Sports retail giant Decathlon leaks 123 million customer and employee records

IT Governance

Decathlon, the world’s largest sporting goods retailer, has suffered a massive data breach, affecting 123 million customer and employee records. Cyber security researchers at vpnMentor found a leaky database on a publicly accessible Elasticsearch server. It contained information from the retailer’s Spanish businesses and potentially its UK stores. Employees’ names, addresses, usernames, passwords, social security numbers, phone numbers and dates of birth were all affected.

11 cyber security predictions for 2020

IT Governance

Almost everyone wants to know what the future has in store – particularly when it comes to cyber security. With that in mind, Geraint Williams, IT Governance’s chief information security officer, discusses his cyber security predictions in the upcoming year.

IoT 82

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. NCSA operates the StaySafeOnline website that provides a variety of cybersecurity educational resources and programs. We have a lot of programs geared toward education at a lot of different levels.

E-learning: the effective way to train your team

IT Governance

It is widely acknowledged that the retail and hospitality industries experience high staff turnover: frontline roles are often filled by temporary, young or part-time staff, the hours can be long and unsociable and the work can be physically demanding.

SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains

The Last Watchdog

Evidence continues to mount that blockchain technology holds the potential to democratize commerce on a global scale, while at the same time vastly improving privacy and security in the digital age. DigiCert recently thrust itself into the security part of the equation by signing on as a contributor to Hyperledger , the open source blockchain collaborative effort hosted by The Linux Foundation. Blockchain gave rise to Bitcoin.

Bristol Airport systems offline in suspected ransomware attack

IT Governance

The airport admitted to taking a “ cautious approach ” to rectify the problem, but that was to ensure that none of its safety or security systems were put at risk. Cyber Security Retail e-learning phishing RansomwareAnother day, another cyber attack.

Decathlon Spain data leak exposed Spanish employees’ data & more

Security Affairs

Experts from vpnMentor have uncovered a leaking, active database containing over 123 million records belonging to the sporting goods retailer Decathlon Spain (and possibly Decathlon UK as well). The experts discovered the database on February 12, 2020, and reported their discovery to Decathlon on February 16, the archive was security on February 17. The post Decathlon Spain data leak exposed Spanish employees’ data & more appeared first on Security Affairs.

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

Extra security measures have been taken to protect (scientific) data. “Since the cyber attack on 23 December 2019, UM has been working hard: on the one hand, to repair the damage and, on the other hand, to make education and research p ossible again as soon as p ossible.”

Nodersok malware delivery campaign relies on advanced techniques

Security Affairs

About 3% of the infected systems belong to organizations in different sectors, including education, professional services, healthcare, finance, and retail. The post Nodersok malware delivery campaign relies on advanced techniques appeared first on Security Affairs. Breaking News Cyber Crime Malware Hacking information security news malware Pierluigi Paganini Security Affairs Security News

More than half of consumers would consider legal action if their data was compromised during a breach

Thales eSecurity

Those across the manufacturing and utilities industries had the highest preparedness rates at 91%, while retail had the lowest across both countries at 78%. Education. Retail, Catering & Leisure. Data security

GDPR 83

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year. Protection of Retail Investors . For both broker-dealers and investment advisers, OCIE will continue to emphasize the protection of retail investors, particularly seniors and those saving for retirement.

Cybersecurity impact of Covid-19: Q&A with CISO Myke Lyons

Collibra

But with all this additional time we spend online, have we stopped to think about the security of our devices and the tools we use every day? Earlier this year, the state of online security was in flux because companies have been rapidly moving to the cloud and to SaaS specifically. Organizations were asking for considerably more security requirements of their SaaS vendors than they themselves were required to do and it was moving at a slower pace. Security

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Snyder says his experience as head of Gateway Computers and as an investor in tech security startups, prior to entering politics, gave him an awareness of why putting Michigan ahead of the curve, dealing with cyber threats, would be vital. “I Given his tech background, Snyder foresaw that any drive to revitalize and diversify Michigan’s economy could only truly work if business networks generally got a lot more secure than they were at that time.

TA505 group updates tactics and expands the list of targets

Security Affairs

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The group is also known for some evasive techniques they put in place over time to avoid the security controls and penetrate corporate perimeters with several kinds of malware, for instance abusing the so-called LOLBins (Living Off The Land Binaries), legit programs regularly used by victim , or also the abuse of valid cryptographically signed payloads.

How to Take Your Business to The Next Level with Data Intelligence

erwin

Education. Educators can provide a more valuable learning experience and environment for students. With the use of data intelligence tools, educational institutes can provide teachers with a more holistic view of a student’s academic performance. Retail. The retail industry has also employed data intelligence in developing tools to better forecast and plan according to supply and demand trends and consumer Key Performance Indicators (KPI).

