark: