GDPR Services: 24 stories worth reading from February 2019

GDPR Services: 24 stories worth reading from February 2019

GDPR Services: 24 stories worth reading from February 2019

Since our launch in the GDPR Services niche, we’re closely monitoring the public news sector. We gathered in this collection a few newsworthy cases and funny happenings.

  • The unauthorised party gained access to partial user data on July 5, 2018
    • The photo-sharing site 500px was attacked last summer which revealed user names and hashed passwords. They posted this announcement. All users’ passwords have been reset. Security Issue February 2019: FAQ

  • The company is paying a group of financial institutions over negligence claims following a 2015 cyber attack.
    • Wendy’s has agreed to pay out $50M to settle claims from financial institutions stemming from a 2015-2016 breach. Roughly half of the settlement, pending court approval, is from insurers and the other half is from its own pocket. Last fall, Wendy’s separately settled a class action lawsuit from its customers. WENDY’S AGREES TO PAY $50M TO SETTLE DATA BREACH CLAIMS

  • Persistent identifiers are the bread and butter of the online tracking industry.
    • Thousands of Android apps collect both the Ad ID and other device data as a way to target their advertising messages to specific endpoints and customers. You can see a partial list of some of them below. This is in violation of Google Play guidelines and is an invasion of users’ privacy too. Researchers show how this data is collected and who is doing the more egregious snooping. Ad IDs Behaving Badly

  • All telephone calls made since 2013
    • Millions of calls to a health hotline in Sweden have been digitally recorded since 2013 and stored on an open website. The calls contain all sorts of sensitive information, including phone numbers, and symptoms. All telephone calls made to 1177 since 2013 and received by the healthcare representative Medicall have been completely open as audio files on an unprotected web server 2.7 million recorded calls to the 1177 Care Guide completely unprotected on the internet

  • Actionable intelligence about Chrome extensions
    • About a third of Chrome extensions use third-party code that has known security vulnerabilities, and almost 85% don’t come with any stated privacy policies whatsoever. To help users, Duo has created the CRXCAVATOR utility to scan various Chrome add-ons for appropriate permissions and other security weaknesses. This tool should be useful for all GDPR Services provider. Democratizing Chrome Extension Security

  • Social Networks are just the tip of the iceberg
    • Even the most paranoid and cautious among us can’t control all of our personal data. A new research study shows that there are multiple layers, only one of which is under our control. Machines can gather data on you without your knowledge to better target ads and other messages. You only control one-third of your identity online

  • Healthcare organizations handle an extensive amount of highly sensitive data



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

  • Government vs. government
    • The Citizen Lab in Toronto has worked with the AP to document an attempt to compromise its researchers. Phoney sources contacted two staff members, misrepresenting themselves and asking about the organization’s relationship to Israeli NSO group’s activities APNewsBreak: Undercover agents target cybersecurity watchdog

  • Collecting biometric data from individuals without consent

  • A data breach incident impacting Discover cards has provided attackers access to an undisclosed amount of customer information

  • THE largest bank in the country and a highly ranked company in the Fortune 500
    • The State Bank of India used an open online server storing hundreds of millions of customer details. It was discovered by an unnamed researcher and verified by Techcrunch. Text message inquiries could be viewed in real time, including bank balances and transaction details. The bank secured the data once reporters brought the issue to their attention. India’s largest bank SBI leaked account data on millions of customers

  • Airbus has revealed its cyber-attack affecting its commercial aircraft business, which has compromised employee information
    • Airbus’ corporate IT network has been recently breached and notified regulators about unauthorized data access. While the company acknowledged the leak, further details are scarce. Airbus Staff Caught in Data Breach

  • A server security lapse has exposed a massive database of customer information
    • Another open ElasticSearch data repository was discovered by a researcher, this one belonging to Rubrik, ironically a multi-billion dollar IT security consultancy. It contained its customer details and was indexed by the Shodan site. The firm admitted and corrected its mistake quickly after being notified. The database itself, running on a hosted Amazon Elasticsearch server, was storing tens of gigabytes of data, including customer names, contact information and casework for each corporate customer. Data management giant Rubrik leaked a massive database of client data

  • Ex-NSA operatives reveal how they helped spy on targets for the Arab monarchy — dissidents, rival leaders and journalists.
    • US intelligence analysts worked in Abu Dhabi to help the UAE hack into phones and computers of its enemies. Called Project Raven, this is the story of how it eventually targeted US citizens. An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. INSIDE THE UAE’S SECRET HACKING TEAM OF AMERICAN MERCENARIES

  • xDedic provided access to more than 85,000 hacked servers in its heyday

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

  • A ruling will ensure doctors no longer judged by Google on fitness to practise
    • A Dutch court has issued a landmark ruling supporting the right to be forgotten. Google brought the suit against a surgeon who wanted parts of her search history removed from the Dutch Google site. The court ruled in the doctor’s favour. Dutch surgeon wins landmark ‘right to be forgotten’ case

  • Houzz data breach:
    • The online home furnishings design website Houzz ( experienced a data breach in December and notified their customers about it last week. No payment card data or SSNs were part of the leak. They recommended users change their passwords. Why informing your customers is the right call

  • It appears using Twitter to reveal the news was a last-ditch attempt for Eskom to take the exposure seriously.
    • South Africa’s largest electric utility Eskom has had a major data leak. The company was slow to respond to researchers who found it. The data contains customer financial data, including payment card CVVs. In what may be a case of “if we ignore it, it will go away,” South Africa’s largest electricity company has become the subject of the public exposure of customer data after ignoring researcher pleas to resolve the problem. Researcher reveals data leak at South Africa’s main electricity provider

  • The social media network’s practice of merging its users’ data that was gleaned from WhatsApp, Instagram and millions of third-party websites and apps

  • 8 major Airlines affected
    • Researchers have found at least eight airline online ticketing systems vulnerable because of unencrypted links that could be intercepted with man-in-the-browser attacks. (See the diagram below.) Once this is done, passenger private information could be at risk. Are airlines putting your data at risk?

  • 617 million online account details stolen from 16 hacked websites

  • Hackers did not ask for a ransom. VFEmail described the incident as “attack and destroy.”


data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.