Security News

A third-party contractor running a database without password protection exposed more than 500,000 records related to vehicle seizures by the Irish National Police. The latest revelation follows a long line of stories related to various police forces in the UK all reporting data incidents in recent months.

Nearly four weeks after the Police Service of Northern Ireland published data on 10,000 employees in a botched response to a Freedom of Information request, another two men, aged 21 and 22, have been released on bail after being arrested under the Terrorism Act. On August 8, it mistakenly published a spreadsheet with the details of every serving Northern Ireland police officer online in response to a Freedom of Information request at the beginning of August.

The Irish Data Protection Commission has fined WhatsApp Ireland €5.5 million after confirming that the messaging service violated the General Data Protection Regulation. On May 25, 2018, the DPC initiated an inquiry into a potential violation of the regulation by WhatsApp following a complaint from a German data subject.

The Irish Data Protection Commission has fined Meta Platforms €390 million over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines - a €210 million fine over violations of the E.U. General Data Protection Regulation related to Facebook, and a €180 million for similar violations in Instagram.

Ireland's Data Protection Commission has levied fines of €265 million against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "Collated dataset of Facebook personal data that had been made available on the internet."

Ireland's Data Protection Commission has levied fines of €265 million against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "Collated dataset of Facebook personal data that had been made available on the internet."

The HSE did not have a Chief Information Security Officer or a "single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction. Under-resourced Information Security Managers were not performing their business as usual role but were working on evaluating security controls for the COVID-19 vaccination system.

Issued today, the report from PWC said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known to infosec: spam. Even worse, PWC said HSE personnel had spotted the WizardSpider crew behind the infection operating on HSE networks - yet "These did not result in a cybersecurity incident and investigation initiated by the HSE".

Data privacy campaign group noyb, founded by Austrian lawyer Max Schrems, has filed a complaint with the Austrian Office for the Prosecution of Corruption for a potential violation of Austrian criminal laws by the Irish Data Protection Commission. The statement goes on to claim the DPC "Engaged in procedural blackmail", justifying noyb's report of the incident to the Austrian Office for the Prosecution of Corruption.

The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published. Today, Conti released a decryptor for encrypted files but warned that they still intend to publish or sell data stolen during the attack on the HSE. To try and prevent the release of personal and potentially sensitive medical data, the HSE has received an injunction against the Conti ransomware again from the High Court of Ireland.