Articles about Data Breaches

theresa_may_648

Home Office kept schtum on more than 30 data breaches last year

The Home Office suffered 33 data breaches during the last financial year – and did not report any of them to the Information Commissioner's Office (ICO) The department's annual report and accounts 2014-15 (PDF) reveals 33 "Personal Data Related Incidents" that took place in the last financial year, but were not formally …
Laurel and Hardy on the phone

Stupid humans and their EXPENSIVE DATA BREACHES

UK data breaches are increasingly being traced back to human error, despite the growing emphasis on data protection. A Freedom of Information (FOI) request to data privacy watchdogs at the Information Commissioner’s Office (ICO) revealed that a quarter of reported data breaches during the first three months of 2014 were caused …
John Leyden, 05 Dec 2014
Hacked sarcasm

Oz privacy comish says breaches could double this year

The office of Australia's Federal Privacy Commissioner has received 60 voluntary data breach notifications in the six months since 12 March compared to 71 received in the 2014 financial year. The statistics provide to Vulture South and repeated at the Australian Information Security Association conference include all manner of …
Darren Pauli, 20 Oct 2014

104 Australian orgs report breaches to privacy commissioner

Australian organisations have voluntarily submitted 104 data breach notifications over the last year, the Privacy Office says. News of the breach disclosures arrived today, the first anniversary of the country's tougher privacy policies, among reports of 4,016 privacy complaints, a 43 percent increase over the prior year. …
Darren Pauli, 12 Mar 2015
1984

Jail incompetent council folk who leak our data, thunders furious BBW

A report published today by British privacy rights group Big Brother Watch (BBW) says the scale of private data being leaked is so great that those responsible should be jailed. Between April 2011 and April 2014, local councils experienced around four data breaches a day – a total of 4,236 instances – according to figures …
Jennifer Baker, 11 Aug 2015
Gun slinger, image: Shutterstock

Thousands of 'lost data' reports mean we should ARM the ICO, says infosec bod

Infosec 2015 Thefts and losses of computers and laptops often go unreported to data privacy watchdogs and could represent a huge hidden risk for the leak of confidential data, according to new research. The Information Commissioner’s Office received 1,089 data breach reports between March 2014 and March 2015, yet police forces across the UK …
John Leyden, 02 Jun 2015

FTC gets judicial thumbs-up to SUE firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …
Neil McAllister, 12 Apr 2014

Human error to blame as UK data breach investigations surge

UK data breach investigations within the financial services industry almost trebled over the last two years, according to figures acquired via a Freedom of Information request to the Information Commissioner’s Office, with human error almost always responsible. The 183 per cent rise in reported Data Protection Act (DPA) …
John Leyden, 03 Jun 2015

ICO's data protection tentacles will penetrate NHS bodies

NHS bodies in the UK can now be forced to open themselves up to data protection audits under new powers handed to the Information Commissioner's Office (ICO). The watchdog told Out-Law.com that its audits regime follows a "participative approach" and that therefore it would first ask health bodies if they would voluntarily …
OUT-LAW.COM, 03 Feb 2015

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches. The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with …
Kelly Fiveash, 25 Jun 2013
BMW's remote parking tech

BMW: ADMEN have asked us for YOUR connected car DATA

US technology companies and advertisers have been seeking access to the data generated by sensors in so-called "connected cars", a senior figure at German car manufacturer BMW has said. Ian Robertson, BMW head of sales and marketing, said BMW had so far resisted requests to share connected car data with those businesses, …
OUT-LAW.COM, 16 Jan 2015

STILL no move by Brit data cops over Google's 2012 privacy slurp

Britain's data cops are still investigating Google's sneaky privacy policy tweak from last year, even though many of its counterparts elsewhere in Europe have already taken action against the advertising giant. On Monday, Italy's regulator warned Google that it had 18 months to comply with the Rome's demands or else face fines …
Kelly Fiveash, 22 Jul 2014

Vote now: Who can solve a problem like Ashley Madison?

