Security News

Experian has been rapped over the knuckles by the UK's Information Commissioner's Office after it discovered the credit reference agency was trading "Millions" of people's data for marketing purposes. Instead of issuing a monetary fine the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

The infrastructure reviews - published by Jisc today - took place between 2016 and 2020 and covered 118 institutions, including 59 Further Education colleges. The research went on to note that most colleges found managing the upgrade cycle of both end user kit and infrastructure "Very difficult".

The United Kingdom on Monday exposed and condemned cyberattacks that the Russian military intelligence service GRU allegedly launched against organizations involved in the 2020 Olympic and Paralympic Games that were set to take place in Tokyo this summer, but were postponed due to the COVID-19 pandemic. On Monday, the United States announced charges against six officers of the GRU, which is also said to have orchestrated the cyberattacks on the PyeongChang Winter Olympics with the Olympic Destroyer malware.

As if things were not going badly enough for the UK's COVID-19 test-and-trace service, it now seems police will be able to access some test data, prompting fears the disclosure could deter people who should have tests from coming forward. As revealed in the Health Service Journal [paywall], the Department for Health and Social Care and the National Police Chiefs' Council have agreed that officers can access test results to determine whether or not a "Specific individual" has been told to self-isolate.

The UK's data privacy watchdog on Friday slashed a fine imposed on British Airways over a cyber attack after taking into account coronavirus fallout on the embattled airline's finances. The UK Information Commissioner's Office said BA would be fined a "Record" £20 million, considerably less that the proposed amount totalling £183 million.

NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts. The server-side include vulnerability was reported by information security specialist Steven Seeley of Qihoo 360 Vulcan Team who found that it affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Server 2019.

Britain's information commissioner has fined British Airways 20 million pounds for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued. The ICO said in a statement Friday that the airline was processing personal data without adequate security measures.

Britain's National Crime Agency arrested six men in London on suspicion of laundering "Tens of millions" for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today. The six, a mixture of British and Eastern European citizens, were arrested around a year ago, said the NCA as EU police agency Europol jointly boasted of a further 14 arrests in the political bloc, the US and Australia.

announced that Minerva Elite Performance has joined its Official Training Provider programme for the UK, expanding the range of leading training organizations delivering official² certification preparation training to cybersecurity professionals in the region. As the latest² Official Training Provider in the UK, Minerva Elite Performance will deliver certification exam preparation courses taught by authorised and accredited trainers, using official² training materials and setting up students with all the resources they need to prepare for their exam and complete their journey to certification.

Hackney Council in East London has declared that it was hit by a "Cyberattack" - but both the authority and officials from the National Cyber Security Centre remain tight-lipped about what actually happened. In a statement published on the council website this morning, local mayor Philip Glanville said: "Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems."