Data Breach Today

DECEMBER 23, 2020

Nuance Communications' Simon Marchand Offers Strategic Insights Data collected through customer identity and access management can play an important role in fraud investigations, says Simon Marchand, chief fraud prevention officer at Nuance Communications.

Data collection 148

Data collection Communications Access 148

Security Affairs

DECEMBER 12, 2023

North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs).

Agriculture 108

Agriculture Data collection Access Manufacturing 108

Threatpost

JULY 2, 2020

Facebook has fixed a privacy issue that gave developers access to user data long after the 90-day "expiration" date.

Access 97

Access Privacy Data collection Analytics 97

Security Affairs

MAY 11, 2019

Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities in management and access control systems from four major vendors. An attacker can exploit the vulnerabilities to gain full control of the vulnerable products and access to the devices connected to them. Pierluigi Paganini.

Access 93

Access Risk Data collection Authentication 93

Security Affairs

DECEMBER 23, 2023

Mobile virtual network operator Mint Mobile suffered a new data breach, threat actors had access to customers’ personal information. Mint Mobile experienced a recent data breach, exposing customers’ personal information to unauthorized access by threat actors.

Data breaches 118

Data breaches Data collection Passwords Access 118

Security Affairs

OCTOBER 30, 2023

On a mobile device, the WeChat and Kaspersky applications data collection methods provide considerable access to the device’s contents.” The government experts warn of considerable access to the device’s contents that both applications have.

Government 125

Government Privacy Risk Data collection 125

The Last Watchdog

JUNE 20, 2022

Additionally, filtering through these channels is made even more difficult due to language barriers, as well as gaining trust and access to these various forums. Data collections released after ransomware attacks. Hunting threats. Databases with critical IP and/or PII. The average cost for these credentials is as little as $10.

Ransomware 260

Ransomware Access Marketing Data collection 260

Security Affairs

DECEMBER 2, 2023

While WeMystic has since closed the database, researchers said that the data was accessible for at least five days. One of the data collections in the exposed instance, named “users,” contained a whopping 13.3 Businesses employ MongoDB to organize and store large swaths of document-oriented information.

Data collection 129

Data collection Risk Access IT 129

The Last Watchdog

OCTOBER 23, 2023

Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories. Agnostic security Decoupling enables rapid data access and flexibility in a distributed data lake architecture, meeting the demands of modern data management.

Data science 261

Data science Security Analytics Data migration 261

The Guardian Data Protection

JULY 20, 2022

The Chinese app is known for its aggressive data collection – but it is a fool’s errand to prove that it is a threat to the west Don’t get TechScape delivered to your inbox? has a server connection to mainland China which is run by a top 100 Chinese cyber security and data company Guizhou Baishan Cloud Technology Co Ltd.

Data collection 83

Data collection Paper Access Cloud 83

Data Protection Report

JULY 12, 2022

This time Wegmans responded, and discovered he was right, that a cloud storage container was left unsecured and open to public access, potentially exposing sensitive information. During its investigation, Wegmans found a second misconfigured container, which was also open to public access.

Passwords 105

Passwords Data collection Personal data Cloud 105

Hunton Privacy

JUNE 30, 2023

On June 27, 2023, the Council and the European Parliament reached a Political Agreement (“Political Agreement”) on the Proposal for a Regulation on harmonized rules on fair access to and use of data (the “Data Act”).

Data collection 55

Data collection GDPR IoT Marketing 55

Hunton Privacy

MARCH 1, 2024

While the pilot ended in December 2023, the Home Office will continue to have access to the data collected during the pilot until it is deleted or anonymized.

Privacy 61

Privacy Data collection Risk Access 61

DLA Piper Privacy Matters

OCTOBER 3, 2022

Given data classification and grading are mandatory requirements under the Data Security Law and Personal Information Protection Law, organisations should prioritise understanding their data collected and data processing activities within the coming months. Data classification.

Data collection 98

Data collection Personal data Access Compliance 98

The Guardian Data Protection

AUGUST 6, 2023

Data protection and digital information bill changes wording on which requests for personal data can be refused Individuals’ control over and access to their data is being undermined by a post-Brexit bill that favours big business and “shady” technology companies, a digital rights group has claimed. Continue reading.

Data collection 63

Data collection Personal data Access IT 63

IBM Big Data Hub

SEPTEMBER 12, 2023

The pilots made supply chain data directly accessible to the government, used new technologies to preserve goods’ physical integrity and considered how trusted relationships could enable certain controls to be performed by industry rather than the government.

Government 93

Government Data collection Analytics Risk 93

Data Protection Report

OCTOBER 10, 2019

On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement ) under the US Clarifying Lawful Overseas Use of Data Act 2018 ( CLOUD Act ) and the UK Crime (Overseas Production Orders) Act 2019. The Agreement does not permit private (civil) litigants to have access to this data.

Cloud 40

Cloud Access Data collection Encryption 40

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Customer Experience 281

Customer Experience Privacy Data collection Marketing 281

IBM Big Data Hub

APRIL 24, 2024

For example, they can decline to have their data shared with third parties while allowing the app to generate personalized offers. The app heavily encrypts all user financial data. Only administrators can access customer data on the backend. Even if the data is stolen in a cyberattack , hackers can’t use it.

