background preloader

Data breach

Facebook Twitter

All breaches of personal information should be reported to the regulator unless they are “unlikely to result in a high risk to the rights and freedoms of natural persons”
high risk’ breach to mean one which may lead to “physical, material or non-material damage” for affected individuals.


The ICO website provides a template for creating a breach log and it is important to make sure staff know how to recognise and escalate a data breach.

You should be able to demonstrate risk assessment processes behind the decision not to notify the regulator. Without this, you make yourself vulnerable to accusations that a breach was deliberately withheld to preserve reputation – which would probably be an aggravating factor if the regulator does investigate the breach. Deep Analysis of More than 60,000 Breach Reports Over Three Years. Hackers Are Winning Battles, While Victims are Gaming the Notification Laws Threat intelligence platform provider HackNotice has analyzed more than 60,000 breach reports over the last three years, and finds some disturbing results ‒ including the rate of increase in breaches and a relative decline in the number of official breach notifications.

Deep Analysis of More than 60,000 Breach Reports Over Three Years

In its analysis, shared exclusively with SecurityWeek, the company examined 67,529 breaches that were publicly reported from 2018 to 2020. The source of the reports is as follows: GDPR - To notify or not to notify? Cpomagazine. Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey. 59K Data Breaches Reported, 91 Fines Imposed Since GDPR Enactment. Singapore HIV registry data leaked online in health breach. An Astonishing 773 Million Records Exposed in Monster Breach. Guidelines on Personal Data Breach Notification. The Guardian view on privacy: a fundamental human right. The discovery of a comprehensive hack of private documents from German politicians, artists and journalists might once have been the subject of considerable outrage.

The Guardian view on privacy: a fundamental human right

Indeed, Angela Merkel’s spokesman described the attack as “very very serious” and it was not just the newspaper that first published the story which got excited. But if this was an attack on democracy, it was a remarkably indirect one. That does not make it less dangerous, but the danger is subtle and pervasive. Italian Trade Union of State Police Officers Hacked & Defaced by The Anonymous Anarchist Agency.

German politicians suffer massive hack of personal details and private commun... Bild has broken news today of a serious hack that is impacting public figures in Germany.

German politicians suffer massive hack of personal details and private commun...

The private communications, emails, contact details, mobile phone numbers, memos, and financial information of hundreds of politicians was leaked via Twitter account in the run-up to Christmas, seemingly un-noticed until now. Victims of the hack reportedly include Chancellor Angela Merkel and president Frank-Walter Steinmeier. All German political parties apart from the far right group Alternative for Germany (AfD) have been impacted. The breadth of the hack - involving not just political parties, but also journalists, comedians, and artists - suggests that this has been a co-ordinated effort by a determined group over many many months, amassing as much personal and sensitive data as possible and releasing it with an as yet unknown end goal. How did the hackers steal the sensitive information? I have no way of knowing for sure, but my best guess would be something like the following: Manchester Royal Eye Hospital patient heard other patients' messages.

Image copyright Brian Newton A man who tried to change a hospital appointment over the phone instead heard a stream of voicemail messages left by other patients.

Manchester Royal Eye Hospital patient heard other patients' messages

Brian Newton, 58, from Manchester was "shocked" to hear recordings of people giving personal data to Manchester Royal Eye Hospital. A BBC Radio Manchester journalist also heard the voicemails after calling the number Mr Newton used. Manchester University NHS Foundation Trust said it was investigating. A spokesman, who "apologised unreservedly", said the "small number" of affected patients would be contacted.

Lenovo

The Worst Hacks of 2018: Marriott, Atlanta, Quora, and More. Occupational Health & Safety. Worst Data Breaches of 2018 It seemed like data breaches were everywhere in 2018, affecting everyone from Walmart to Chili's to the U.S.

Occupational Health & Safety

Postal Service. 2018: The Year of the Data Breach Tsunami [INFOGRAPHIC] Our friends at Malwarebytes wrote: "It’s tough to remember all of the data breaches that happened in 2018.

