Krebs on Security

JUNE 18, 2020

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.

IT 343

IT Archiving Personal data Access 343

DLA Piper Privacy Matters

SEPTEMBER 4, 2020

They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data [2]. The CNIL’s Guidelines apply to all private companies and public organizations processing personal data. An organization based on the personal data lifecycle.

Personal data 95

Personal data Archiving GDPR Government 95

Security Affairs

SEPTEMBER 20, 2021

The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand. The good news is that no financial data was contained in the database.

Honeypots 138

Honeypots Archiving Personal data Cybersecurity 138

Security Affairs

APRIL 12, 2021

A threat actor has put for sale on a popular hacker forum an archive containing data purportedly scraped from 500 million LinkedIn profiles , with another 2 million records leaked as a proof-of-concept sample by the post author. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn.

Data breaches 96

Data breaches IT Sales Phishing 96

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data 40

Personal data GDPR Access Marketing 40

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that an organisation deletes any personal data related to them.

GDPR 105

GDPR Personal data Compliance Government 105

Hunton Privacy

JUNE 11, 2019

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Personal data 104

Personal data Security GDPR Archiving 104

Data Protection Report

NOVEMBER 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 The infraction related to the over retention of personal data. Infringement of deletion obligations.

GDPR 106

GDPR Personal data Records Management Archiving 106

Security Affairs

APRIL 6, 2023

Phishers also use to share stolen personal data with their subscribers. Contents of a free phishing kit archive Paid phishing pages and data, as well as phishing-as-a-service (PhaaS) subscriptions. Crooks use Telegram channel to offer paid phishing content and data. User personal data for sale.

Phishing 97

Phishing Sales Archiving Personal data 97

DLA Piper Privacy Matters

MARCH 8, 2021

Unlike Europe, the Personal Data (Privacy) Ordinance ( “PDPO” ) in Hong Kong does not have a stand-alone “right to be forgotten” ( “RTBF” ). Author: Carolyn Bigg. However, over the past few years, there were commentaries suggesting that there is some basis under Hong Kong law that RTBF exists. You may read the full ruling here: [link].

Personal data 83

Personal data Data Privacy Archiving Privacy 83

Security Affairs

FEBRUARY 27, 2023

It has been estimated that crooks have stolen the sensitive data of millions of individuals. Tens of millions of privacy-sensitive personal data have fallen into the hands of criminals as a result of this theft and trade.” ” reads the press release published by the Dutch Police.

Personal data 98

Personal data Access Archiving Passwords 98

DLA Piper Privacy Matters

NOVEMBER 6, 2019

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR).

GDPR 98

GDPR Personal data Archiving Compliance 98

Security Affairs

APRIL 3, 2021

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. All 533,000,000 Facebook records were just leaked for free.

Personal data 138

Personal data Archiving Passwords Privacy 138

Hunton Privacy

OCTOBER 1, 2021

On September 27, 2021, the European Data Protection Board (“EDPB”) announced that it had adopted an opinion on the European Commission’s draft adequacy decision for the Republic of Korea (the “Opinion”). The EDPB also identified certain aspects of the Korean data protection framework that require further examination and clarification.

Personal data 101

Personal data GDPR Archiving Security 101

Security Affairs

NOVEMBER 2, 2020

million) for multiple data breaches suffered by the company since 2018 that exposed the personal information of its customers. “The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.” million ($23.5

Data breaches 130

Data breaches Personal data GDPR Encryption 130

Security Affairs

MARCH 1, 2020

The credentials for the company archive were stored in plain text on an unprotected web server. Straffic notified the incident to the impacted users, it added that the data leak was the result of a “security vulnerability” in one of its servers. ” reads a notice published by the company. gitignore ).”

Marketing 129

Marketing Archiving Data breaches Personal data 129

The Last Watchdog

APRIL 1, 2020

Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier. A robust data archiving strategy puts data into tiers, Lahiri says.

Government 149

Government Cybersecurity Archiving Access 149

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Archiving 137

Archiving Passwords Data collection Sales 137

Hunton Privacy

NOVEMBER 6, 2019

On November 5, 2019, the Berlin Commissioner for Data Protection and Freedom of Information (“the Berlin Commissioner,” Berliner Beauftragte für Datenschutz und Informationsfreiheit ) announced that it had imposed a fine of €14.5 After the inspection of 2017, Deutsche Wohnen SE improved its archiving system.

GDPR 79

GDPR Archiving Personal data Insurance 79

Security Affairs

FEBRUARY 29, 2020

Not only Maze ransomware gang, the operators behind Sodinokibi Ransomware allegedly leaked the data of Kenneth Cole Productions. The operators behind Sodinokibi Ransomware have published the download links to archives containing data allegedly stolen from the US firm Kenneth Cole Productions. Kenneth Cole Productions, Inc.

