Here’s a round-up of interesting reading we found online today*;
Financial trading and spread betting service provider City Index has informed users of a breach of their personal data, including names, dates of birth, gender and bank details. In a notification sent to users on May 8, City Index said that its network “was accessed by an unauthorized third party and client personal data may have been viewed.” Upon discovering the incident, it said it “shut down access to the server concerned and launched a full forensic investigation.”
Circa 50% of organisations reported to ICO for data breaches post-GDPR The company, Apricorn announced the findings of its annual survey examining attitudes towards data breaches. Almost half (43%) of those IT decision-makers questioned said that their organisation has been reported to the Information Commissioner's Office (ICO) since the European Union's General Data Protection Regulation (GDPR) came into effect.
79% of Organizations Have Experienced an Identity-Related Security Breach in the Last Two Years According to New Identity Defined Security Alliance Study7. The Identity Defined Security Alliance (IDSA), an industry alliance that helps organizations leverage existing cybersecurity investments to establish a stronger security posture, today released a study titled, “Identity Security: A Work in Progress,” which is based on an online survey of 502 IT security and identity decision-makers. The report highlights trends in identity-related security and what forward-thinking companies are doing differently to reduce the risk of a breach.
Details of Pakistani mobile subscribers have surfaced online after a hacker tried to sell the package for 300 bitcoins equivalent to $2.1 million. The data leak exposed personally identifiable information (PII) for 115 million subscribers. The exposure took place in two subsequent breaches that exposed the details of 44 million and 55 million subscribers, respectively. None of the affected mobile service providers has acknowledged any data breach on their servers. There is an ongoing investigation by cybersecurity services in Pakistan to establish the source of the leak.
A cybercrime store is selling access to more than 43,000 hacked servers The MagBo portal provides access to hacked servers, with some belonging to local and state government, hospitals, and financial organizations.
Pakistan’s Ministry of Information Technology and Telecommunication recently introduced a new draft of Pakistan’s Personal Data Protection Bill, 2020 (the “Bill”) and launched a public consultation regarding the same. The public consultation period will end on May 15, 2020.
Interesting blog post "The Problem with Automating Data Privacy Technology Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA".
Update on Singaporean data protection law. In case of a data breach, organisations may soon be slapped with fines of up to 10 per cent of their annual gross turnover, or $1 million, whichever is higher, if proposed amendments to Singapore's Personal Data Protection Act go through.
The European Commission is examining Hungary’s emergency regime, including government decrees affecting the country’s labour code and the application of the GDPR, Vera Jourová told the European Parliament on Thursday (14 May). “The Commission is monitoring the situation in all states, but in case of Hungary, I can reveal to you today that I have daily reports,” Commission Vice-President Jourová told MEPs, adding that she is aware of the “two people who were detained in relation to spreading so-called fake news.”
Following reports on Thursday morning that a staff member from Service New South Wales government clicked on a suspicious link from an email. They have confirmed they were the target of a malicious phishing attack. "This investigation subsequently identified the email accounts of 47 Service NSW Staff members were illegally accessed."
Interesting Blog post "An Ongoing Problem: Germany’s Protection of Foreigners’ Communication Abroad"
*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.