Security News
Crypto ATMs offering cryptoasset exchange services in the UK must be registered with [the FCA] and comply with UK Money Laundering Regulations. If you're buying or selling cryptocoins via an existing payment card account or mobile phone payment system, from an ATM in a shopping centre, you'd think that the operation would be at least as trackable as any transaction involving a non-cryptocurrency account, such as a big-money purchase in a department store or luxury brand shop.
The UK's Competition and Markets Authority has invited comments from industry and interested parties about NortonLifeLock's proposed $8bn purchase of fellow infosec outfit Avast. "The CMA is considering whether it is or may be the case that this transaction, if carried into effect, will result in the creation of a relevant merger situation under the merger provisions of the Enterprise Act 2002," it said.
Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "Aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato said "Google and Apple did not provide clear and immediate information on the acquisition and use of user data for commercial purposes," adding the tech companies chose to emphasize the data collection as only necessary to improve their own services and personalize user experience without offering any indication that the data could be transferred and used for other reasons.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
Singapore's Personal Data Protection Commission has issued a fine of SG$74,000 on travel company Commeasure, which operates a travel booking website named RedDoorz that exposed 5.9 million customers' data - the largest data breach handled by the Commission since its inception. RedDoorz started life in Indonesia before moving its operations to Singapore, from where it aggregates budget hotel bookings in select Southeast Asian cities.
American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office after spamming people who opted out of its marketing emails with 4.1 million unwanted messages. "Between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organisation. Amex also did not review its marketing model following customer complaints," said the ICO in a statement.
You've probably assumed, or at least hoped, when you've handed over data during the pandemic "For the greater good of all", that the company collecting it would treat it with more than the usual amount of care. The ICO noted that immediately below the abovementioned consent checkbox was wording that said, "To comply with Government Guidance during the Covid-19 pandemic, we are collecting your name and contact details. We will store these for 21 days only before deleting them in line with GDPR regulations. Your details will not be shared with any other company or organisation."
American aviation regulators have ordered private jet operators to install software updates for Garmin collision avoidance units after multiple reports of false alarms - raising the risk of a mid-air crash. The affected Garmin products, its GTS 8000 series, generated seven false Traffic Collision Avoidance System warnings, said the US Federal Aviation Administration in a formal Airworthiness Directive published [PDF] earlier this month.
Ireland's Data Protection Commission is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. "Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality," the DPC said.