Enjoy priority support and immediate help for your WordPress sites!

GDPR Services: 24 stories worth reading from February 2019

GDPR Services: 24 stories worth reading from February 2019

GDPR Services: 24 stories worth reading from February 2019

Since our launch in the GDPR Services niche, we’re closely monitoring the public news sector. We gathered in this collection a few newsworthy cases and funny happenings.

  • The unauthorised party gained access to partial user data on July 5, 2018
    • The photo-sharing site 500px was attacked last summer which revealed user names and hashed passwords. They posted this announcement. All users’ passwords have been reset. Security Issue February 2019: FAQ

  • The company is paying a group of financial institutions over negligence claims following a 2015 cyber attack.
    • Wendy’s has agreed to pay out $50M to settle claims from financial institutions stemming from a 2015-2016 breach. Roughly half of the settlement, pending court approval, is from insurers and the other half is from its own pocket. Last fall, Wendy’s separately settled a class action lawsuit from its customers. WENDY’S AGREES TO PAY $50M TO SETTLE DATA BREACH CLAIMS

  • Persistent identifiers are the bread and butter of the online tracking industry.
    • Thousands of Android apps collect both the Ad ID and other device data as a way to target their advertising messages to specific endpoints and customers. You can see a partial list of some of them below. This is in violation of Google Play guidelines and is an invasion of users’ privacy too. Researchers show how this data is collected and who is doing the more egregious snooping. Ad IDs Behaving Badly

  • All telephone calls made since 2013
    • Millions of calls to a health hotline in Sweden have been digitally recorded since 2013 and stored on an open website. The calls contain all sorts of sensitive information, including phone numbers, and symptoms. All telephone calls made to 1177 since 2013 and received by the healthcare representative Medicall have been completely open as audio files on an unprotected web server 2.7 million recorded calls to the 1177 Care Guide completely unprotected on the internet

  • Actionable intelligence about Chrome extensions
    • About a third of Chrome extensions use third-party code that has known security vulnerabilities, and almost 85% don’t come with any stated privacy policies whatsoever. To help users, Duo has created the CRXCAVATOR utility to scan various Chrome add-ons for appropriate permissions and other security weaknesses. This tool should be useful for all GDPR Services provider. Democratizing Chrome Extension Security

  • Social Networks are just the tip of the iceberg
    • Even the most paranoid and cautious among us can’t control all of our personal data. A new research study shows that there are multiple layers, only one of which is under our control. Machines can gather data on you without your knowledge to better target ads and other messages. You only control one-third of your identity online

  • Healthcare organizations handle an extensive amount of highly sensitive data



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

  • Government vs. government
    • The Citizen Lab in Toronto has worked with the AP to document an attempt to compromise its researchers. Phoney sources contacted two staff members, misrepresenting themselves and asking about the organization’s relationship to Israeli NSO group’s activities APNewsBreak: Undercover agents target cybersecurity watchdog

  • Collecting biometric data from individuals without consent

  • A data breach incident impacting Discover cards has provided attackers access to an undisclosed amount of customer information

  • THE largest bank in the country and a highly ranked company in the Fortune 500
    • The State Bank of India used an open online server storing hundreds of millions of customer details. It was discovered by an unnamed researcher and verified by Techcrunch. Text message inquiries could be viewed in real time, including bank balances and transaction details. The bank secured the data once reporters brought the issue to their attention. India’s largest bank SBI leaked account data on millions of customers

  • Airbus has revealed its cyber-attack affecting its commercial aircraft business, which has compromised employee information
    • Airbus’ corporate IT network has been recently breached and notified regulators about unauthorized data access. While the company acknowledged the leak, further details are scarce. Airbus Staff Caught in Data Breach

  • A server security lapse has exposed a massive database of customer information
    • Another open ElasticSearch data repository was discovered by a researcher, this one belonging to Rubrik, ironically a multi-billion dollar IT security consultancy. It contained its customer details and was indexed by the Shodan site. The firm admitted and corrected its mistake quickly after being notified. The database itself, running on a hosted Amazon Elasticsearch server, was storing tens of gigabytes of data, including customer names, contact information and casework for each corporate customer. Data management giant Rubrik leaked a massive database of client data

  • Ex-NSA operatives reveal how they helped spy on targets for the Arab monarchy — dissidents, rival leaders and journalists.
    • US intelligence analysts worked in Abu Dhabi to help the UAE hack into phones and computers of its enemies. Called Project Raven, this is the story of how it eventually targeted US citizens. An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. INSIDE THE UAE’S SECRET HACKING TEAM OF AMERICAN MERCENARIES

  • xDedic provided access to more than 85,000 hacked servers in its heyday

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

GDPR Services: 24 stories worth reading from February 2019
Article Name
GDPR Services: 24 stories worth reading from February 2019
A curated list of 25 stories about GDPR Services: fines and stories worth reading from February 2019.
owl power EUROPE

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.