2018, Data breaches and Data collection

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach that exposed customers’ network information (CPNI), including phone numbers and calls records. T-Mobile has disclosed a data breach exposing customers’ account’s information. ” reads the statement published by the company. Pierluigi Paganini.

Data breaches

Data breaches Mobile Telecommunications Wireless

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? Data Collection Should be Minimised, Not Maximisation.

Data breaches

Data breaches Data collection B2B Mobile

The CPRA compliance checklist every business should follow in 2023

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data. On the other hand, the CPRA relies on opt-out consent.

Data collection

Data collection Data breaches Password Management Data privacy

Meta Fined €265M for Data Leak Involving 530M Users

SecureWorld News

NOVEMBER 30, 2022

The DPC discussed the inquiry : "The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited ('MPIL') during the period between 25 May 2018 and September 2019.

Data breaches

Data breaches Data collection Media Cybersecurity

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Hot for Security

FEBRUARY 12, 2021

Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.

Data collection

Data collection Data breaches Ransomware

Over 100,000 Hackers Exposed in Data from Top Cybercrime Forums

SecureWorld News

AUGUST 16, 2023

Having your personal information involved in some type of cybersecurity incident or data breach is never fun. Their findings, which spanned data collected between 2018 and 2023, revealed an intriguing reality. It's always a painful process, and it's something that seemingly happens everyday.

Cybercrime

Cybercrime Passwords Data collection Data breaches

The end looms for Meta's behavioural advertising in Europe

Malwarebytes

AUGUST 4, 2023

After having taken Meta to task for various privacy violations and data breaches, Meta is now having to provide European users with a way to opt out of behavioural advertising. Two complaints from the European Center for Digital Right (NYOB) back in 2018 set the wheels in motion.

Advertising

Advertising Data breaches Data collection Marketing

The year 2020 witnessed these biggest GDPR fines

CyberSecurity Insiders

FEBRUARY 23, 2021

million or €50 million penalty in March 2020 by the France data watchdog for failing to provide transparent information to users about its rules and regulations pertaining to data collection related to its products and services. Google was awarded $56.6

Data collection

Data collection Marketing Data breaches Cybersecurity

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

billion apps in 2021 alone, up more than 47 percent since 2018. This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022. Greediest data harvesters. In fact, Google Play users downloaded 111.3

Data privacy

Data privacy Media Data collection Data breaches

Protonmail hacked …. a very strange scam attempt

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams

Scams Hacking Data collection Advertising

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

SEPTEMBER 9, 2019

In July, DHS’s Customs and Border Patrol (CPB) suspended all federal contracts with Perceptics , a contractor which sells license-plate scanners and other border control equipment, after data collected by the company was made available for download on the dark web.

Cybercrime

Cybercrime Government Data collection Internet

Payment data of thousands of customers of UK and US online stores could have been compromised

Security Affairs

MARCH 14, 2019

In the course of further research it was revealed that GMO JS Sniffer has presumably been collecting customer payment data since November 2018. Typically, after customer data is stolen, it is usually resold on underground cardshops. Group-IB’s Threat Intelligence team discovered that GMO has been active since May 2018.

eCommerce

eCommerce Marketing Data breaches Advertising

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

“The attack vector included the scanning and identification of externally facing Mac services to include the Apple Filing Protocol (AFP, port 548), RDP, VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from 3rd party data breaches.”

Malware

Malware Passwords Identity Theft Data collection

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

SEPTEMBER 11, 2019

This skills deficit has been the top worry of IT pros for several years, according to tech consultancy ESG’s annual survey of IT pros; some 53% of the organizations participating in ESG’s 2018 -2019 poll reported a “problematic shortage” of cybersecurity skills. Digital transformation has only exacerbated this security skills gap.

Big data

Big data Firewall Digital transformation Software

Meta subsidiaries must pay $14m over misleading data collection disclosure

Malwarebytes

JULY 31, 2023

Meta has run into yet another bout of court related issues—two subsidiaries have been ordered to pay $14 million regarding undisclosed data collection. Last year, Instagram received a record fine of $400m for the abuse of children’s data.

Data collection

Data collection VPN Advertising Mobile

AON ACQUIRES CYTELLIGENCE, A LEADING INTERNATIONAL CYBER SECURITY FIRM WITH DEEP EXPERTISE IN CYBER INCIDENT RESPONSE AND DIGITAL FORENSIC INVESTIGATIONS

Cytelligence

FEBRUARY 4, 2020

Global cyber insurance premiums are expected to grow from $4 billion in 2018 to $20 billion by 2025. As the number of network intrusions, data breaches, ransomware attacks, and similar threats continues to increase in both frequency and severity, expertise in cyber incident response becomes critical to organizations and insurance companies.,”

Penetration Testing

Penetration Testing Insurance Data preservation Cyber Insurance

Colorado’s new law ups need for privacy awareness training

SC Magazine

JULY 12, 2021

Jared Polis, at the time Colorado’s governor-elect, speaks at a 2018 election night rally. And so as organizations collect more sensitive data, their employees should be more attuned, and… better trained on what constitutes sensitive data…”. Governor Polis last week signed the Colorado Privacy Act into law.

Education

Education Security Awareness Data privacy Social Engineering

What happened in privacy in 2022

Malwarebytes

JANUARY 20, 2023

Period-tracking app users scrambled to find the most secure app online , and one period-tracking app maker promised to encrypt user data so that, even if law enforcement made a request for their data, the data would be unintelligible. In August, the company confirmed a data breach that affected 5.4 million.

Data privacy

Data privacy Engineering Encryption Internet

New ‘digital trust exchange’ removes risks of managing PII of job applicants

SC Magazine

MARCH 30, 2021

Any sanctions, watch lists and so on… I don’t need to know the underlying report and the data that comes with the background check report… Let’s say this person is divorced, and he’s got three kids, he bought a car in 2018, and he’s got a mortgage payment or a lease. Especially in the gig economy.

Risk

Risk Encryption Education Media

UK data watchdog wants to tackle cookie pop ups to protect personal data

CyberSecurity Insiders

SEPTEMBER 8, 2021

Already, the cookies acceptance feature has been part of EU’s General Data Protection Regulation that came into effect in May 2018. By doing so, ICO wants to aim for a unified data protection for all web users in European Union. Note- GDPR allows web users to export their data and delete it as per their choice.

Data collection

Data collection Data privacy Data breaches Software

Expanded New York Data Privacy Laws Loom in 2021

SecureWorld News

JANUARY 26, 2021

As part of the 2021 State of the State address, Governor Andrew Cuomo announced a comprehensive law that "will provide New Yorkers with transparency and control over their personal data and provide new privacy protections.". New York has already had laws on the books related to data security. It failed to progress in either sessions.

Data privacy

Data privacy Data collection Data breaches Cybersecurity

Consumer privacy reaches the U.S. with the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 30, 2018

On the heels of the sweeping Global Data Protection Regulation (GDPR) that took effect on May 25, 2018, the state of California moved quickly, passing its version of a consumer privacy law a month later, on June 28th. Right to DELETE your data. We’ve seen these issues around data breach notification laws.

Data breaches

Data breaches Data collection Data privacy Government

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

On March 14, 2018, IBM Security announced the results of a new global study on organizational cybersecurity readiness and resiliency entitled “The 2018 Cyber Resilient Organization.” 23% of respondents say they do not currently have a CISO or security leader.

Cybersecurity

Cybersecurity Artificial Intelligence Data breaches IoT

Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

eSecurity Planet

OCTOBER 11, 2022

In the ever-evolving fight against data loss , data breaches, and data theft in the 21st century, organizations worldwide have turned to a number of cybersecurity solutions, services, and software in an attempt to keep their data safe and secure from threats. Why Use Behavioral Analytics in Cybersecurity?

Advertising

Advertising Cybersecurity DDOS Data breaches

A 10-Step GDPR Compliance Checklist to Examine Your Business

Spinone

JULY 3, 2020

and you interact with their data in any way – you fall under the GDPR. You can remember the massive story with Facebook’s misuse of customer information in 2018; other big players like British Airways and Marriott International have also suffered from €200 million and €99 million GDPR fines , respectively.

Data breaches

Data breaches Marketing Data collection Antivirus

$12m Grindr fine shows GDPR’s got teeth

Malwarebytes

JANUARY 28, 2021

The General Data Protection Regulation is a robust set of rules for data protection created by the European Union (EU), replacing much older rules from the 1990s. It was adopted in 2016 and enforcement began in 2018. Crucially, should you get your data protection wrong somewhere along the way, big fines may follow.

Advertising

Advertising Data privacy Adware Spyware

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Thales Cloud Protection & Licensing

JULY 11, 2019

Since the General Data Protection Regulation (GDPR) took effect on May 25th last year, data protection has become a very hot topic. On May 22, 2019, the European Commission published an infographic on compliance with and enforcement of the GDPR from May 2018 to May 2019 and it is clear that a lot of work still needs to be done.

Risk

Risk Encryption Accountability Government

US Democrat Bill Seeks to Enforce Privacy and Security Rights for Health Information

Hot for Security

FEBRUARY 5, 2021

As organizations deploy new tools to fight the spread of COVID-19 – including contact tracing apps, digital monitoring, home tests and vaccine appointment booking – US Democrats have introduced a bill seeking to set strong and enforceable privacy and data security rights for health information.

Data collection

Data collection Insurance Data breaches Education

Cyber Security Informer

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Trending Sources

The CPRA compliance checklist every business should follow in 2023

Meta Fined €265M for Data Leak Involving 530M Users

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Over 100,000 Hackers Exposed in Data from Top Cybercrime Forums

The end looms for Meta's behavioural advertising in Europe

The year 2020 witnessed these biggest GDPR fines

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

Protonmail hacked …. a very strange scam attempt

Secret Service Investigates Breach at U.S. Govt IT Contractor

Payment data of thousands of customers of UK and US online stores could have been compromised

Alleged FruitFly malware creator ruled incompetent to stand trial

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

Meta subsidiaries must pay $14m over misleading data collection disclosure

AON ACQUIRES CYTELLIGENCE, A LEADING INTERNATIONAL CYBER SECURITY FIRM WITH DEEP EXPERTISE IN CYBER INCIDENT RESPONSE AND DIGITAL FORENSIC INVESTIGATIONS

Colorado’s new law ups need for privacy awareness training

What happened in privacy in 2022

New ‘digital trust exchange’ removes risks of managing PII of job applicants

UK data watchdog wants to tackle cookie pop ups to protect personal data

Expanded New York Data Privacy Laws Loom in 2021

Consumer privacy reaches the U.S. with the California Consumer Privacy Act

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

A 10-Step GDPR Compliance Checklist to Examine Your Business

$12m Grindr fine shows GDPR’s got teeth

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

US Democrat Bill Seeks to Enforce Privacy and Security Rights for Health Information

Stay Connected