Cyber attacks and data breaches in review: August 2020

August was the third leakiest month of the year so far, with a massive 99 recorded data breaches and cyber attacks. But, by contrast, only 36,673,575 records were confirmed to have been leaked, which is the fewest we’ve recorded since May 2018. As always, we look at some of the more notable incidents involving European organisations in this blog. County Cork woman received other … [Read more...]

How the Schrems II ruling affects your organisation

Last month, the ECJ (European Court of Justice) ruled that the EU–US Privacy Shield is no longer valid, because it failed to protect people’s rights to privacy and data protection. The framework, which was adopted in 2015 to replace Safe Harbor, is how organisations on both sides of the Atlantic were able to transfer personal data for commercial reasons. However, following criticism from the … [Read more...]

Why start-ups must prioritise cyber security

There’s a lot to consider when starting your own business, and with almost all your resources focused on recouping your investment, it’s understandable that you might not consider information security a top priority. Indeed, you might reason that spending money on defences won’t provide clear, short-term financial returns. However, the threat that cyber crime poses means it’s something you can’t … [Read more...]

European Commission launches investigation into Internet of Things devices

Last month, the European Commission launched a sector inquiry into consumer products and services that use IoT (Internet of Things) technology. The study is intended to identify potential data privacy issues and the possibility of organisations misusing information to gain a competitive advantage. Approximately 400 organisations will be asked for information about the products they sell, how … [Read more...]

GDPR enforcement on the rise across Europe

Despite the difficulties that organisations face during the COVID-19 pandemic, regulators are continuing to enforce the GDPR (General Data Protection Regulation). In the past 3 months, 46 administrative fines have been issued across the EU, accounting for almost €3 million in fines. What kinds of mistakes are leading to these penalties? Let’s take a look at some of the most notable actions that … [Read more...]

Cyber attacks and data breaches in review: July 2020

After a series of massive data breaches in May and June, which accounted for 15 billion breached records, we saw a reversion to the mean in July. By our count, 77,775,496 records were leaked in 86 incidents. As always, we delve into the more notable incidents affecting European organisations in this blog. Hackers hijack Twitter account of Russian Ministry of Foreign Affairs Criminals looking for … [Read more...]

How the GDPR affects cookie policies

Cookies are mentioned only once in the GDPR (General Data Protection Regulation), but the repercussions are significant for any organisation that uses them to track users’ browsing activity. Recital 30 of the GDPR states: Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in … [Read more...]

GDPR: When do you need to seek consent?

Under the GDPR (General Data Protection Regulation), knowing how and when you need to seek consent can be tricky. Many people mistakenly think that organisations must get consent to process personal data, but consent is one of six lawful grounds for processing data, and you’d be advised to seek it only if none of the other grounds apply. The other lawful grounds are: A contract with the … [Read more...]

Cyber attacks and data breaches in review: April 2020

Despite organisations across the globe being forced to shut down to combat coronavirus, there were still 216,141,421 breached records in April – demonstrating that cyber criminals can thrive under any circumstance. The true scale of the threat is probably even larger, given that many businesses operating with limited resources would have a much harder time detecting a security incident. As always, … [Read more...]

Is your organisation PCI DSS-compliant during the coronavirus pandemic?

Many of us have adapted well to working from home during the coronavirus pandemic, but employees responsible for handling payment card transactions won’t have had such an easy time. That’s because they’re required to perform their jobs in line with the PCI DSS (Payment Card Industry Data Security Standard), which contains a set of requirements on the technologies and processes that are used when … [Read more...]