Yesterday Uber’s former security chief Joe Sullivan was charged with attempting to conceal a hack from federal investigators. This hack exposed the email addresses and phone numbers of 57 million drivers and passengers. As a result the former CISO could face up to eight years in prison for not promptly disclosing to the employee and … Read more
Four members of China’s military were charged with hacking into credit reporting agency Equifax, and stealing trade secrets and the personal data of about 145 million Americans in 2017. Read more about this topic at: https://www.nytimes.com/2020/02/10/us/politics/equifax-hack-china.html
The Polish data protection authority has for the first time imposed a fine on a company for violating the General Data Protection Regulation (GDPR). The company, whose name is not mentioned, processed personal data obtained from public sources. It would be about 6 million records. The persons in question were not aware of this and … Read more
Tech giant ASUS is believed to have pushed malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines. Half a million Windows machines received a malicious backdoor through the ASUS update server, although the attackers appear … Read more
Hydro with 35,000 employees with smelting plants, factories and offices in 40 countries – globally experienced a ransomware attack since Monday was forced to switch some systems to manual operation. The ransomware used might have been the relatively new and difficult-to-detect strain, dubbed LockerGoga, which criminals use to quickly encrypt computer files, before demanding payment … Read more
Group-IB said it discovered and reported to FILA UK malware known as GMO that was active on the fashion brand’s website for the past four months – and may have sniffed the payment card information of thousands of customers placing online orders through the tainted pages.“Cybercriminals might have injected a malicious code by either exploiting … Read more
Publisher Elsevier has leaked the unencrypted passwords and e-mail addresses of users via an unsecured server. The data was accessible to everyone on the internet. How long the data was online and how many users were affected is still unclear. Security investigator Mossab Hussein discovered Elsevier’s server. It contained unencrypted passwords of users and their … Read more
Risk Based Security came out with their annual data breach report. Some highlights: – Compared to 2017, the number of reported breaches was down 3.2% and the number of exposed records was down approximately 35.9% from 7.9 billion. – The Business sector accounted for 65.8% of the records exposed followed by Unclassified at 31.8% and … Read more
An EE customer has said she was stalked by an ex-partner who worked at the firm, after he accessed her personal data without permission. She was switched to a new handset and her address and bank details were accessed. She involved the police and claims the firm EE and police did not take the dataleak … Read more
The GDPR related violations causing a penalty for Google of 50 Million euros are: 1. no transparency and information: the information provided by Google is not easily accessible for users and some information is not always clear nor comprehensive 2. not having a legal basis for ads personalization processing since the consent is not validly … Read more