Polish privacy authority imposes first GDPR fine

The Polish data protection authority has for the first time imposed a fine on a company for violating the General Data Protection Regulation (GDPRG). The company, whose name is not mentioned, processed personal data obtained from public sources. It would be about 6 million records. The persons in question were not aware of this and were not informed by the company. “As a result, the data administrator has deprived them of the opportunity to exercise their rights,” said Urzad Ochrony Danych Osobowych, the Polish privacy regulator. He imposed a fine of 220,000 euros on the company.

Read more about this topic at: https://www.ceelegalblog.com/2019/03/pln-1-million-fine-for-gdpr-violation/?

Millions of Facebook passwords exposed to FB employees

The passwords of millions of Facebook users were accessible by up to 20,000 employees of the social network. Security researcher Brian Krebs broke the news about data protection failures, which saw up to 600 million passwords stored in plain text. Most of the people affected were users of Facebook Lite, which tends to be used in nations where net connections are sparse and slow.

Read more about this topic at: https://www.bbc.com/news/technology-47653656

ICO fines Kent pensions for sending nearly 2 million spam emails

Grove Pension Solutions Ltd which relied on ‘misleading’ professional advice has been fined £40,000 by the Information Commissioner’s Office for being responsible for sending nearly two million direct marketing emails without consent. The ICO has fined the pensions company under PECR.

Read more about this topic at: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/03/ico-fines-kent-pensions-company-for-sending-nearly-2-million-spam-emails/

AI in battle with GDPR?

AI enables computers to make intelligent decisions in order to perform diverse tasks while operating to learn by collecting, processing, and linking huge amounts of data, of which a large part might be personal data. Also called machine learning, this principle simply means that the more data that is available to be consumed, the better and more credible the AI is. On the other hand, this massive collection of data on which the AI relies on, is problematic from a privacy perspective. That is why the EU has put these activities under a data protection microscope with the GDPR. Questions rise:

– How data is protected and processed?
– Is access given to this information to any party?
– How to organize human intervention?
– What about the data rights of the subject?
– How to withdraw consent?
– How to implement the requirements of the GDPR into AI?

Read more about this topic at: https://brusselstalking.blog/2019/03/07/ai-vs-gdpr-finding-the-balance-between-ethics-and-innovation/

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

Tech giant ASUS is believed to have pushed malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines. Half a million Windows machines received a malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.

Read more about this topic at: https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers

European Parliament approves copyright rules

Platforms like YouTube and Facebook to a set of new obligations to strike licensing deals and face new obligations to monitor their sites for any copyright-infringing content and removing any that falls under those licensing deals.. “Today’s vote ensures the right balance between the interests of all players — users, creators, authors, press — while putting in place proportionate obligations on online platforms,” the Commission said after the vote. “The Directive will improve the position of creators in their negotiations with big platforms which largely benefit from their content.”

Read more about this topic at: https://www.politico.eu/article/european-parliament-approves-copyright-reform-in-final-vote/

Concerned citizens call the European Parliament on Article 13

In the past two weeks, more than 1200 citizens have called European Members to convince them to vote against the proposed new copyright rules. They did this via the website Pledge2019.eu, a campaign website.

With less than two weeks to go to the final vote only the European Parliament can stop the upload filter. On the upload filter in the European Parliament, more than 100 Members of the European Parliament have declared through Pledge2019 to vote against Article 13 of the proposed copyright directive.

Read more about this topic at: https://pledge2019.eu/en

Aluminium maker defends itself against ransomware with manual plan

Hydro with 35,000 employees with smelting plants, factories and offices in 40 countries – globally experienced a ransomware attack since Monday was forced to switch some systems to manual operation. The ransomware used might have been the relatively new and difficult-to-detect strain, dubbed LockerGoga, which criminals use to quickly encrypt computer files, before demanding payment to unlock them.

Read more about this topic at: https://www.wired.co.uk/article/norsk-hydro-cyber-attack

Dataleak: Fila UK formjacked with malicious code in payment process

Group-IB said it discovered and reported to FILA UK malware known as GMO that was active on the fashion brand’s website for the past four months – and may have sniffed the payment card information of thousands of customers placing online orders through the tainted pages.“Cybercriminals might have injected a malicious code by either exploiting a vulnerability of Magento CMS, used by FILA.co.uk, or simply by compromising the credentials of the website administrator using special spyware or cracking password with brute force methods.

Threat actors were able to compromise 4,800+ websites every month during 2018 according to a Symantec Report, using injected JavaScript code to steal payment information such as debit and credit cards from customers of eCommerce sites. The most high-profile formjacking attacks were against British Airways and Ticketmaster, but according to Symantec cyber criminals who used this technique also got a huge chunk of their illicit earnings from smaller online retailers who accept payments from their customers via online portals.

Read more about this topic at: https://vmvirtualmachine.com/hackers-cop-a-fila-thousands-of-uk-card-deets-after-slinking-onto-clothing-brands-servers-%E2%80%A2-the-register/