Data Privacy 83

Data Privacy Privacy GDPR Personal data 83

eDiscovery Daily

DECEMBER 1, 2021

As a vital part of the Electronic Discovery Reference Model (EDRM) , any data collected is done so with the intent to capture it exactly as intended or as it was actively being used. This ensures the searchability and traceability of your data so it can be properly collected, indexed, and documented for use in litigation.

Computer and Electronics 76

Computer and Electronics Data collection Access IoT 76

eSecurity Planet

FEBRUARY 16, 2024

Volt Typhoon, a notorious cyber group linked to the People’s Republic of China, has expanded its operations beyond illegal access and data theft. In November 2021, the FBI disclosed a FatPipe VPN exploit that enabled backdoor access via web shells. Volt Typhoon struck again on several U.S.

Cybersecurity 113

Cybersecurity Access Security Data collection 113

Hunton Privacy

AUGUST 24, 2020

Apple’s iOS 14, which was announced by Apple in June 2020 and is scheduled for official release later this year, will require that all apps receive user consent in order to access an iPhone’s unique advertising identifier (Identifier for Advertisers, or “IDFA”) or use the IDFA to automatically track users.

Data collection 112

Data collection Privacy Access Security 112

Hunton Privacy

JULY 14, 2022

In April 2021, a security researcher informed Wegmans, a New York-based supermarket chain, that one of the company’s cloud storage containers hosted on Microsoft Azure was left unsecured and open to public access, potentially exposing customers’ personal information.

Cloud 105

Cloud Security Passwords Data collection 105

IT Governance

NOVEMBER 17, 2020

The ICO defines a personal data breach as any event that results in. the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Sending personal data to the wrong person : this includes any message sent by email, post or fax. How to avoid data breaches.

Personal data 105

Personal data Data breaches Data collection GDPR 105

Hunton Privacy

SEPTEMBER 28, 2022

Design Elements that Obscure or Subvert Privacy Choices : These dark patterns obscure consumers’ privacy choices and what those choices mean via user interfaces that: “(1) do not allow consumers to definitively reject data collection or use; (2) repeatedly prompt consumers to select settings they wish to avoid; (3) present confusing toggle settings (..)

Data collection 111

Data collection Sales Privacy Access 111

Security Affairs

MAY 17, 2023

Searchlight Cyber researchers warn of threat actors that are offering on the dark web access to energy sector organizations. The role of an initial access broker is essential in the cybercrime ecosystem, these actors facilitate the sale or exchange of compromised or stolen initial access to computer networks or systems.

Energy and Utilities 94

Energy and Utilities Sales Access Data collection 94

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR 112

GDPR Personal data Data collection Access 112

Hunton Privacy

OCTOBER 12, 2023

The white paper addresses the growing trend of localities requesting (and sometimes mandating) that data collected by the private sector be shared with the localities themselves.

Paper 64

Paper Data collection Government Privacy 64

Hunton Privacy

MAY 11, 2023

Parliament “shares the EDPB’s concerns over EO 14086’s failure to provide sufficient safeguards in the case of bulk data collection.” authorities, law enforcement authorities would be able to access data they would otherwise have been prohibited from accessing.

Data Privacy 144

Data Privacy Privacy Data collection Access 144

Data Protection Report

FEBRUARY 23, 2023

AVs currently under development can collect location data, biometric data, driver behaviour information, and information acquired through synced mobile devices (e.g., A considerable amount of the data collected by AVs could be considered personal information, and in some cases, “sensitive information.”

Privacy 85

Privacy Manufacturing Artificial Intelligence Data collection 85

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. The access was first blocked via national provider Turk Telecom (AS9121), but later other service providers applied the government restrictions. local time (8:30 p.m.

Military 110

Military Data collection Government Access 110

Hunton Privacy

OCTOBER 24, 2022

Clearview AI’s facial recognition technology collects publicly available pictures from online websites, including social media, and extracts images from videos available online. Clearview AI markets access to its image database, which consists of a search engine where a person can be searched by using a picture.

Data collection 72

Data collection Personal data GDPR Marketing 72

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach that exposed customers’ network information (CPNI), including phone numbers and calls records. T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems.

Data breaches 138

Data breaches Cybersecurity Data collection Access 138

Krebs on Security

SEPTEMBER 9, 2019

Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S.

IT 236

IT Government Military Access 236

Security Affairs

OCTOBER 17, 2023

Sandworm were observed targeting open ports and unprotected RDP or SSH interfaces to gain access to the internet-facing systems. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks. “Note (!)

Authentication 113

Authentication Passwords Data collection Communications 113

eSecurity Planet

NOVEMBER 29, 2022

In a recent study of 1,237 Chrome extensions with a minimum of 1,000 downloads, Incogni researchers found that nearly half ask for permissions that could potentially expose personally identifiable information (PII), distribute adware and malware , or even log everything users do online, including accessing passwords and financial data.

Risk 113

Risk Passwords Data collection Access 113

Schneier on Security

APRIL 4, 2024

It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise (..)

Access 123

Access IT Data collection Privacy 123