Security News

3 years since rolling out in May 2018, there have been 661 GDPR fines issued by European data protection authorities. Spain issued the largest number of GDPR fines by far - totaling 222 fines during the last 3 years since the GDPR is in effect.

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law. "Virginia is now just the second state to pass a comprehensive privacy bill. While we're pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it. This bill has some important privacy provisions, but consumers need more practical options for controlling their data."

Fines issued for violations of the EU's General Data Protection Regulation in 2020 exceeded €170 million, or roughly $200 million. The GDPR, which requires organizations to protect the personal data and privacy of EU citizens, came into force in May 2018, and, based on publicly available information, it since resulted in fines totaling more than €250 million.

Ireland's Data Protection Commission has fined Twitter €450,000 after ruling a bug in the firm's Android app that allowed users' private messages to be publicly viewed infringed the EU's General Data Protection Regulation. "The DPC's investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure" the DPC said.

Ireland's Data Protection Commission fined Twitter €450,000 for failing to notify the DPC of a breach within the 72-hour timeframe imposed by European Union's General Data Protection Regulation and to adequately document it. "The DPC's investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach," the Irish DPC said.

Ticketmaster is claiming that the ICO's £1.25m data breach fine clears it of any responsibility for its network being infected by card-skimming malware, according to correspondence seen by The Register. Ticketmaster is insisting that it is not liable to a customer for the compromise of its network, attempting to exploit an apparent legal loophole to squeeze out of Reg reader Richard's fight for compensation.

Phishers are using a bogus GDPR compliance reminder to trick recipients - employees of businesses across several industry verticals - into handing over their email login credentials. "The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message," Area 1 Security researchers noted.

A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting. "In three iterations between 2015 and 2019, we sent subject access requests to vendors of 225 mobile apps popular in Germany. Throughout the iterations, 19 to 26 % of the vendors were unreachable or did not reply at all. Our subject access requests were fulfilled in 15 to 53 % of the cases, with an unexpected decline between the GDPR enforcement date and the end of our study," they shared.

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

The enterprise-trusted, build-to-production container security solution now includes extensive compliance reporting and enforcement for PCI DSS, GDPR, and other industry and government standards, as well as new workflows specifically designed to make it easy for DevOps teams to track critical vulnerabilities and to ensure - and prove - compliance. With a single click, DevOps teams can enable NeuVector's pre-configured compliance templates to identify any potential industry compliance issues and generate audit reports for PCI DSS, GDPR, and other stringent - and often changing - data security regulations.