Neiman Marcus Agrees to Settlement in Data Breach Class Action

Hunton Privacy

On March 17, 2017, retailer Neiman Marcus agreed to pay $1.6 Cybersecurity Information Security Security Breach Class Action Compliance Consumer Protection Credit Monitoring Illinois Information Sharing Payment Cardmillion as part of a proposed settlement (the “Settlement”) to a consumer class action lawsuit stemming from a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 customers.

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

Data Matters

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year. Protection of Retail Investors . For both broker-dealers and investment advisers, OCIE will continue to emphasize the protection of retail investors, particularly seniors and those saving for retirement.

Finance sector must simplify staff awareness training

IT Governance

Financial services firms must do more to educate employees about cyber security, according to the FCA (Financial Conduct Authority). The findings are the result of a discussion between 175 organisation, aiming to address security concerns in the fund and investment management, insurance, retail banking, and retail investment and lending sectors. This doesn’t mean you can’t have a cyber security champion, though. How Cyber Security as a Service helps.

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

The economic sectors represented by ten or more survey respondents include the following: agriculture; construction; manufacturing; retail trade; transportation and warehousing; information; real estate rental and leasing; professional, scientific, and technical services; management services; waste management; educational services; and arts and entertainment. Still, I like seeing this kind of analysis about security infrastructure.

Does your use of CCTV comply with the GDPR?

IT Governance

This will typically cover public authorities such as government departments, schools and other educational institutions, hospitals and the police. Many retailers sell signs like this, leaving the purpose blank so that you can fill it in with the appropriate message. That will generally be security personnel and management. This means keeping the footage in a secure location. CCTV, access controls, and other security measures); and.

GDPR 69

The GDPR: A year in review

IT Governance

A year ago this week, the GDPR (General Data Protection Regulation) took effect, promising to revolutionise information security. Our experts couldn’t agree on which sector had done the least to meet the GDPR’s requirements, with retail, education and the public sector among those named the worst. Retail, education and the public sector have been the worst data protection offenders for years, whereas the finance sector is notorious for its adherence to numerous regulations.

GDPR 51

In Today’s Privacy Environment, That’s the Way the (Website) Cookie Crumbles: Data Privacy Trends

eDiscovery Daily

As covered in Alston & Bird’s Privacy and Data Security Blog ( Google-Style GDPR Fines for Everyone? The companies audited were from industries ranging from online retail to sports to banking & insurance to media, even automotive & electronics and home and residential. Electronic Discovery Privacy SecurityIt’s only been three weeks, but we’ve already talked plenty about the first big GDPR fine of €50 million (or about $56.8

GDPR 39

Businesses to Assist NHS Test and Trace Efforts

Hunton Privacy

Going forward, this type of additional data collection is likely to be applied not only in the hospitality sector but also in the education, retail and manufacturing sectors, as they reopen. Depending on the nature of data collection, additional measures may be required to keep the data secure. The UK Prime Minister, Boris Johnson, announced on June 23, 2020, that restrictions relating to COVID-19 would be eased as of July 4.

Recent Data Breach Events in China

Hunton Privacy

Zhabei District police investigated online message platforms, and targeted an education information consulting company as the source of the spam messages. This person had sold the data to the local resident, who then resold them to the education company owner and a few others, including the owners of another education company and a cultural communications company. Information Security International Online Privacy Security Breach China Penalty

Digital Intelligence and the Role of Data in Personalization

Perficient Data & Analytics

Next Gen Infrastructure (Wearables, Wifi, IoT, Robots, Security). We see CXOs – from retail and financial backgrounds – get hired on in healthcare spaces and tasked with digital disruption in Healthcare organizations, and beyond. Learn and understand the education system to hire the right skill set. Welcome to 2019 where things take an interesting turn, or, materialize as predicated for so long.

FINRA Issues Its 2019 Risk Monitoring and Examination Priorities Letter

Data Matters

FINRA notes that firms increasingly are involved in the distribution of securities through online platforms, some operated by unregistered entities, in reliance on Rule 506(c) of Regulation D and Regulation A under the Securities Act of 1933, and FINRA is concerned that some member firms have argued that they are not selling or recommending securities when involved with such platforms, despite evidence to the contrary.

62% of organisations unaware of the GDPR

IT Governance

Among those that have started to prepare: 36% of businesses and charities have changed their cyber security practices; 21% of businesses and 10% of charities have invested in additional staff training; and. The finance and insurance (79%), information or communications (67%) and education (52%) sectors have the highest awareness of the GDPR. However, the least prepared sector is retail and wholesale, with only 13% of organisations having started.

