Access, Data breaches and Exercises - Information Management Today

American Airlines disclosed a data breach

Security Affairs

SEPTEMBER 20, 2022

American Airlines disclosed a data breach, threat actors had access to an undisclosed number of employee email accounts. American Airlines recently suffered a data breach, threat actors compromised a limited number of employee email accounts. SecurityAffairs – hacking, data breach).

Data breaches

Data breaches Cybersecurity Phishing Access

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Informatics Eng’g, Inc. , 3:18-cv-00969 (N.D.

Data breaches

Data breaches Computer and Electronics Security Insurance

Phish Leads to Breach at Calif. State Controller

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. A notice of breach posted by the California State Controller’s Office. Source: sco.ca.gov. .

Phishing

Phishing Data breaches Access Passwords

India Poised to Enact Digital Personal Data Protection Bill

Hunton Privacy

AUGUST 10, 2023

The final text of the DPDPB as passed has not yet been released, but India’s Ministry of Electronics & Information Technology released a description of the DPDPB’s “salient features” which include: Obligations of “data fiduciaries” ( i.e. , persons, companies and government entities who process data), including as to security safeguards, data breach (..)

Personal data

Personal data Data breaches Government Access

CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach

Hunton Privacy

DECEMBER 27, 2018

On December 20, 2018, the French data protection authority (the “CNIL”) announced that it levied a €400,000 fine on Uber France SAS, the French establishment of Uber B.V. for failure to implement some basic security measures that made possible the 2016 Uber data breach. acted as a mere data processor of Uber B.V.

Data breaches

Data breaches Personal data Security Access

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

Since then, as remote work has become more popular and accessible, that figure has likely only increased. Similarly, different nations exercise varying amounts of authority over internet traffic. While most governments won’t likely do anything nefarious with this information, it does heighten the risk of a data breach.

Communications

Communications Cybersecurity GDPR Risk

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

Urgent patching and prompt updates can protect systems from unauthorized access, data breaches, and potential exploitation by threat actors. To secure sensitive data, cybersecurity specialists, software vendors, and end users should encourage collaborative efforts against malicious activities.

Risk

Risk Authentication Systems administration Ransomware

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

Security

Security Ransomware Data breaches Cybersecurity

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

OMB Publishes Memorandum on Responding to Data Breaches

Hunton Privacy

JANUARY 5, 2017

This definition goes beyond the definition contained in many state breach notification laws by including incidents of “potential” access to PII. notifies individuals affected by a breach, using the most appropriate method of notification.

Data breaches

Data breaches Privacy Encryption Risk

Important Changes to the Singapore Data Privacy Regime

Data Matters

NOVEMBER 16, 2020

If you operate in Singapore, handle Singapore data, or maintain a server in Singapore, it is crucial that you have protocols in place to guide employees on what to do when a data breach occurs and consider doing a data breach tabletop exercise. (We NEW mandatory data breach notification requirement.

Data Privacy

Data Privacy Privacy Data breaches Personal data

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

DLA Piper Privacy Matters

AUGUST 3, 2020

This is expected to result in a strengthening of rights for data subjects while making data breach notifications mandatory and increasing penalties for noncompliance. increasing penalties to be imposed on companies for breaches of the APPI and/or administrative orders issued by the PPC. Data Breach Report.

Personal data

Personal data Data breaches Compliance Analytics

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

DLA Piper Privacy Matters

APRIL 27, 2023

Facts of the case The Bulgarian authority “National Revenue Agency” (hereinafter referred to as “ NAP ”) was target of a cyber-attack which led to unauthorized access to NAP’s information system. Among them is also the plaintiff.

Personal data

Personal data GDPR Access Data breaches

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

However, businesses that are not used to compliance with laws like the GDPR may find some of the new obligations challenging, for example, the PDPL introduces rights for individuals to access; rectify; correct; delete; restrict processing; request cessation of processing or transfer of data; and object to automated processing.

Personal data

Personal data Data breaches GDPR Compliance

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Matters

DECEMBER 2, 2020

Mandatory data breach notification (the DBN Obligation). Generally, an organization should assess whether a data breach is notifiable within 30 calendar days once it has credible grounds to believe that a data breach has occurred, or it should be prepared to provide an explanation to the PDPC.

Data Privacy

Data Privacy Privacy Data breaches Personal data

CardX released a data leak notification impacting their customers in Thailand

Security Affairs

SEPTEMBER 17, 2023

CardX recommends that customers keep track of transactions involving their accounts and exercise caution to avoid any potential fraud. As reported by Prachachat Online, CardX has taken swift action to improve its protection against unauthorized access to customer data after discovering a leak of personal information.

Cybersecurity

Cybersecurity Access Security IT

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? Best of all, it's about prevention rather than cure.

Data breaches

Data breaches Personal data GDPR Data collection

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

The good news is that the New SCCs allow companies to take a risk-based approach when making assessments on whether a third country’s access laws and practices provide adequate protection for personal data. Module 4, clause 8.2 ); (d) the timeframe within which importer controllers mist deal with data subject rights.