Ransomware 119

Ransomware Personal data Archiving Marketing 119

AIIM

APRIL 27, 2021

Step 2: Classify Your Data. Data classification is key to ensuring information security and compliance by accurately mapping and segmenting sensitive data. It also reduces storage costs by eradicating ROT data. By exploiting AI and Machine Learning, data can automatically be classified based on the business rules you set.

Cloud 190

Cloud ROT Metadata Content services 190

Security Affairs

NOVEMBER 29, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. Many users of the customer support system are Okta administrators.

Authentication 115

Authentication Cloud Access Archiving 115

Security Affairs

DECEMBER 5, 2020

The Egregor ransomware operators published 1% of the alleged stolen data as proof of the attack. The archive is 32.7MB in size and contains 184 files. Randstad published a data breach notification to disclose the incident and confirmed that the Egregor ransomware infected its systems. Source Bleeping Computer. ” . .

Ransomware 124

Ransomware Data breaches Archiving Personal data 124

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. telephone call listening/recording.

Personal data 71

Personal data GDPR Compliance Archiving 71

IT Governance

NOVEMBER 12, 2018

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Your retention periods should be based on two key factors: the purpose for processing the data, and any legal or regulatory requirements for retaining it. What to do with data past the retention period.

GDPR 96

GDPR Personal data Paper Archiving 96

IT Governance

JUNE 6, 2023

Welcome to our June 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. File Archive in the Browser scam exploiting ‘.zip’ With this phishing attack, you simulate a file archiver software (e.g.

Phishing 98

Phishing Archiving Risk Education 98

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies.

GDPR 91

GDPR Personal data Data collection Marketing 91

IT Governance

JANUARY 3, 2023

But for the very same reasons, a December data breach can be the worst possible scenario. Hackers selling personal data patients from a Tamil Nadu Hospital (150,000). Cyber attack on NZ’s largest insurer of doctors MAS may have exposed members’ personal data (unknown). Social Blade admits to being hacked (unknown).

Data breaches 115

Data breaches Ransomware e-Discovery Insurance 115

Security Affairs

MARCH 9, 2020

. “In a new post by the Sodinokibi operators to their data leak site , we can see that attackers are not only publishing victim’s data but also sifting through it to find damaging information that can be used against the victim.” “It is only a small part of your data and it’s in for now.

Ransomware 117

Ransomware Archiving Personal data IT 117

IBM Big Data Hub

MAY 28, 2024

Virtually every organization recognizes the power of data to enhance customer and employee experiences and drive better business decisions. Yet, as data becomes more valuable, it’s also becoming harder to protect. Its principles are the same as those of data protection—to protect data and support data availability.

Data breaches 54

Data breaches GDPR Compliance Encryption 54

Hunton Privacy

OCTOBER 11, 2010

On October 7, 2010, the French Data Protection Authority (the “CNIL”) released its first comprehensive handbook on the security of personal data (the “Guidance”). Log files and management of data security breaches. Data processors. Electronic archiving. Disclosure of personal data to third parties.

Personal data 40

Personal data Security Encryption Archiving 40

Security Affairs

MAY 20, 2023

The researchers reported that the archive was containing 305.759.991 records (luxottica_nice.csv), with 74.417.098 unique email addresses and 2.590.076 unique domain emails. It is probably the data put up for sale on RaidForum, now relase for free! Luxottica Group S.p.A. Its best known brands are Ray-Ban, Persol, and Oakley.

Data breaches 97

Data breaches Retail Sales Ransomware 97

Security Affairs

SEPTEMBER 24, 2021

The compilation appears to include names, phone numbers, and other data. billion entries but is also willing to split the archive into smaller portions for potential buyers. The poster is asking $100,000 for the full database of 3.8 What’s in the Clubhouse/Facebook compilation? A database of 3.8

Sales 105

Sales Passwords Personal data Phishing 105

Data Protection Report

NOVEMBER 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 The infraction related to the over retention of personal data. Infringement of deletion obligations.

GDPR 40

GDPR Personal data Records Management Archiving 40

DLA Piper Privacy Matters

FEBRUARY 23, 2022

The European Commission today presented its second instrument in the European Data Strategy; a “Regulation on harmonised rules on fair access to and use of data”, better known as the Data Act. In the proposal, “data” is broadly defined and contains both personal and non-personal data.

GDPR 97

GDPR Personal data IoT Access 97

HL Chronicle of Data Protection

MAY 1, 2020

Below are our highlights of the Guidelines: Fundamental takeaway – Data protection and, specifically, the GDPR do not hinder the fight against COVID-19. Primary or secondary use of the data – The type of uses of the personal data is relevant for the purposes of identifying the appropriate legal basis, as detailed below.

GDPR 80

GDPR Personal data Privacy Data collection 80

Everteam

APRIL 22, 2022

It will be able to manage much larger volumes, It will allow to answer use cases that open source tools do not cover such as digital bulk analysis on silos such as SharePoint It will also address features that these tools do not offer, such as personal data detection, or the ability to perform searches.

Archiving 52

Archiving Records Management Paper Marketing 52