Poll Avid Life Media – the owner of hookup site Ashley Madison – has weeks-old openings for a data analyst and a senior system administrator. The opportunities (noticed by Vulture-eyed Reg staffers) got us thinking about who in the wide world of tech is capable of righting the hacker-raided Tinder-for-cheaters site, which has …
John Leyden, 27 Aug 2015
gavel_judgment_channel

ICO: Private dicks broke data-protection rules when they blagged data

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act. Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully …
John Leyden, 21 Nov 2013
Our Playmobil figure innocently tweeting away at his computer

My employer, comply with data protection law? Don't think so – say 3 in 4 office drones

Less than a quarter of staff at businesses in the UK, France and Germany think their organisation fully complies with data protection laws, according to a new study. Cyber security company Sophos commissioned a survey of 1,500 office workers in the three countries and found that 77 per cent of respondents were not confident that …
OUT-LAW.COM, 03 Oct 2014
The Register breaking news

US bill would make concealing data breaches a crime

US-based companies would be required to report data breaches that threaten consumer privacy and could face stiff penalties for concealing them under federal legislation that was introduced in the Senate on Tuesday. The Personal Data Privacy and Security Act aims to set national standards for protecting the growing amount of …
Dan Goodin, 08 Jun 2011
Data breach image

Look out: That data protection watchdog can bite

Despite all the furores, calamities and Snowden-related shenanigans of recent years, the UK’s privacy watchdog remains something of a pussycat, and a lean one at that. Granted powers in April 2010 to fine firms £500,000 for breaches of the various laws it covers, the Information Commissioner’s Office (ICO) has flexed its mini- …
Tom Brewster, 26 Nov 2014
The Register breaking news

Data breaches blamed on organised crime

Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data. The latest edition of Verizon's annual data breach report also records a rise in insider threats and greater use of social engineering. Verizon worked with the US Secret Service …
John Leyden, 29 Jul 2010

Target topples CEO in latest data breach domino

The CEO of Target is the latest casualty of the big-box retailer's disastrous holiday data breach. The company said that chief exec Gregg Steinhafel would be leaving the company after 35 years,vacating both the CEO and president roles as well as his seat as chairman of the company's board of directors. Steinhafel had overseen …
Shaun Nichols, 05 May 2014
The Register breaking news

NHS Barnet reveals 187 breaches of personal data

A North London primary care trust has suffered the most personal data breaches among NHS trusts in the capital over the past three years, according to figures obtained by Guardian Healthcare. The figures showed that out of 30 trusts responding to a freedom of information (FoI) request, NHS Barnet owned up to over 20 per cent of …

Most UK privacy cock-ups are 'careless' spaffing of personal data - watchdog

Most of the data breach incidents analysed by the Information Commissioner's Office (ICO) in a three-month period earlier this year concerned errors in the way personal information was disclosed, the watchdog has said. The ICO said that it had looked at 335 data breach incidents between 1 April and 30 June 2013 and found that in …
OUT-LAW.COM, 13 Aug 2013
Double Facepalm; when one facepalm is not enough.

Don't bother telling people if you lose their data, say Euro bods

Analysis Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU's Council of Ministers backed the plans as part of a wider partial agreement reached last week on reforms to EU data …
OUT-LAW.COM, 15 Oct 2014
The Register breaking news

Credit report resellers settle charges over data breaches

Three resellers of credit information have settled federal charges they didn't do enough to prevent security breaches that exposed sensitive consumer information to hackers. The companies – Washington state-based ACRAnet Inc. and SettlementOne Credit Corporation and Statewide Credit Services of California – have agreed to …
Dan Goodin, 08 Feb 2011
The Register breaking news

ICO 'too scared' to clobber press for data breaches

A senior investigator for the Information Commissioner's Office has told the Leveson inquiry he was warned off pursuing the press for data breaches by his bosses. Alexander Owen, also a former police officer, had been looking into possible breaches of the Data Protection Act by a south London private investigation agency when he …
The Register breaking news

