Tag: gdpr
108 articles

Miinto Breach Exposes Customer Order Data to Unauthorized Access
Miinto recently suffered a data breach, allowing unauthorized access to its internal order management system, potentially exposing your order data. The company has notified affected customers and taken steps to address the issue, reporting it to the police and relevant data protection authorities.

NHS Targets Unauthorized Data Access with New Staff Guidance
The NHS is cracking down on staff who snoop through patient records, warning that such behavior is a disgraceful breach of trust and against the law. A new awareness campaign and guidance have been launched to prevent unauthorized data access and protect patient confidentiality.

EU Parliament Paves Way for Chat Control Reintroduction
The EU Parliament's move to revive Chat Control, despite opposition from most MEPs, has sparked concerns about democracy and mass surveillance. This development has left many questioning the integrity of the process.

Pegasus Spyware Targets European Parliament Investigator
In a shocking twist, a member of the European Parliament's PEGA Committee, Stelios Kouloglou, was targeted with the notorious Pegasus spyware - the very same spyware his committee is investigating. This brazen move raises serious concerns about surveillance and accountability.

Rights Groups Warn UK Over Biased AI Age Estimator for Asylum Seekers
Sixty-two leading rights organisations, including Amnesty International and Human Rights Watch, are urging the UK government to ditch its plans to use biased AI-powered facial age estimation on asylum seekers, citing substantial concerns about its fairness and accuracy. They're demanding answers on the technology's testing, training, and safeguards before it's rolled out in 2027.

UK Privacy Watchdog Resigns Amid Poor Judgment Admission
UK Privacy Watchdog John Edwards has resigned with immediate effect, admitting his position had become untenable after being under investigation since February. He announced his decision on LinkedIn, bringing a sudden end to a months-long probe.

UK Watchdog Cautions Healthcare Worker Over Royal's Medical Records Breach
When trust in healthcare settings is broken and personal info is mishandled, swift action is taken - as seen in the ICO's recent decision to issue a formal caution to a former healthcare professional for misusing sensitive patient data. The watchdog is clear: people's personal info must be safe from exploitation.

Ukrainian Hacker Pleads Guilty in Conti Ransomware Case
Meet Oleksii Lytvynenko, a Ukrainian hacker who just pleaded guilty to his role in the notorious Conti ransomware case, which targeted over 1,000 victims worldwide and raked in a staggering $150 million in ransom payments. He's now facing up to 20 years in prison for his involvement.

WhatsApp Disrupts NSO Group's Spearphishing Campaign
WhatsApp has successfully shut down a sneaky phishing campaign by notorious spyware firm NSO Group, which tried to trick users into clicking malicious links to spy on them. The messaging giant is now asking a US court to hold NSO Group accountable for violating a ban on targeting users.

Meta Disrupts NSO Group's WhatsApp Phishing Campaign
Meta detected and blocked a sneaky WhatsApp phishing campaign linked to NSO Group, where attackers tried to trick people into clicking malicious links that led to external websites. The company also filed a contempt order against NSO for allegedly violating a court injunction by targeting WhatsApp users.

UK Water Supplier Fined $1.3M for Data Exposure Lapse
A UK water supplier has been slapped with a $1.3 million fine after a devastating cyber attack exposed the personal data of nearly 664,000 customers and employees, with sensitive information even being published on the dark web. The hefty penalty was reduced by 40% after the company admitted liability and cooperated with investigators.

Škoda Discloses Data Breach After Online Shop Hack
Škoda's online shop was recently hacked, exposing customer data after attackers exploited a vulnerability in the e-commerce software. The company has since fixed the issue, alerted authorities, and is working with a forensics team to investigate.

