Exploiting GDPR to Get Private Information

A researcher abused the GDPR to get information on his fiancee:

It is one of the first tests of its kind to exploit the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.

“Generally if it was an extremely large company — especially tech ones — they tended to do really well,” he told the BBC.

“Small companies tended to ignore me.

“But the kind of mid-sized businesses that knew about GDPR, but maybe didn’t have much of a specialised process [to handle requests], failed.”

He declined to identify the organisations that had mishandled the requests, but said they had included:

  • a UK hotel chain that shared a complete record of his partner’s overnight stays

  • two UK rail companies that provided records of all the journeys she had taken with them over several years

  • a US-based educational company that handed over her high school grades, mother’s maiden name and the results of a criminal background check survey.

Why Isn’t GDPR Being Enforced?

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices.

Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build glittering new headquarters.

Now, data-privacy experts and regulators in other countries alike are questioning Ireland’s commitment to policing imminent privacy concerns like Facebook’s reintroduction of facial recognition software and data sharing with its recently purchased subsidiary WhatsApp, and Google’s sharing of information across its burgeoning number of platforms.

This Week in Security News: Consumer Data and Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what security issues and critical threats will impact consumer data this year. Also, learn about a malicious Adobe app targeting macOS systems.

Read on: 

Keys to Safeguarding Consumer Data in 2019

Trend Micro reports that there are certain security issues which will specifically impact consumer data, including phishing and fraud attacks. 

Linksys Partners with Trend Micro for Network Protection on Velop Wi-Fi Systems

Linksys and Trend Micro have partnered to deliver a security solution for home networks to give families an added layer of digital projection.

Collaborating with Law Enforcement to Tackle the Scourge of ATM Attacks

Trend Micro contributed to a new Europol report detailing guidelines on logical ATM attacks, in support of ongoing efforts by both law enforcement and the financial industry to stop ATM abuse. 

Report: Over 59,000 GDPR Data Breach Notifications, But Only 91 Fines

Since the European Union’s General Data Protection Regulation (GDPR) came into effect in May last year, EU organizations have reported almost 60,000 data breaches, but so far fewer than 100 fines have been issued by regulators.

MacOS Malware Poses as Adobe Zii, Steals Credit Card Info and Mines Monero Cryptocurrency

Trend Micro found a malicious app posing as Adobe Zii (a tool used to crack Adobe products) targeting macOS systems to mine cryptocurrency and steal credit card information. 

Auto Engineers Warn Your Car Might be Easier to Hack Than You Think

As auto makers roll out more sophisticated features, the upgrades are also making cars more vulnerable to cyberattacks, according to a new report from the Ponemon Institute.

Managing Digital Footprints and Data Privacy

A massive data dump involving more than two billion user credentials was reported earlier this year. The ramifications of this dump is just the beginning for many of those whose data are included. 

Just Two Hacker Groups are Behind 60% of Stolen Cryptocurrency

A new report from blockchain investigation company Chainalysis reveals that just two criminal groups are responsible for around 60% of all cryptocurrency stolen from exchanges.

EU Orders Recall of Children’s Smartwatch Over Severe Privacy Concerns

For the first time, EU authorities have announced plans to recall a product from the European market because of a data privacy issue. The product is Safe-KID-One, a children’s smartwatch produced by German electronics vendor ENOX.

Do you agree phishing and fraud attacks will be the main threats impacting consumer data in 2019? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Consumer Data and Malware appeared first on .

This Week in Security News: Ransomware and Cyber Threats

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about new routines for encryption of JobCrypter ransomware. Also, understand how Emotet has managed to evolve into one of the most notorious cyber threats in existence.

Read on:

Spotted: JobCrypter Ransomware Variant With New Encryption Routines, Captures Desktop Screenshots

A variant of JobCrypter ransomware was observed by Trend Micro using new routines for encryption and features the ability to send a screenshot of the victim’s desktop to an email address. 

For Industrial Robots, Hacking Risks Are On the Rise

In the future, industrial robots may create jobs, boost productivity and spur higher wages. But one thing seems more certain for now: They’re vulnerable to hackers.

Microsoft CEO Satya Nadella made a global call for countries to come together to create new GDPR-style data privacy laws

Microsoft CEO Satya Nadella is a major proponent of the the recent European data regulation GDPR, which came into force in May 2018.

Protecting Critical Infrastructure and Roadways: How Smart Cities Create New Risks

While advanced components to support utilities, critical infrastructure, and more can bring numerous benefits, these solutions also open both urban and rural areas to new risks and cyber threats.

DHS Releases Emergency Order to Prevent DNS Hijacking

The Department of Homeland Security has issued a rare “emergency” directive ordering federal civilian agencies to secure the login credentials for their internet domain records out of concern that they could be vulnerable to cyberattacks.

As BYOD Adoption and Mobile Threats Increase, Can Enterprise Data Security Keep Up?

While most security professionals have come to embrace — or, at least, accept — bring-your-own-device (BYOD) policies, leadership still often lacks confidence in the data security of employees’ personal phones, tablets and laptops.

Going In-depth with Emotet: Multilayer Operating Mechanisms

Over a period of just five years, Emotet has managed to evolve into one of the most notorious cyber threats in existence – one that causes incidents that cost up to $1 million dollars to rectify.

Online Casino Group Leaks Information on 108 Million Bets, Including User Details

An online casino group has leaked information on over 108 million bets, including details about customers’ personal information, deposits and withdrawals. 

Google Fined €50 Million for GDPR Violation in France

France’s data protection regulator, CNIL, has issued Google a €50 million fine (around $56.8 million USD) for failing to comply with its GDPR obligations. 

Security is the no. 1 IT barrier to cloud and SaaS adoption

More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.

Millions of Financial Records Leaked at Texas-Based Data Firm

More than a decade’s worth of credit and mortgage records, many linked to some of the country’s largest banks and lenders, was temporarily exposed online.

What do you think are some other risks smart cities will create within the next years? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Ransomware and Cyber Threats appeared first on .

How UK’s GDPR law might not be judged ‘adequate’

If it has Data Protection Act’s defects, all bets are off

Comment Since 2005, I have tried to use Freedom of Information legislation to find out what is behind the “ongoing” infraction proceedings, commenced by the European Commission against the UK. This is because the UK’s Data Protection Act (DPA) is, according to the Commission, a defective implementation of Directive 95/46/EC.

So what are these defects? Should data protection practitioners know what they are?

Continue reading “How UK’s GDPR law might not be judged ‘adequate’”