16/05/20 GDPR Community Round-Up

Here’s a round-up of interesting reading we found online today*;

• Mysterious data breach called 'db8151dd' exposed email, physical address and job titles of 22 million people - but no one knows exactly where the records came from. A public server contained more than 100 million records on 22 million people. Data included full names, email addresses, phone numbers, job titles and more. Security researchers were unable to find the source of the breach. Expert Troy Hunt hypothesizes the data was from a customer management system.

• Norway's state-owned investment fund Norfund has halted all payments after losing $10m in an "advanced data breach." Norfund is a private equity company established by the Norwegian Storting in 1997 and owned by the Norwegian Ministry of Foreign Affairs. The fund receives its investment capital from the state budget and is the largest sovereign wealth fund in the world.

• Zynga, developer of popular mobile games Words with Friends and Draw Something, is the target of a proposed class-action lawsuit filed by FeganScott on behalf of players affected by a data breach. Words with Friends Developer, Zynga, Sued Over User Data Breach, Law Firm FeganScott Announces.

• D.C. Amends Data Breach Notification Law, Adds Security Requirements. At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take effect by June 13, 2020.

• Good blog post on Security Boulevard - The Definitive Cyber Security Statistics Guide for 2020. Cyber-attacks continue to grow in both numbers and ferocity, 2019 was just a sign of the things to come. Here’s your list of 122 of the most current cybersecurity industry, cyber attack, and data breach statistics for 2020 and beyond.

• Workplace Body Temperature Devices Raise Privacy Concerns. As U.S. companies start implementing return-to-work plans, many are considering whether to use no-contact temperature-taking devices. The federal government has recognized that taking temperatures is a step that companies can take to mitigate the risk of spreading the coronavirus.

• Stop & Shop announced today that it recently discovered a potential data security issue at five store locations in New Jersey, Connecticut and Massachusetts. Illegal skimming devices known as “shimmers” were identified as part of routine security scans at these locations.

• Calian Awarded Cyber Security Defence Contract Valued at $22M. Calian Group Ltd. (TSX: CGY) has successfully recompeted for a contract award to provide expanded cybersecurity and informatics services to the Department of National Defence (DND). Under the contract award, Calian will continue to provide consulting services to support DND’s information and cybersecurity initiatives. The Company was awarded additional services in the areas of project management, change management, network security, IT security vulnerability assessments, IT security system operations, and incident management.

• The Lack of Women in Cybersecurity Leaves the Online World at Greater Risk. Women are underrepresented in technology fields, but especially so in cybersecurity. It's not just a matter of fairness. Women are better than men at key aspects of keeping the internet safe.

• Great post on Tripwire by great researcher Graham Cluley worth a read "The top 10 most-targeted security vulnerabilities – despite patches having been available for years".

• Data privacy: connected vehicles are not the same as smartphones. ACEA, the European Automobile Manufacturers’ Association, says the guidelines on personal data relating to connected vehicles, drafted by the European Data Protection Board (EDPB), are too broad in scope and not robust enough. ACEA asks the EDPB to postpone the publication of the guidelines until the content of the new ePrivacy Regulation is known with certainty.

• What to Watch for in Federal Data Privacy Legislation. A draft of federal data privacy and security bill takes into consideration leading practices for the states and those abroad.

• Vint Cerf suggests GDPR could hurt coronavirus vaccine development. TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. Essay on the role of the internet during plague times also suggests online schooling may not be the finished article.

• Recent research conducted with 2,000 Brits found that one in 10 don’t believe that they are GDPR compliant whilst working from home.

• EU will continue to call shots, new EACA president warns UK agencies. UK business will continue to be dominated by decisions made in the European Union, regardless of the intentions of the Conservative government, the new president of the European Association of Communications Agencies has said.

*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.