dcsimg

Data breach costs Netherlands hospital €460,000

Haga Hospital, based in the Netherlands, was this week fined €460,000 by the Dutch data protection authority (AP) for breaching the GDPR (General Data Protection Regulation).   Haga was investigated by the AP after 85 hospital employees had access to the medical records of Samantha de Jong, AKA Barbie, a well–known Dutch reality TV star.   In addition to the fine, Haga must improve the … [Read more...]

British Airways fine could be the start of GDPR tidal wave

Earlier this week, the ICO (Information Commissioner’s Office), the UK’s data protection authority, announced that it would be fining British Airways £183.4 million (about €204 million) for a data breach that occurred last year.  The incident, which affected 500,000 customers, involved a sophisticated attack in which criminals diverted traffic from British Airways’ website to a bogus replica, … [Read more...]

From pandemonium to fines – a review of GDPR enforcement in Europe

Do you remember the Y2K bug in the run-up to the new millennium? Warnings that computer systems and networks would stop functioning on 1 January 2000 led to panic and pandemonium as people prepared for its impact.   In some ways, the introduction of the GDPR (General Data Protection Regulation) was reminiscent of the Y2K scare.  Despite the two-year transition period, a lot of organisations left … [Read more...]

List of data breaches and cyber attacks by region: May 2019

You might have noted that data breaches happen a lot. We post about incidents as often as we can, but it’s practically impossible to keep up.  That’s why we’ve decided to start compiling a monthly list of incidents from stories reported around the globe.  In our inaugural list, we look back at May 2019, in which there were at least 79 reported data breaches.  If we’ve missed anything, let us know … [Read more...]

Helen Dixon reappointed as Ireland’s Data Protection Commissioner for a second term

Helen Dixon has been reappointed as DPC (Data Protection Commissioner) until 2024 following government approval.   Announcing the decision, Charlie Flanagan, Minister for Justice and Equality, said: “Helen is internationally well regarded for her expertise in this area. This is a very important role as Ireland’s Data Protection Commission is the EU’s lead regulator for the many multinational … [Read more...]

DPC launches investigation into Google Ireland

Ireland’s DPC (Data Protection Commission) has launched a statutory enquiry into how Google Ireland processes data for the purpose of advertising.  The probe is the result of a number of submissions to the DPC, including those made by Dr Johnny Ryan, Chief Policy & Industry Relations Officer for Brave, a privacy-focused web browser.   Dr Ryan’s submissions reveal that Google’s … [Read more...]

Burger King data breach potentially exposed the data of thousands of children

Kool King, an online shop owned by Burger King, had thousands of customer records exposed through an unsecured database, which was discovered last week.  The website allows customers who purchase from the children’s menu in Burger King, France to access content, including games, films and activities, after creating a profile on the platform.   The breached database, which potentially contained the … [Read more...]

Ireland’s DPC investigates Facebook over password breach

Ireland’s DPC (Data Protection Commission) has launched a statutory inquiry into Facebook following the disclosure of a data breach affecting millions of users.  The social media giant announced in March that a routine security review at the beginning of the year found millions of user passwords stored in plaintext on … [Read more...]

Hospital patients’ medical notes found on Drogheda estate

Hospital notes on patients who attended Our Lady of Lourdes Hospital in Drogheda, Co. Louth were discovered on a housing estate earlier this week.  The doctor handover notes, detailing the dates of birth, family situations, medical conditions and hospital wards attended of ten patients who visited the hospital’s emergency … [Read more...]

GDPR non-compliance costs data analytics company €220,000

Bisnode, a Swedish data analytics company with a base in Poland, has been hit with a €220,000 (PLN 944,470) fine from Poland’s data protection authority, UODO. The fine was issued after Bisnode failed to inform millions of people that it was processing their data, denying them the opportunity to object to the processing, and the right to rectification or erasure of their details, as noted in … [Read more...]