Personal data

Personal data GDPR Data breaches Access

100,000 ChatGPT Accounts Hacked in Malware Attack

IT Governance

JUNE 22, 2023

Once inside users’ systems, criminal hackers can access previous conversations and prompts, which may reveal valuable information. This data breach is the latest in a series of security concerns regarding machine learning tools. Crooks can pay $75 (about £58) to access the malware for a week or $200 (£156) for a month.

Passwords

Passwords Data breaches Risk Government

AT&T Enters into Largest Data Breach Settlement with FCC to Date

Hunton Privacy

APRIL 8, 2015

(“AT&T”) stemming from allegations that AT&T failed to protect the confidentiality of consumers’ personal information, resulting in data breaches at AT&T call centers in Mexico, Colombia and the Philippines.

Data breaches

Data breaches Privacy Compliance Communications

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Cyber criminals continued to wreak havoc, with the likes of Twitter , Uber and Neopets all reporting mammoth data breaches. In total, we have so far reported more than 1,000 data breaches in 2022, with almost half a billion breached records. Did anyone purchase the apparently stolen data? All my apes gone.

Security

Security Data breaches Ransomware Military

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

JANUARY 2, 2019

The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners.

Insurance

Insurance Cybersecurity Data breaches Encryption

Hackers breached one of Comodo Forums, 245,000 users impacted

Security Affairs

OCTOBER 1, 2019

Hackers breached the ITarian Forum, the Comodo discussion board and support forums, accessing login credentials of nearly 245,000 users registered with the Comodo Forums websites. SecurityAffairs – vBulletin, data breach). Comodo has not specified which of its two forums has been hacked. ” recommends Comodo.

Passwords

Passwords Data breaches Encryption Access

The Evolving Cybersecurity Threats to Critical National Infrastructure

Thales Cloud Protection & Licensing

OCTOBER 23, 2023

However, simple actions like adopting multi-factor authentication (MFA) or encrypting sensitive data everywhere should be exercised throughout the year and not just during that month. Download the full Thales 2023 Data Threat Report for the Critical Infrastructure for more information.

Energy and Utilities

Energy and Utilities Cybersecurity Ransomware Authentication

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

Data Matters

APRIL 30, 2019

Six months after imposing the largest ever HIPAA fine ($16 million) following a HIPAA data breach, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) has announced that it is exercising its enforcement discretion to lower maximum annual HIPAA penalties. New Annual HIPAA Penalty Tiers.

Data breaches

Data breaches Privacy Government Access

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

Article 30 of the GDPR requires data controllers and processors to maintain a record of processing activities. Data transfer to third party processors and contractual provisions for lawful processing. Notification processes in the event of personal data breach. Step 3: Breach Response.

GDPR

GDPR Compliance Data collection Privacy

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. Similarly, the personal data of more than 750,000 web users had been retained for five to ten years from the date of their last order.

GDPR

GDPR Personal data Data collection Marketing

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR applies to any organization that processes the personal data of European residents, regardless of where that organization is based. Ensure third-party partners are compliant Controllers are ultimately responsible for the personal data that they collect, including how their processors, vendors, and other third parties use it.

GDPR

GDPR Compliance Personal data Privacy

What is data loss and how does it work?

IT Governance

OCTOBER 6, 2020

Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). Data loss can also occur when devices suffer water (or other liquid) damage.

IT

IT Computer and Electronics Data breaches Risk

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

The website offers any kind of fitness articles, exercises, workouts, and supplements. The company confirmed it has no evidence that personal customer information was accessed or misused, as a precautionary measure the company is notifying all current and former users and customers. ” continues the data breach notification note.

Passwords

Passwords Security Retail Personal data

Red Team vs Blue Team: What’s the Difference?

IT Governance

JULY 13, 2023

In these exercises, the red team faces off against their counterparts, the blue team, in a battle to control a particular asset. That could be sensitive data, financial records, communication channels or the organisation’s infrastructure itself. While the red team is on the attack in these exercises, the blue team is playing defence.

Phishing

Phishing Passwords Communications Security

How SMEs can improve their data protection practices

IT Governance

SEPTEMBER 25, 2019

Phishing attacks are often used to deliver ransomware , which locks users out of their system until they pay money, often in bitcoin, to regain access. That’s a problem because when one organisation’s database is breached, criminals will use the same email and password combination for other sites. Preventing data breaches.

Data breaches

Data breaches Phishing Passwords Ransomware

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

Health data access. The regulations are to provide additional controls and procedures around the processing of health data, to ensure the preservation of privacy of its owners. Credit data access. Some of these steps include: Conduct a data mapping exercise.

Personal data

Personal data Compliance Computer and Electronics IoT

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The DPO must be invited to strategic meetings and requested to provide advice on all processing where his/her intervention or presence must be systematic, notably in case of evolution of processing, conduct of a data protection impact assessment(“DPIA”), revision of existing privacy policies or drafting of new policies, data breaches etc.

