Microsoft suffers data breach affecting webmail accounts

Microsoft has confirmed that a number of its email services have been breached, with users’ email content potentially exposed.  The tech giant noted in its incident statement on 12 April that the criminal hackers could have viewed email addresses, folder names and email subject lines, but … [Read more...]

Potential data breach under investigation at University Hospital Galway

Saolta University Health Care Group is investigating a potential data breach at UHG (University Hospital Galway) after scam letters were sent to patients’ home addresses.   The letters, from an organisation calling itself The Anglo America Lottery, informed recipients that they had won a significant prize in the ‘Hospital Sick Patient Lottery … [Read more...]

GDPR non-compliance costs data analytics company €220,000

Bisnode, a Swedish data analytics company with a base in Poland, has been hit with a €220,000 (PLN 944,470) fine from Poland’s data protection authority, UODO. The fine was issued after Bisnode failed to inform millions of people that it was processing their data, denying them the opportunity to object to the processing, and the right to rectification or erasure of their details, as noted in … [Read more...]

Norsk Hydro hit by “severe” cyber attack

Aluminium manufacturing giant Norsk Hydro was forced to switch to manual operations following a “severe” ransomware attack on Monday, 18 March.  The Norway-based company, which employs more than 35,000 people in 40 countries, was reportedly hit with ransomware known as LockerGoga.  Several of its plants around the world … [Read more...]

List of Data Breaches in 2018 – Infographic

It’s hard to forget the hype associated with the GDPR (General Data Protection Regulation) taking effect on 25 May 2018.   The Regulation expands individuals’ control over how their personal data is collected and processed, and places a range of new obligations on organisations to be more … [Read more...]

Dublin’s tram service website taken offline after being held to ransom

Luas, Dublin’s tram service, has taken its website offline after a criminal hacker hijacked the site and left a ransom demand. The crook claims to have breached Luas’s systems and has threatened to publish its customers’ data if the organisation doesn’t pay 1 bitcoin (about €3,375) in the next five days. Luas hasn’t confirmed any details at the time of writing (including whether it’s … [Read more...]

Facebook facing investigation and fine of up to $1.6 billion over data breach

On Tuesday, 25 September, Facebook discovered a major data breach that gave criminal hackers the ability to take over user accounts.   50 million Facebook users worldwide may be impacted by the breach, including about 5 million European accounts.  The Irish DPC (Data Protection Commission) has opened a formal investigation, which could result in Facebook being fined up to $1.63 billion (about … [Read more...]

PCI DSS: The importance of penetration testing

Often, organisations rely on vulnerability scans to identify their weaknesses. They are told that vulnerability scanning is as good as penetration testing and that it will be enough to meet the compliance requirements of the PCI DSS (Payment Card Industry Data Security Standard).  However, scanning and testing perform two different jobs, and the PCI DSS mandates that you conduct both on a regular … [Read more...]

Facebook data breach: what you need to know

On the afternoon of Friday, 28 September, Facebook announced that 50 million Facebook accounts had been breached.   What happened?  Facebook’s Vice President of Product Management, Guy Rosen, announced that the security breach affected 50 million users.   It is believed the attackers exploited a vulnerability in Facebook’s code involving the “View As” feature, which allows people … [Read more...]

Pros and cons of penetration testing

Cyber attacks are costly to any organisation. They can cripple systems, lead to large fines and cause reputational damage. Performing an internal penetration test can help safeguard your organisation and its network.   Penetration testing is globally acknowledged as an important part of cyber security, but, like any security mechanism, it’s not perfect.   Below is an outline of the pros and cons … [Read more...]