UK.gov coughed over £2 MEELLION in data breach fines in the past year

The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector. A Freedom of Information (FOI) request to the Information Commissioner’s …
John Leyden, 25 Apr 2013

Miscreants rummage in lawyers' silky drawers at will, despite warnings

UK data privacy watchdogs at the ICO investigated 173 UK law firms for reported breaches of the Data Protection Act (DPA) last year. A total of 187 incidents were recorded last year, with 173 firms investigated for a variety of DPA-related incidents, of which 29 per cent related to "security" and a similar 26 per cent related to …
John Leyden, 16 Apr 2015
New York City's Manhattan skyline

New York side-eyes California's hack attack laws: I'll have what she's having

New York's attorney general is asking the state to set new rules requiring companies to confess when they've been hacked. The Big Apple's AG Eric Schneiderman said that he is going to ask the state to force organizations to disclose the loss of customer user names, passwords and security question answers as part of its …
Shaun Nichols, 15 Jan 2015
Hack the planet

Verizon to world: STOP opening dodgy phishing emails, FOOLS

Phishing and web app security problems remain the most common way for hackers to gain access to sensitive information, according to US telco giant Verizon. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, the latest edition of Verizon’s annual Data Breach …
John Leyden, 14 Apr 2015
Internet of Things

When THINGS attack! Defending data centres from IoT device-krieg

When good fridges turn bad. It may sound like science fiction, but security experts are warning that the growing prevalence of interconnected “thingbots” is opening up businesses to all sorts of bother. Security-as-a-Service provider Proofpoint warned recently that more than 750,000 Phishing and SPAM Emails had been launched …
Rachel Willcox, 27 Apr 2015
The European flag

New EU rules: Telco only SOMETIMES has to tell you it spaffed your data

New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU's Regulation on the notification of personal data breaches (7-page/756KB PDF) applies to all providers of publicly …
OUT-LAW.COM, 02 Sep 2013
NHS Files on a desk

GP surgeries MUST DO BETTER on data handling, says ICO

A number of GP surgeries in England allowed their employees to have unrestricted internet access - thereby increasing the risk of data being leaked, hacked and targeted by viruses, Britain's information watchdog warned today. Officials from the Information Commissioner's Office visited 24 GP practices between April and November …
Kelly Fiveash, 28 Jan 2014

Hackers hid Carphone Warehouse breach with DDoS smokescreen – report

Hackers reportedly swamped Carphone Warehouse with junk traffic as a smokescreen, before breaking into systems and stealing the personal details of 2.4m customers. Up to 90,000 customers may also have had their encrypted credit card details accessed, the UK-based mobile phone reseller admitted at the weekend. Customers with …
John Leyden, 11 Aug 2015
The Register breaking news

UK data-blurt cockups soared 1,000 PER CENT over last five years

The number of times Brits' sensitive data has been lost or leaked in the UK has risen 1,000 per cent over the past five years. Councils recorded the biggest increase in breaches of data protection law, according to figures obtained by a Freedom of Information Act request. The stats from the Information Commissioner’s Office (ICO …
John Leyden, 30 Aug 2012
The Register breaking news

Got a data security policy? Chances are your IT bods don't know it

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers' current data security policies, according to a …
OUT-LAW.COM, 27 Sep 2012
The Register breaking news

Hotelier faces FTC data breach lawsuit

“Repeated failures” to protect customer data have led the FTC to file a data breach lawsuit against hotel operator Wyndham Worldwide, whose brands include Ramada Days Inn, Travelodge, Super 8 and Howard Johnson. According to Reuters, the US regulator alleges that Wyndham’s slack security “led to hundreds of thousands of …
FBI badge and gun

'White hats don't want to work for us' moans understaffed FBI

The Federal Bureau of Investigation is struggling to hire computer scientists, according to a Department of Justice audit of the feeb's attempts to implement its Next Generation Cyber Initiative. A 34-page audit report (PDF) from the DoJ notes that, while making considerable progress, the FBI has "encountered challenges in …
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015
Syrian Electronic Army