GDPR

GDPR Compliance Personal data Communications

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The organization offers data subjects easy ways to exercise their rights. Organizations must give data subjects a simple means of asserting their rights over their data. The right to data portability: Subjects have the right to transfer their data, and controllers and processors must facilitate these transfers.

GDPR

GDPR Compliance Personal data Privacy

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

NOVEMBER 16, 2018

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister. The ones that affected the unencrypted personal data of 4.2

Encryption

Encryption Risk Passwords Government

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

AB 375 goes beyond the ballot initiative by adding requirements for businesses that collect personal information (as defined in the bill) from consumers to delete such information on request as well as to provide access to specific pieces of personal information collected. law, consumers and the marketplace have been comfortable with to date.

GDPR

GDPR Privacy Sales Data breaches

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Attackers hacked support agent to access Microsoft Outlook email accounts. Gnosticplayers round 5 – 65 Million+ fresh accounts from 8 security breaches available for sale. Locked Shields 2019 – Chapeau, France wins Cyber Defence Exercise. Blue Cross of Idaho data breach, 5,600 customers affected. Kindle Edition.

Security

Security Computer and Electronics Sales Data breaches

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

Also in January, the ICO (Information Commissioner’s Office) fined Carphone Warehouse £400,000 – one of the largest fines it issued under the DPA (Data Protection Act) 1998 – for multiple security inadequacies that led to a 2015 data breach in which three million customers’ personal data was compromised.

Data breaches

Data breaches Personal data Access GDPR

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

Unfortunately for those of us indulging in wishful thinking, the likelihood and costs of data breaches continue to increase. The Ponemon Institute estimates that data breach costs rose to an average cost of $4.24 Or as is often the case with security, what costs can we skip and still escape big penalties later?

Insurance

Insurance Ransomware Data breaches Cloud

Where does data flow mapping fit into your GDPR compliance project?

IT Governance

MAY 9, 2018

If any personal data is unaccounted for, you are not only at risk of a data breach but are also non-compliant with Article 30 of the GDPR, which requires organisations to maintain detailed records of their data processing activities and make those records available to their supervisory authority upon request.

GDPR

GDPR Compliance Personal data Paper

The benefits of outsourcing your DPO

IT Governance

AUGUST 7, 2018

Advise on the necessity of a data protection impact assessment, the manner of its implementation and outcomes. Provide guidance on data breach monitoring, management and reporting.

GDPR

GDPR Personal data Data breaches Compliance

NHS Digital release GDPR guidance for health and social care

IT Governance

FEBRUARY 12, 2018

Data protection impact assessments (DPIAs) will be required for high-risk data processing. In most cases, organisations will not be able to charge for subject access requests (SARs). Book your place now>> Certified EU GDPR Practitioner Training Course.

GDPR

GDPR Compliance Data breaches Risk

Article 28 Standard Contractual Clauses

DLA Piper Privacy Matters

JUNE 10, 2021

The notifications also need to be accompanied by sufficient information to enable the right to object to actually be exercised. The new terms make clear that flow-down of data protection clauses to the sub-processor should be the same “in substance” – it does not need to be the exact wording from the main contract.

Personal data

Personal data GDPR Compliance Data breaches

American Airlines disclosed a data breach

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Trending Sources

Phish Leads to Breach at Calif. State Controller

India Poised to Enact Digital Personal Data Protection Bill

CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

OMB Publishes Memorandum on Responding to Data Breaches

Important Changes to the Singapore Data Privacy Regime

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

UAE: Federal level data protection law enacted

Guidelines Published for Changes to the Singapore Data Privacy Regime

CardX released a data leak notification impacting their customers in Thailand

Fixing Data Breaches Part 2: Data Ownership & Minimisation

A deeper dive into the new Standard Contractual Clauses

100,000 ChatGPT Accounts Hacked in Malware Attack

AT&T Enters into Largest Data Breach Settlement with FCC to Date

2022 Cyber Security Review of the Year

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hackers breached one of Comodo Forums, 245,000 users impacted

The Evolving Cybersecurity Threats to Critical National Infrastructure

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

Guest Post - Three Critical Steps for GDPR Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

How to implement the General Data Protection Regulation (GDPR)

What is data loss and how does it work?

Bodybuilding.com forces password reset after a security breach

Red Team vs Blue Team: What’s the Difference?

How SMEs can improve their data protection practices

Saudi Arabia’s New Data Protection Law – What you need to know

France: The CNIL publishes a practical guide on Data Protection Officers

GDPR compliance checklist

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

California Enacts Broad Privacy Laws Modeled on GDPR

Security Affairs newsletter Round 210 – News of the week

Weekly podcast: 2018 end-of-year roundup

How to Develop an Incident Response Plan

Where does data flow mapping fit into your GDPR compliance project?

The benefits of outsourcing your DPO

NHS Digital release GDPR guidance for health and social care

Article 28 Standard Contractual Clauses

Stay Connected