GDPR 46

The Sainsbury Archive chooses Preservica to create new cloud-based digital archive

Preservica

Preservica’s active digital preservation platform selected to future-proof unique digital assets that document nearly 150 years of corporate, brand and retail history. It is expected to create around 65 TB of information, and therefore felt it was important to ensure its unique digital material could be safely stored and future-proofed, using a secure cloud-hosted preservation and access platform.

FTC Hosts Workshop on Informational Injury

Hunton Privacy

Consideration was given to whether the same factors apply in both the privacy and security contexts, the risk of potential injury versus realized injury and when government intervention is warranted. Responses varied with some noting that, in the retail tracking hypothetical, until actual harm is realized, no consumer injury has taken place, while others stated that retail tracking to determine aggregate consumer interest in a product could be enough to cause injury.

Seven Risks in the Beneficent Cloud

Positively RIM

Today’s Blog is sponsored by MER 2017, Cohasset Associates’ 25 th annual educational conference on electronic records management, in Chicago, May 8-10. U ser beware: amid the security and budgetary advantages of the Cloud, risks lurk, ready to sabotage the unprepared or unsuspecting. Here’s the plus side: Cloud providers generally secure information better than local IT departments can.

Data Governance and Business Transformation

Collibra

Collibra organized a Data Governance and Business Transformation seminar in Paris recently, bringing together data managers from the financial, retail, transportation, and logistics industries. education and training are essential as data governance and related functions are still new to many companies.

The customer revolution is coming to banking (but it won’t happen overnight)

CGI

Early 2018 will mark the beginning of a new era for the UK’s retail banks. Using the Open Banking API, new entrants and smaller players will have a structured and secure way to access customer account information and challenge the established institutions by creating new customer offers. The customer revolution is coming to banking (but it won’t happen overnight). p.butler@cgi.com. Tue, 10/17/2017 - 01:03.

FTC Investigating Privacy Risks to Data Stored on Digital Copiers

Hunton Privacy

In the letter to Congressman Markey, Mr. Leibowitz promised the FTC would collaborate with “copier manufacturers, resellers, and retail copy and office supply stores to ensure that they are aware of the privacy risk associated with digital copiers and to determine whether they are warning their customers about these risks, whether they are providing education and guidance on this subject, and whether manufacturers and resellers are providing options for secure copying.”

Ready to lead the 5G revolution

CGI

A myriad of use cases is emerging, spanning industries as diverse as transport, retail, healthcare and agriculture. Widespread augmented reality could help people to shop, learn and explore wherever they are — from immersive educational experiences to smart mirrors that enable you to digitally try on clothes before ordering garments that are bespoke to your measurements. Ready to lead the 5G revolution. pooja.cs@cgi.com. Mon, 02/25/2019 - 05:48.

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. SB-1121 amended this exemption by removing the “in conflict” provision, but making clear that a business so exempted will still be subject to the data security / breach requirements under the CCPA. Consumer privacy rights in California are well established.

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. SB-1121 amended this exemption by removing the “in conflict” provision, but making clear that a business so exempted will still be subject to the data security / breach requirements under the CCPA. Consumer privacy rights in California are well established.

Regulatory Update: NAIC Summer 2019 National Meeting

Data Matters

Securities and Exchange Commission on June 5, 2019, broker-dealers and associated persons are required to act in the best interest of a retail customer when recommending a securities transaction or investment strategy involving securities to a retail customer. 43R — Loan-Backed and Structured Securities and SSAP No. 43R — Loan-Backed and Structured Securities.

Paper 65

Current challenges in fighting financial crime – Part 2

CGI

In part two, we’ll talk about a new approach that tackles these challenges, helping financial institutions to not only achieve higher levels of security but also create competitive advantage. Interestingly, an analysis of fines issued by the Office of Foreign Assets Control (OFAC) in 2015 for security lapses reveals that the cause in almost every case was an insider threat, such as the malicious use of credentials. Current challenges in fighting financial crime – Part 2.

List of data breaches and cyber attacks in August 2019 – 114.6 million records leaked

IT Governance

Australian education provider TAFE NSW hit by phishing scam (30). Internet hosting provider Hostinger resets users’ passwords after security breach (14 million). Online clothing retailer Poshmark confirms data breach (unknown). Indian Army detects cyber security breach in Northern Command officer’s computer (unknown). Imperva discloses security incident impacting Cloud firewall users (unknown).

FTC Issues Landmark Privacy Report

Hunton Privacy

In the offline context, this could include, for example, having a cashier in a retail store “ask the customer whether he would like to receive marketing offers from other companies.”. On December 1, 2010, the Federal Trade Commission released its long-awaited report on online privacy entitled “ Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”