2018: The Year of the Data Breach Tsunami [INFOGRAPHIC]

But when you look at the largest and most impactful ones that were reported throughout the year, it paints a grim picture about the state of data security today. The consequences of major companies leaking sensitive data are many. For consumers, it represents a loss of privacy, potential identity theft, and countless hours repairing the damage to devices. And it’s costly for companies, too, in the form of bad press and the resulting damage to their reputation, as well as time and money spent to remediate the breach and ensure customers’ data is well secured in the future. 66 Million Users Personal Data Exposed From Unprotected MongoDB Database - GBHackers On Security. Newly discovered unprotected MongoDB database exposed around 66 Million users records with different chapters and collection of data that looks similar as LinkedIn profiles scraped data.

66 Million Users Personal Data Exposed From Unprotected MongoDB Database - GBHackers On Security

One of the widely used methods to gather data from the Internet is called web scraping or data scraping. The term refers to the use of a variety of methods for collecting data from the Internet using software that simulates user browsing behavior. A third party database that exposed this huge record due to lack of authentication in MongoDB and the owner of the database is not identified. Piratage de la base de données Ariane : saisine de la CNIL par ministère des Affaires étrangères. GDPR: more than 8,000 data breaches notified to ICO. Elizabeth Denham revealed the number in a speech in New Zealand earlier this week.

GDPR: more than 8,000 data breaches notified to ICO

The GDPR began to apply on 25 May this year. It has introduced, for the first time, a general obligation on organisations to disclose when they have experienced a major personal data breach to data protection authorities, and in some cases to people potentially impacted by the breach too. 18 12 05 guidelines data breach en 0. 66 Million Users Personal Data Exposed From Unprotected MongoDB Database - GBHackers On Security.

How Many Times Has Your Personal Information Been Exposed to Hackers?

QUORA

UBER. Marriott. Air Canada. Cathay Pacifist c. Eurostar Data breach. BA data Breach 2018. AMAZON. RADISSON. Instagram feature accidentally leaks passwords, affected users warned to update. Tinder : des millions de données intimes vendues par un Data Broker. Could not resolve host: public.newsharecounts.comCould not resolve host: public.newsharecounts.com Les données personnelles de millions d’utilisateurs de sites de rencontre comme Tinder, OkCupid ou Match.com sont en vente libre sur le web.

Tinder : des millions de données intimes vendues par un Data Broker

Pour quelques dizaines de dollars, les informations intimes comme l’orientation sexuelle et la position géographique d’internautes peuvent être achetées en toute légalité… En s’inscrivant sur un site de rencontre comme Tinder, la plupart des internautes acceptent les conditions d’utilisation sans même les lire.

Or, cette négligence peut avoir des conséquences fâcheuses. Il faut savoir que ces sites de rencontres collectent un grand nombre de données (très) personnelles sur leurs utilisateurs : position géographique, mensurations, loisirs, passions, centres d’intérêt, photos, préférences sexuelles… Fuite de données personnelles pour Flunch. Il y a quelques jours, j’ai pu constater une fuite de données personnelles concernant plus de 50 000 Français.

Fuite de données personnelles pour Flunch

Une fuite via un espace web de l’enseigne de restauration Flunch. 53 000 dossiers accessibles en quelques clic de souris. Tout est parti du courriel d’un lecteur de ZATAZ. Ce dernier avait postulé pour un poste … d’informaticien au sein de la société. Dans le courriel automatisé de Flunch, un lien. Ce dernier codé d’une manière particulière. Pour conclure, à ma connaissance, cette possibilité d’interception n’est pas connue par des pirates informatiques.

Mise à jour : Suite à l’article, le DPO de Flunch a pris contact avec ZATAZ. Fuite de données chez Flunch : explication. Flunch : les données personnelles de milliers de particuliers accessibles à tous ? Actualisation 12.11 : Flunch a indiqué à Zataz avoir tenu une réunion de crise le 9 novembre et explique que la faille porte potentiellement sur 33.572 personnes qui se sont inscrites à l'espace emploi de l'enseigne, job.flunch.fr. Flunch, dans la même tourmente que Facebook ? Il semblerait que l'enseigne de restauration soit, elle aussi, confrontée à un scandale de données, affectant des milliers de particuliers. Selon le blog spécialisé Zataz, cette fuite de données personnelles affecterait environ 53.000 personnes et se serait produite via un espace web de la société. Data breaches you might have missed during latest Facebook ordeal.