Armchair cyber-army vandalizes Uncle Sam's Army.mil website

The elusive hacking group calling itself the Syrian Electronic Army (SEA) has claimed it is behind the defacement of US military websites on Monday. Among the messages injected into the US Army homepage was one stating, "Your commanders admit they are training the people they have sent you to die fighting." True to form, the …
Neil McAllister, 08 Jun 2015
Disney's Beagle Boys

Glad you're not on the Anthem hacker hit list? Not so fast – millions more affected

US health insurer Anthem now says that the recent security breach that exposed the personal data of tens of millions of its customers also affected people who never did business with the firm. That's because Anthem's database included data not just for customers of Anthem-run Blue Cross Blue Shield healthcare plans, but also for …
Neil McAllister, 24 Feb 2015
Ice cream

Ice cream headache as black hat hacks sack Dairy Queen

Ice cream mogul Dairy Queen appears to have been breached with hackers likely stealing credit cards from some of its many US stores. The chilling news comes from sources within the US banking sector who separately told cyber-crime prober Brian Krebs that fraudulent transactions on credit cards appeared to have stemmed from a …
Darren Pauli, 29 Aug 2014

Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords

Updated Islamic State's frothing fanatics have leaked online what they claim to be the email addresses and plaintext passwords of 1,500 American military personnel – including CIA staff. The details include full names, email addresses, unencrypted passwords, ZIP codes, places of work, and telephone numbers. They come in a format that …
Kieren McCarthy, 12 Aug 2015
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013

LastPass got hacked: Change your master password NOW

Password-storing cloud biz LastPass is urging its users to change their master passwords after hackers broke into its network at the end of last week. The intrusion reportedly happened on Friday afternoon, but many LastPass users are only learning about it now. LastPass last had a security scare in 2011. "In our investigation, …
Neil McAllister, 15 Jun 2015

If hackers can spy on you all then so should we – US Senator logic

Following the cyber-attack during which dossiers on four million US government employees were stolen from Uncle Sam's servers, staggering out of the smoldering blast crater is Senator Richard Burr (R-NC). And he's not happy. In his soot-covered hand is a copy of the Cybersecurity Information Sharing Act (CISA), and this week, he …
Iain Thomson, 11 Jun 2015
The Register breaking news

Regulator gets power to fine for data breaches

The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act. The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or …
John Oates, 09 May 2008
The Register breaking news

Slapdash staff blamed for third of UK's data leak balls-ups

Careless workers and sloppy contractors caused more than a third of biz data breaches last year, proving that crap staff pose the biggest risk to organisations. An annual study of data cock-ups found that the average cost of a breach in the UK decreased from £1.9 million in 2010 to £1.75 million in 2011. Improved security to …
John Leyden, 21 Mar 2012
bug on keyboard

Cyber hostage-takers SCAMMED six times as many people last year

Malware-powered frauds that lock up victims' computers - or worse yet, encrypt files and force them to pay a fee to unlock their information - increased by 500 per cent during 2013, according to a study by Symantec. Symantec's latest global Internet Security Threat Report also revealed that targeted attack campaigns for the …
John Leyden, 09 Apr 2014
balaclava_thief_burglar

Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt

Facebook's security bods routinely trawl public "paste" sites for email addresses and passwords stolen from its users, as part of an effort to outfox wrongdoers trying to hack into personal data on the free content ad network. However, the Mark Zuckerberg-run company was at pains to point out that the data-slurping battle with …
Kelly Fiveash, 18 Oct 2014

ICO on beefed-up EU privacy rules: Biz bods will need 'explicit consent' to slurp data

Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner's Office (ICO) has said. In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the …
OUT-LAW.COM, 04 Nov 2013
The Register breaking news

Health minister asks elderly patients what they think of data-sharing

The NHS turned 65 today, which has led to some quarters drawing an unfavourable analogy between the health service and a patient who has just reached retirement age. It may be an irritating bit of anthropomorphism to describe the taxpayer-funded body as a living, breathing thing, but it doesn't stop ministers from questioning …
Kelly Fiveash, 05 Jul 2013