UK Water Firm Fines £1m for 2-Year Data Breach Alternatively: South Staffordshire Water Breach Exposes 633,000 Or: Data Regulator Fines South Staffordshire Water £1m Best option: South Staffordshire Water Hit with £1m Data Breach Fine
Proactive security is no longer a nicety, but a necessity - as South Staffordshire Water's £1m fine for a 2-year data breach exposing 633,000 individuals' personal info painfully illustrates. Waiting for a ransom note or performance issues to discover a breach simply isn't an option.

Meta Challenges Ofcom's Billion-Dollar Fine Formula
Meta is pushing back against Ofcom's hefty fine formula, calling it "disproportionate" and arguing that the regulator should ditch its practice of counting global revenue when doling out penalties. The tech giant is challenging the watchdog's approach, seeking a fairer way to calculate fines.

UK Age-Gating Plans Threaten Internet Openness, Privacy Groups Warn
Privacy groups, including EFF and Mozilla, are warning that UK age-gating plans could threaten the openness and freedom of the internet, stifling opportunities for individuals, businesses, and society as a whole. The proposed measures have sparked a joint public pushback from leading advocates for civil liberties and online rights.

Medtronic Faces Federal Lawsuits Over Recent Hack
Medtronic is facing a wave of federal lawsuits after a massive data breach exposed over 9 million records containing sensitive personal information, sparking concerns about the company's handling of customer data. The breach, attributed to the ransomware gang ShinyHunters, has left many questioning the vulnerability of medical device manufacturers to cyber threats.

UK Biobank Data Surfaces for Sale on Alibaba Amid Security Probe
UK Biobank data was mysteriously listed for sale on Alibaba, but thankfully, the listings were swiftly removed with the help of the UK and Chinese governments, and no sales were made. The sensitive data, which includes genomic information, health records, and medical imaging, had been shared with researchers but was de-identified to protect participants' identities.

EU Advances Mandatory Online Age Verification Despite Security Risks
The European Commission's recent findings have revealed that Meta failed to protect minors, with a staggering 12% of European children under 13 reportedly accessing Facebook or Instagram, sparking concerns over online safety. This has led to a push for mandatory online age verification, despite security risks.

Healthcare Sector Grapples with Rising Medical Device Cyberattacks
A staggering one in four healthcare organizations have fallen victim to cyberattacks that compromised their medical devices in the past year, posing a significant threat to patient care. This alarming trend highlights a pressing need for robust medical device cybersecurity measures to prevent delayed treatments and critical care interruptions.

Carnival Breach Exposes 7.5M Emails in Alleged ShinyHunters Hack
A massive data breach at Carnival Corporation has exposed a whopping 7.5 million emails, allegedly at the hands of the notorious ShinyHunters hack group, after failed negotiations between the two parties left customers' sensitive information vulnerable. The breach is said to have yielded terabytes of internal corporate data, sparking concerns for customers and the company behind Holland America Line.

Germany Revives ISP Data Retention Mandate Amid Privacy Concerns
Germany's government is pushing for a new law that would require internet service providers to store customer connection data for three months to help combat online crimes, sparking concerns about privacy. The proposed mandate, justified as a way to keep the digital space safe from criminals, has been approved by the national cabinet and now awaits parliamentary approval.

Rituals Discloses Data Breach Affecting Millions of Customers
Rituals recently discovered a data breach affecting millions of customers, compromising sensitive personal info like names, email addresses, and home addresses, but fortunately, no passwords or payment details were accessed. The company has since contained the incident, blocked unauthorized access, and notified authorities.

House Republicans Unveil National Data Privacy Bill
House Republicans have introduced the Secure Data Act, a groundbreaking national data privacy bill that puts Americans in control of their personal data and holds companies accountable for keeping it safe. The proposed law would give consumers the power to opt out of data collection for targeted ads, third-party sales, and automated decision-making.
Anthropic's Claude Desktop sparks EU consent concerns
Can a single app really reach into your other software without asking for permission? The surprising behavior of Anthropic's Claude Desktop for macOS is raising eyebrows and sparking concerns about consent under EU law.