Security News

Ticketmaster is claiming that the ICO's £1.25m data breach fine clears it of any responsibility for its network being infected by card-skimming malware, according to correspondence seen by The Register. Ticketmaster is insisting that it is not liable to a customer for the compromise of its network, attempting to exploit an apparent legal loophole to squeeze out of Reg reader Richard's fight for compensation.

Phishers are using a bogus GDPR compliance reminder to trick recipients - employees of businesses across several industry verticals - into handing over their email login credentials. "The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message," Area 1 Security researchers noted.

A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting. "In three iterations between 2015 and 2019, we sent subject access requests to vendors of 225 mobile apps popular in Germany. Throughout the iterations, 19 to 26 % of the vendors were unreachable or did not reply at all. Our subject access requests were fulfilled in 15 to 53 % of the cases, with an unexpected decline between the GDPR enforcement date and the end of our study," they shared.

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

The enterprise-trusted, build-to-production container security solution now includes extensive compliance reporting and enforcement for PCI DSS, GDPR, and other industry and government standards, as well as new workflows specifically designed to make it easy for DevOps teams to track critical vulnerabilities and to ensure - and prove - compliance. With a single click, DevOps teams can enable NeuVector's pre-configured compliance templates to identify any potential industry compliance issues and generate audit reports for PCI DSS, GDPR, and other stringent - and often changing - data security regulations.

"Instagram didn't delete my data even when I deleted them from my end," Pokharel told TechCrunch. The flaw was in a feature that Instagram launched in 2018 in response to the European General Data Privacy Regulation, which requires any companies operating in Europe to notify the authorities within 72 hours of confirming a data breach or face stiff financial penalties.

Salesforce and Oracle are to face a GDPR lawsuit in London and the Netherlands that could cost them up to €10bn in fines, a legally aggressive privacy campaign group has claimed to The Register. Dr Rebecca Rumbul of the Privacy Collective told The Register: "We're looking at informed consent. Bluekai would collect data not just on one particular site but other sites too and then aggregate that data. The key thing is, under GDPR who is the data processor legally? You should be able to figure that out."

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog - while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again, The Register can reveal. Marriott has secured an extension for fine negotiations to 30 September, having secured two already; one from January to 31 March and a second that ran through May. On top of that, the company set aside $65m to cover its proposed fine, down from the Information Commissioner's original intention to impose a £99m penalty.

Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.

A desire to remain compliant with the European Union's General Data Protection Regulation and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. At the same time, new technologies are applying artificial intelligence and machine learning to solve HR problems like analyzing employee data to help with hiring, completing performance reviews or tracking employee engagement.