dcsimg

Cyber attacks and data breaches in review: September 2019

September may have fewer data breach incidents than the previous month, but overall there was a massive 363% increase, totalling 531,596,111 breached records. This number includes a whopping 419 million data records exposed from an unknown server and brings the total breached record for the year so far to 10,331,579,614. Plenty of those breaches occurred in Europe, so let’s delve into a few of … [Read more...]

Polish data protection authority issues €645,000 fine to online retailer

Poland’s Personal Data Protection Office (UODO) this week imposed a PLN 2.8 million (€645,000) fine on online retailer Morele.net for “insufficient organisational and technical safeguards”.  The data breach affected approximately 2.2 million customers who purchased products through one of the group’s nine websites.   The extent of the data breach The leaked data included names, telephone … [Read more...]

An Post notifies the Data Protection Commission of customer data breach

An Post has notified the Data Protection Commission (DPC) of a breach affecting 250 customers.   An email sent to customers about the move of the AddressPal service from one post office in Cork to another accidentally had all 250 recipients’ email addresses in the ‘To’ field rather than 249 of them being in the ‘Bcc’ (blind carbon copy) field. This meant every customer who received the … [Read more...]

Cyber attacks and data breaches in review: August 2019

A glance at the numbers this month suggests that cyber criminals, like the rest of us, enjoy their summer holidays. The 114,686,290 breached records is infinitesimal compared to last month’s total and about 10% of the monthly average. However, the figure comes from 95 incidents, which is the biggest total we’ve tracked this year. Plenty of those breaches occurred in Europe, so let’s delve into a … [Read more...]

How to write a GDPR data breach notification procedure

Documenting your GDPR compliance can be tough, but a little guidance and access to documentation templates can make things much easier.  The documentation process is one of the most important parts of GDPR (General Data Protection Regulation) compliance. What you write dictates the way you approach security and privacy, and any mistakes will set you up for failure when those documents are called … [Read more...]

GDPR – maintaining compliance and Brexit

In our final blog, GDPR – One Year On, Alice Turley examines the impact of the GDPR maintaining compliance with the Regulation, and the effect of Brexit on the Regulation.     Key messages from the DPC The Association of Compliance Officers in Ireland held a conference on 31 March 2019 focusing on data breach notifications and risk assessments. Among those speaking was Niall Cavanagh, … [Read more...]

Cyber attacks and data breaches in review: July 2019

July 2019 was one of the worst months ever from a cyber security perspective. With incidents like the massive breach at the Chinese tech supplier Orvibo and another leaked database filled with Evite customers’ personal details, the second half of the year began with a mammoth 2,226,042,039 breached records.  You can see a full breakdown of those breaches on our sister site, IT Governance UK. In … [Read more...]

Data breach costs Netherlands hospital €460,000

Haga Hospital, based in the Netherlands, was this week fined €460,000 by the Dutch data protection authority (AP) for breaching the GDPR (General Data Protection Regulation).   Haga was investigated by the AP after 85 hospital employees had access to the medical records of Samantha de Jong, AKA Barbie, a well–known Dutch reality TV star.   In addition to the fine, Haga must improve the … [Read more...]

Microsoft OneNote audio note phishing scam

Phishing is a constant threat for organisations and individuals alike. The scam, which involves sending emails that masquerade as legitimate organisations to fraudulently obtain sensitive information, targets hundreds of millions of organisations and people daily.   Microsoft OneNote users are the latest target of a phishing scam. An email entitled “New Audio Note Received” is purportedly sent … [Read more...]

Apple hit with third DPC enquiry

Ireland’s DPC (Data Protection Commissioner) has launched a third investigation into Apple’s GDPR (General Data Protection Regulation) compliance.  The investigation will examine the tech giant’s compliance with the relevant GDPR provisions in relation to a customer’s DSAR (data subject access request). It follows two investigations opened last year into Apple’s processing of personal data and … [Read more...]