dcsimg

What’s the difference between a data breach and a cyber security incident?

The information security industry is full of jargon, but luckily most terms only crop up when you’re dealing with specific, technical topics. However, there’s one common but surprisingly complex phrase that often appears without further explanation: ‘cyber security incident’.  You might assume it’s simply a euphemism for organisations that don’t want to say ‘we’ve suffered a data breach’. That’s … [Read more...]

Cyber attacks and data breaches in review: September 2019

September may have fewer data breach incidents than the previous month, but overall there was a massive 363% increase, totalling 531,596,111 breached records. This number includes a whopping 419 million data records exposed from an unknown server and brings the total breached record for the year so far to 10,331,579,614. Plenty of those breaches occurred in Europe, so let’s delve into a few of … [Read more...]

Polish data protection authority issues €645,000 fine to online retailer

Poland’s Personal Data Protection Office (UODO) this week imposed a PLN 2.8 million (€645,000) fine on online retailer Morele.net for “insufficient organisational and technical safeguards”.  The data breach affected approximately 2.2 million customers who purchased products through one of the group’s nine websites.   The extent of the data breach The leaked data included names, telephone … [Read more...]

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away. Nearly as important to an organization’s … [Read more...]

An Post notifies the Data Protection Commission of customer data breach

An Post has notified the Data Protection Commission (DPC) of a breach affecting 250 customers.   An email sent to customers about the move of the AddressPal service from one post office in Cork to another accidentally had all 250 recipients’ email addresses in the ‘To’ field rather than 249 of them being in the ‘Bcc’ (blind carbon copy) field. This meant every customer who received the … [Read more...]

Cyber attacks and data breaches in review: August 2019

A glance at the numbers this month suggests that cyber criminals, like the rest of us, enjoy their summer holidays. The 114,686,290 breached records is infinitesimal compared to last month’s total and about 10% of the monthly average. However, the figure comes from 95 incidents, which is the biggest total we’ve tracked this year. Plenty of those breaches occurred in Europe, so let’s delve into a … [Read more...]

How to write a GDPR data breach notification procedure

Documenting your GDPR compliance can be tough, but a little guidance and access to documentation templates can make things much easier.  The documentation process is one of the most important parts of GDPR (General Data Protection Regulation) compliance. What you write dictates the way you approach security and privacy, and any mistakes will set you up for failure when those documents are called … [Read more...]

GDPR – maintaining compliance and Brexit

In our final blog, GDPR – One Year On, Alice Turley examines the impact of the GDPR maintaining compliance with the Regulation, and the effect of Brexit on the Regulation.     Key messages from the DPC The Association of Compliance Officers in Ireland held a conference on 31 March 2019 focusing on data breach notifications and risk assessments. Among those speaking was Niall Cavanagh, … [Read more...]

Capital One breach exposes over 100 million credit card applications

Just as we were wrapping up the aftermath of the Equifax breach—how was that already two years ago?—we are confronted with yet another breach of about the same order of magnitude. Capital One was affected by a data breach in March. The hacker gained access to information related to credit card applications from 2005 to early 2019 for consumers and small businesses. According to the bank the … [Read more...]

Cyber attacks and data breaches in review: July 2019

July 2019 was one of the worst months ever from a cyber security perspective. With incidents like the massive breach at the Chinese tech supplier Orvibo and another leaked database filled with Evite customers’ personal details, the second half of the year began with a mammoth 2,226,042,039 breached records.  You can see a full breakdown of those breaches on our sister site, IT Governance UK. In … [Read more...]