Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

An example of a phishing email using GDPR compliance as a lure (Source: Area 1 Security)

GDPR Compliance Used as Phishing Lure

Chinmay Rautmare • September 25, 2020

A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security.

Governance & Risk Management

Zero Standing Privilege: How to Achieve it

Latest

General Data Protection Regulation (GDPR)

Marriott Faces Another Data Breach Lawsuit

Mathew J. Schwartz • August 19, 2020

Marriott faces another lawsuit, filed in Britain, over the breach of its Starwood guest reservation system. The breach ran from 2014 to 2018 - Marriott acquired Starwood in 2016 - and exposed personal information for an estimated 7 million customers in the U.K.

COVID-19

Fraudsters Putting on the Ritz

Mathew J. Schwartz • August 17, 2020

Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data." No payment card data was exposed, it says.

COVID-19

Barclays Faces Employee Spying Probe

Mathew J. Schwartz • August 10, 2020

The U.K.'s privacy watchdog is probing banking giant Barclays over its use of employee monitoring tools after the bank in February reportedly shifted from anonymized tracking to giving managers the ability to view data for individual employees.

Account Takeover Fraud

Analysis: The Hacking of Mobile Banking App Dave

Nick Holland • July 31, 2020

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.

Breach Notification

Blackbaud's Bizarre Ransomware Attack Notification

Mathew J. Schwartz • July 31, 2020

How many different shades of bizarre is the data breach notification issued by software vendor Blackbaud? Over the course of three paragraphs, Blackbaud normalizes hacking, congratulates its amazing cybersecurity team, and says it cares so much for its customers that it paid a ransom to attackers.

Breach Notification

Questions Persist About Ransomware Attack on Blackbaud

Mathew J. Schwartz • July 30, 2020

Numerous unanswered questions persist concerning a ransomware outbreak at Blackbaud, which provides cloud-based marketing, fundraising and customer relationship management software used by thousands of charities, universities, healthcare organizations and others.

Cybercrime

Yet Again, Vulnerabilities Found in a Router

Jeremy Kirk • July 14, 2020

It's common for security researchers to be ignored when reporting a software vulnerability. The latest example - vulnerabilities found by Independent Security Evaluators in a router made by China-based Tenda.

COVID-19

Analysis: Monitoring the Risks Posed by Remote Workers

Nick Holland • July 10, 2020

The latest edition of the ISMG Security Report analyzes the surge in the use of employee monitoring tools for the increasingly remote workforce. Also featured: Discussions about IoT security guidelines and CCPA compliance requirements.

CCPA

CCPA Enforcement: What to Expect Now

Anna Delaney • July 8, 2020

Attorney Sadia Mirza, offers an update on the July 1 California Consumer Privacy Act enforcement and what security and privacy professionals should expect over the next few months.

Cybercrime as-a-service

Analysis: Why Ransomware Gangs Getting Bigger Payoffs

Anna Delaney • August 21, 2020

The latest edition of the ISMG Security Report analyzes why ransomware gangs continue to see bigger payoffs from their ransom-paying victims. Also featured: Lessons learned from Twitter hacking response; security flaw in Amazon's Alexa.

COVID-19

Pandemic Impact: How Will Data Breaches Evolve?

Mathew J. Schwartz • August 5, 2020

Will the COVID-19 pandemic lead to a spike in the number of reported data breaches? Not necessarily, says cybersecurity expert Brian Honan. But he says that the rush to adopt cloud-based services and expanded remote services might change the types of breaches being reported.

General Data Protection Regulation (GDPR)

GDPR Two Years On: Compliance Lessons Learned

Anna Delaney • July 29, 2020

Now that it's been two years since enforcement of the European Union's General Data Protection Regulation began, three attorneys - Kelsey Finch, Jonathan Armstrong and David Dumont - reflect on the lessons learned so far and the compliance gaps that still need to be addressed.