Scroll Top

GDPR Services: 31 stories worth reading from April 2019


GDPR Services: 31 stories worth reading from April 2019

Be informed from our GDPR Services about the latest 31 newsworthy cases and funny happenings Worldwide, identified and reported publicly during April, 2019. As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a few GDPR Service packages from owlpower.eu: ( on-demand GDPR COMPLIANCE ) or a recurrent monthly service of (GDPR COMPLIANCE ADD-ON) together with your dedicated data protection OFFICER package.

  • Talos researchers have been tracking 74 different shady Facebook groups.
    • Members gather to sell payment card data, email spamming tools and stolen credentials. The post describes their continuing efforts to eradicate these criminals. “Security teams and vendors must work together to actively share information, take action and inform our customers,” they say. Hiding in Plain Sight

  • USA – If you are looking for a handy state-by-state compendium of breach notification laws, check out this interactive map from Baker Hostetler.
    • You can also view which states require particular elements, such as notifications only of illegal access or those that have specific response time frames. For example, only eight states have laws that also apply to paper records. Breach Notification Law Interactive Map

  • Cell phones from Xiaomi have a pre-installed infected — and phony — security app called Guard Provider.

  • As the UK continues to stumble over its Brexit plans, this post examines what this means for cybersecurity there.
    • It isn’t clear if EU cyber standards will apply in the UK and how data sharing governance will happen. UK businesses will need to review their own privacy policies too. Mind the Brexit gap in cyber security

  • Bayer was hit by the Winnti malware last year and only went public recently about the situation.

  • Researchers found two separate databases filled with Facebook user and plaintext passwords.

  • Sen. Mark Warner (D- Virginia) has received answers from some of the organizations he queried about their security practices.

  • Personal data of more than 12M pregnant women in India was leaked online for more than a month before it was finally secured.

  • This sounds like a 4/1 joke but as far as I can tell, it actually happened.

  • It has taken the restaurant chain Buca di Beppo until now to admit it was breached back in May 2018.
    • More than 2M payment cards were stolen, thanks to an infected POS system. The company said the breach took until March to discover and then fix the issue. The breach also hit other brands in its conglomerate including Earl of Sandwich and Planet Hollywood stores. You might want to review your credit card statements carefully over this period to find any unauthorized charges. A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

  • Toyota has experienced a large data breach that could expose more than 3M customer records.



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover trending and viral stories about GDPR Services Worldwide. The remaining Private Data breaches breaches made news headlines. All these happened just in the last month.

  • The website bodybuilding.com received a phish back in July last year that eventually triggered a breach this past February.
    • The company has more than a million members along with an e-commerce site. It acknowledged the leak of private customer data, although not any payment card numbers were divulged. All users’ passwords have been subsequently reset. DATA INCIDENT

  • Researchers have found more than 60M LinkedIn user records on a series of public databases.

  • >Breach is at Chipotle, which hasn’t yet been fully acknowledged by the company.
    • Customers have posted on Reddit and Twitter, figuring it out thanks to some of them reporting password reuse. Chipotle says it could be the result of password stuffing, but that is questionable. It has no plans to roll out MFA requirements, however. Chipotle customers are saying their accounts have been hacked

  • A notable recent breach.
    • First is at the Indonesian eCommerce site Bukalpak. This leaked 13M records back in 2017. Exposed data included email and IP addresses, names and hashed passwords. The company has reset all passwords and now requires MFA on all logins. Bukalapak Meningkatkan Keamanan Akun Pengguna

  • India’s third largest IT consultancy Wipro has suffered a breach that is used to attack its customers’ networks.

  • OneLogin suffered two breaches within a year.
    • Here is the tale of how it owned up to its problems and recovered its customers’ trust. The company revealed the breach quickly, described the details of the attack and kept customers informed along the way. This could be used as a template for your own breach response playbook. How OneLogin responded to its breach and regained customer trust

  • Major VPN vendors have been found to be at risk leaking private data.
    • The issue is how they store session cookies in log files or memory locations. Palo Alto Networks Global Protect, Cisco AnyConnect and Pulse Secure Connect are at list. Only Palo Alto has fixed their code and users should upgrade to v.4.1.1 asap. VPN applications insecurely store session cookies

  • A new info stealer malware called Baldr has been observed.
    • It is a well-crafted combination of Agressor for distribution, Overdot for sales and promotion, and LordOdin for development. It is a new type of stealer that operates as a ‘grab and go’ — meaning it is harder to detect, more opportunistic, and goes after a wider range of potential targets. Say hello to Baldr, a new stealer on the market

  • DataCamp, an online learning website specializing in data science courses, suffered a data breach in 2017.
    • More than 760k records were exposed, including email and IP addresses, names and hashed passwords. The company notified users via email after the breach was discovered in February, and it claims no payment card data was compromised. A vast majority of these email IDs were already leaked thanks to other breaches. DataCamp Security Update – Frequently Asked Questions

  • EU authorities have launched an investigation as to whether various government agencies are complying with GDPR privacy regulations in their contracts with Microsoft purchases.

  • Those sextortion scammers are getting more sophisticated.
    • They have lowered their ransom demands in the hopes of getting more victims to pay and also hidden their malware through multiple layers of encryption, passwords and programming. Big change in the plague of Blackmail, Sextortion Scam attempts



data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts