Security News
Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy.
Worse still, the company responsible for keeping that data secure decided to keep quiet about the intrusion, with the company CEO apparently deciding that he could get away with hiding the breach from the authorities as long as no publicly visible harm came of it. The police have established that the suspect currently resides abroad. For this reason, he was remanded in absentia.
Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. KLM's official Twitter account confirmed the attack and told one of the impacted customers that "The attack was blocked in time and no miles were charged."
France's data protection authority has fined Apple €8,000,000 for collecting user data for targeted advertising on the App Store without requesting or securing the user's consent. "The CNIL services found that under the old version 14.6 of the operating system of the iPhone when a user visited the App Store, identifiers used for several purposes, including personalization of ads on the App Store, were by default automatically read on the terminal without obtaining consent." - CNIL. CNIL suggests that Apple could keep the option "Buried" in the settings menu as long as it prompted the user to consent to App Store tracking upon the device's first setup, which wasn't the case in iOS 14.6.
France's privacy watchdog has imposed a €60 million fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés noted that users visiting the home page of its Bing search engine did not have a "Mechanism to refuse cookies as easily as accepting them."
Clearview AI does not have a legitimate interest in collecting and using this data either, particularly given the intrusive and massive nature of the process, which makes it possible to retrieve the images present on the Internet of several tens of millions of Internet users in France. The seriousness of this breach led the CNIL chair to order Clearview AI to cease, for lack of a legal basis, the collection and use of data from people on French territory, in the context of the operation of the facial recognition software it markets.
A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. Users still face problems due to app and content providers routing traffic through the impacted paths.
On Tuesday, the European Court of Justice issued rulings that limit indiscriminate data retention in France and Germany. The ECJ determined [PDF] that EU law disallows national legislation that requires indiscriminate retention of telecom traffic and location data to fight crime and protect public safety.
The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation laws in the country, almost a month after a similar decision was reached in Austria. Of the data protection decree, which govern the transfers of personal data to third countries or international entities.