Security News

Twitter scores a first for big tech after being fined €450,000 by Ireland's data watchdog for violating the EU's GDPR
2020-12-15 18:59

Ireland's Data Protection Commission has fined Twitter €450,000 after ruling a bug in the firm's Android app that allowed users' private messages to be publicly viewed infringed the EU's General Data Protection Regulation. "The DPC's investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure" the DPC said.

Twitter fined by EU data protection watchdog for GDPR breach
2020-12-15 08:34

Ireland's Data Protection Commission fined Twitter €450,000 for failing to notify the DPC of a breach within the 72-hour timeframe imposed by European Union's General Data Protection Regulation and to adequately document it. "The DPC's investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach," the Irish DPC said.

Ticketmaster: We're not liable for credit card badness because the hack straddled GDPR day
2020-11-25 11:59

Ticketmaster is claiming that the ICO's £1.25m data breach fine clears it of any responsibility for its network being infected by card-skimming malware, according to correspondence seen by The Register. Ticketmaster is insisting that it is not liable to a customer for the compromise of its network, attempting to exploit an apparent legal loophole to squeeze out of Reg reader Richard's fight for compensation.

Phishers are targeting employees with fake GDPR compliance reminders
2020-09-24 10:25

Phishers are using a bogus GDPR compliance reminder to trick recipients - employees of businesses across several industry verticals - into handing over their email login credentials. "The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message," Area 1 Security researchers noted.

The state of GDPR compliance in the mobile app space
2020-08-26 10:14

A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting. "In three iterations between 2015 and 2019, we sent subject access requests to vendors of 225 mobile apps popular in Germany. Throughout the iterations, 19 to 26 % of the vendors were unreachable or did not reply at all. Our subject access requests were fulfilled in 15 to 53 % of the cases, with an unexpected decline between the GDPR enforcement date and the end of our study," they shared.

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure
2020-08-25 09:25

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

NeuVector now offers extensive compliance reporting and enforcement for PCI DSS, GDPR
2020-08-17 23:30

The enterprise-trusted, build-to-production container security solution now includes extensive compliance reporting and enforcement for PCI DSS, GDPR, and other industry and government standards, as well as new workflows specifically designed to make it easy for DevOps teams to track critical vulnerabilities and to ensure - and prove - compliance. With a single click, DevOps teams can enable NeuVector's pre-configured compliance templates to identify any potential industry compliance issues and generate audit reports for PCI DSS, GDPR, and other stringent - and often changing - data security regulations.

Instagram Retained Deleted User Data Despite GDPR Rules
2020-08-14 13:25

"Instagram didn't delete my data even when I deleted them from my end," Pokharel told TechCrunch. The flaw was in a feature that Instagram launched in 2018 in response to the European General Data Privacy Regulation, which requires any companies operating in Europe to notify the authorities within 72 hours of confirming a data breach or face stiff financial penalties.

Oracle and Salesforce targeted in €10bn GDPR lawsuit backed by profit-making litigation fund
2020-08-14 11:20

Salesforce and Oracle are to face a GDPR lawsuit in London and the Netherlands that could cost them up to €10bn in fines, a legally aggressive privacy campaign group has claimed to The Register. Dr Rebecca Rumbul of the Privacy Collective told The Register: "We're looking at informed consent. Bluekai would collect data not just on one particular site but other sites too and then aggregate that data. The key thing is, under GDPR who is the data processor legally? You should be able to figure that out."

UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat
2020-08-05 11:25

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog - while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again, The Register can reveal. Marriott has secured an extension for fine negotiations to 30 September, having secured two already; one from January to 31 March and a second that ran through May. On top of that, the company set aside $65m to cover its proposed fine, down from the Information Commissioner's original intention to impose a £99m penalty.