Last week in the world of infosec, Tory MPs found their details spread online after a major data breach, while Tesco paid out £16m for a 2016 breach. There was no avoiding the enormous Facebook data breach this week, putting the social network in even more hot water at a time when it is trying to be seen as a more welcoming place online. An investigation showed that as many as 50m users accounts were breached by an access token harvesting attack, with more than 40m additional users possibly affected also. The person or group behind the breach – the largest in Facebook’s history – remains a mystery. However, those responsible would have to have been particularly skilled, given they were after access tokens.

This breach was one of a number that either came to light or were brought back into the spotlight this week. Conservative Party app leaked MPs’ personal details In a statement, the Conservative Party said: “The technical issue has been resolved and the app is now functioning securely. HSBC Bank USA Admits Breach Exposing Account Numbers And Transaction History. 750 views|Nov 6, 2018,11:10 am Davey WinderContributorOpinions expressed by Forbes Contributors are their own. I report and analyse breaking cybersecurity and privacy stories HSBC Bank informs customers of risk to personal information after breach. The 17 biggest data breaches of the 21st century. Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common.

About 3.5 billion people saw their personal data stolen in the top two of 15 biggest breaches of this century alone. Biggest data breach penalties for 2018. British Airways is facing a £500 million ($650 million) lawsuit after the payment card details of 380,000 customers were skimmed from its website and app. UK supermarket chain Morrisons is facing a large payout to its employees after payroll information of 100,000 company workers was leaked online by a disgruntled IT auditor in 2014. In October the company lost an appeal against a class action lawsuit of more than 5,000 staff but plans to take its appeal to the Supreme Court.

Un cabinet d'avocats frappé par une cyberattaque. Protenus releases its Q3 report on breaches involving health data. Protenus has released its Q3 report on breaches involving health data. As explained in their methodology, since its inception in 2016, Protenus reports have not confined themselves to just using data from HHS’s public breach tool (“The Wall of Shame”). Instead, the Protenus reports, using data compiled by DataBreaches.net, include data from incidents also involving non-HIPAA entities such as schools, businesses, and other entities. The Protenus data is also coded differently than the system HHS uses, because HHS’s “unauthorized access/disclosure” checkbox could be used to report an external hack or a rogue insider stealing data, or some other type of incident. For Q3, Protenus reports that their analyses are based on 117 incidents, compared to 110 incidents for Q1 and 142 incidents for Q2.

But while the number of incidents decreased from Q2 to Q3, the number of breached records increased from 1.1 million in Q1 to 3.1 million in Q2 to 4.4 million in Q3. Cyber Due Diligence □ sur Twitter : "Most important #data breach records 2016-2018 #SocialNetworks mostly concerned ! #yahoo the most important #adultfinder #linkedin #facebook ... Welcome #GDPR #dataprivacy #dataprotection Do not forget to notify custome.

Girl Scouts' personal information affected by recent data breach. 305 Car Registrations May Point to Massive GRU Security Breach. The Apollo Breach Included Billions of Data Points. Wanted: Data breach risk ratings, because not all breaches are equal. I recently downloaded every known, recorded data breach by the Privacy Rights Clearinghouse, which has been the most thorough and stalwart public recorder of data breaches in the United States for over two decades. The data file contained just over 8,600 data breaches. I found a few dupes and some missing or erroneous information, but overall, it’s the best public, non-profit, and free source you’re going to find.

I applaud the Privacy Rights Clearinghouse for what they’ve done.

Australian DPA

Privacy Rights Clearinghouse. Payment Card Fraud (CARD) Fraud involving debit and credit cards that is not accomplished via hacking. For example, skimming devices at point-of-service terminals. WP29 revised guidelines: personal data breach notification. There is no social license for My Health Record. Australians should reject it. Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore's worst cyber attack, Singapore News. SINGAPORE - In Singapore’s worst cyber attack, hackers have stolen the personal particulars of 1.5 million patients.

Personal data breaches. List of data breaches and cyber attacks in March 2018.