GDPR Services: 19 stories worth reading from May 2019
Be informed from our GDPR Services about the latest 19 newsworthy cases and funny happenings Worldwide, identified and reported publicly during May 2019. As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a few GDPR Service packages from owlpower.eu: ( on-demand GDPR COMPLIANCE ) or a recurrent monthly service of (GDPR COMPLIANCE ADD-ON) together with your dedicated data protection OFFICER package.
- The NY-based firm Proven Data Recovery regularly made ransom payments to SamSam hackers over more than a year, research has shown.
- These payments eventually were delivered to Iranians running various high-profile ransomware scams. They are just one of many “payment mills” that are documented in this report. THE TRADE SECRET – Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
- The network of the Red Cross in Singapore has been breached and personal data of 4,000 potential blood donors has been leaked online.
- It is the third such leak in the past year in the city-state. Red Cross website hacked in latest Singapore cyber attack
- Since the enactment of the GDPR last May, regulators have seen 65,000 breach notices and levied more than $63M in fines for them.
- And this is just for the first nine months’ activities. None of the breaches was contested by their target companies, which is some small good news. First overview on the implementation of the GDPR and the roles and means of the national supervisory authorities (pdf)
- Members of an international cybercriminal syndicate supposedly responsible for creating the GozNym malware have been arrested and charged with stealing $100 million from more than 41,000 victims.
- The group combined two banking Trojans and operated for more than a year, starting in October 2015. The arrests were carried out in several eastern European countries, involving several different federal law enforcement agencies. Suspected members of the GozNym cybercrime network have been charged in relation to the organised and automated theft of tens of thousands of people’s sensitive personal and financial information. IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF PENNSYLVANIA (pdf) and $100 million GozNym cybercrime network dismantled as suspects charged
- Chinese government officials have constructed mobile apps for mass surveillance of its citizens.
- This report documents how these apps work and why they violate privacy and free movement international laws. China’s Algorithms of Repression – Reverse Engineering a Xinjiang Police Mass Surveillance App
- The mobile provider Boost Mobile has acknowledged a breach in March recently.
- The notification is short on details, but the company sent automatic PIN resets to affected customers. Boost Mobile hacked
- Passport and personal data for more than 2M Russians has been leaked online.
- The leak stems from multiple government sources including the Russian SNILS (equivalent to our SSNs), emails and tax IDs. Government agencies were notified by a security researcher months ago but ignored warnings, claiming this data was public property anyway. Russian government sites leak passport and personal data for 2.25 million users
- Hackers have breached nearly half a million accounts at the Uniqlo stores owned by the Japanese company Fast Retailing.
- Partial payment card data may be included, along with customer contact information. Users are encouraged to reset their passwords. It happened over several weeks beginning last month. Unauthorized Logins on Fast Retailing Online Store Websites due to List Type Account Hacking and Request to Change Password
- Picreel and the open source Alpaca Forms project have both suffered a supply chain breach with infected code.
- The code has been found collectively in more than 4,000 websites. Picreel tracks very detailed visitor interaction, like mouse movement and page scrolling. Alpaca is a JScript-based forms provider. Alpaca quickly took down its servers with the malware. Hackers are collecting payment details, user passwords from 4,600 sites
HELPS YOU TO MEET GDPR REGULATIONS
Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.
Discover trending and viral stories about GDPR Services Worldwide. The remaining Private Data breaches breaches made news headlines. All these happened just in the last month.
- The Israeli spyware vendor NSO Group has been leveraging a buffer overflow vulnerability in WhatsApp that allows hackers remote code execution on users’ phones.
- The victims don’t necessarily have to answer a call, which then disappears from call logs. Users should update their software immediately to prevent this. (The patch doesn’t explicitly state this bug as a reason to update.) Affected phones of several high-profile victims were cited in the report, including a human rights lawyer. WhatsApp vulnerability exploited to infect phones with Israeli spyware
- The job listings site Ladders left an unsecured ElasticSearch database which contained details on 13 million resumes and current salaries.
- It was quickly protected after reporters notified the company. Job recruitment site Ladders exposed 13 million user profiles
- GPS apps to locate equipment and employees
- The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here’s how it works and what you can do to mitigate its risk. What is GPS spoofing? And how you can defend against it
- Chrissy Morgan has posted the recording of an hour-long talk on responsible disclosures she recently gave at Le Tour Du Hack.
- She discusses the context of some significant disclosures and what researchers did correctly and incorrectly. Le Tour Du Hack 2019: The Good, The Bad And The Ugly Of Responsible Disclosure – Chrissy Morgan
- Yesterday the latest Verizon 2019 Data Breach Investigations Report was released.
- It contains information on more than 2,000 confirmed data breaches seen during 2018, taken from more than 70 different reporting sources and analyzing more than 40,000 separate security incidents. 2019 Data Breach Investigations Report (pdf)
- A massive SMS spamming operation was uncovered, containing data on 80M people.
- It has been responsible for sending millions of texts trying to lure victims into revealing their online credentials. Ironically, they failed to password protect their server, and a researcher posted the details about their operation. Massive SMS Bombing Operation Uncovered In Passwordless Database
- Canada’s 4th largest mobile provider Freedom Mobile had an unprotected ElasticSearch storage bucket containing 5M log entries of customer data.
- Credit cards and CVV numbers were included. Eventually, the company set up a password on the server. Freedom Mobile Data Breach Exposes Canadian Customers’ Full Credit Details
- Users of Electrum Bitcoin wallets have been hit by a DDoS botnet.
- The network is growing in size and has passed 100,000 infected computers. The attackers initially just tried to steal funds, but have upped their game with the creation of this botnet. Total stolen so far is more than $4M. It has two malware components, RIG exploit kit and Smoke Loader. Electrum DDoS botnet reaches 152,000 infected hosts
- Here are the top ten data leaks of the past decade.
- Topping the biggest data leaks over the past decade is Yahoo’s 2013 breach with ultimately over 3 billion accounts leaked. Top 10 data leaks of the last years
- Researchers have found an online database containing particulars on 80M American households without any password protection.
- It was taken offline abruptly. The data has personal details including occupants’ incomes and email addresses but not SSNs or payment card details, and a screenshot of a typical redacted record is shown here. The researchers believe it is the largest breach of such explicit information and could make it easier for ID thieves to impersonate you. It wasn’t clear who owned the data Report: Unknown Data Breach Exposes 80 Million US Households
data protection OFFICER
Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.
