Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Instagram Investigated for Exposure of Minors' Details

Jeremy Kirk • October 19, 2020

Ireland's Data Protection Commissioner has launched an investigation into whether Facebook's Instagram service improperly displayed the email addresses and phone numbers of minors on its platform. Facebook, Instagram's owner, could face a GDPR fine if it's found to have violated privacy requirements.

General Data Protection Regulation (GDPR)

Pandemic Impact: How Will Data Breaches Evolve?

Latest

Application Security

Behavioral Biometrics: The Next Generation

Tom Field • October 19, 2020

Behavioral biometrics have evolved, and Michael Yeardley of LexisNexis Risk Solutions says the new generation of controls can not only identify the bad guy - but also "the really clever bad guy." He explains how.

Account Takeover Fraud

Cybercrime: 12 Top Tactics and Trends

Mathew J. Schwartz • October 13, 2020

Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.

Digital Identity

Analysis: Why Regulators Got Tough With H&M

Anna Delaney • October 9, 2020

The latest edition of the ISMG Security Report analyzes why clothing retailer H&M was hit with a hefty fine for violating the EU's General Data Protection Rule. Also featured: The coming of age of digital identities; deputy CSO at Mastercard on top priorities for 2021.

Breach Notification

Breach of COVID-19 Test Data Undermines Pandemic Response

Mathew J. Schwartz • September 15, 2020

What's one of the worst things that can happen during a pandemic? The answer is anything that gives people less reason to trust in their public health system to handle the crisis. Enter a data breach that has exposed personal information for everyone who's ever tested positive for the disease in Wales.

COVID-19

Fraudsters Putting on the Ritz

Mathew J. Schwartz • August 17, 2020

Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data." No payment card data was exposed, it says.

Account Takeover Fraud

Analysis: The Hacking of Mobile Banking App Dave

Nick Holland • July 31, 2020

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.

Breach Notification

Blackbaud's Bizarre Ransomware Attack Notification

Mathew J. Schwartz • July 31, 2020

How many different shades of bizarre is the data breach notification issued by software vendor Blackbaud? Over the course of three paragraphs, Blackbaud normalizes hacking, congratulates its amazing cybersecurity team, and says it cares so much for its customers that it paid a ransom to attackers.

Breach Notification

Questions Persist About Ransomware Attack on Blackbaud

Mathew J. Schwartz • July 30, 2020

Numerous unanswered questions persist concerning a ransomware outbreak at Blackbaud, which provides cloud-based marketing, fundraising and customer relationship management software used by thousands of charities, universities, healthcare organizations and others.

Critical Infrastructure Security

Analysis: The Significance of Russian Hackers' Indictment

Anna Delaney • October 23, 2020

The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.

Fraud Management & Cybercrime

OnDemand | How AI Reduces Acquirer Fraud and Merchant Risk

Information Security Media Group • October 16, 2020

View this video OnDemand and learn about reducing acquirer fraud alerts and increasing accuracy.

Fraud Management & Cybercrime

OnDemand | Worldpay's Customer Journey

Information Security Media Group • October 16, 2020

View this video OnDemand and learn the advantages of AI over rules-based monitoring platforms.

Digital Identity

Digital Risk Protection: How to Reduce Breach Damage

Tom Field • October 8, 2020

When it comes to a breach and exposed data, a Digital Risk Protection program represents a way to reduce the potential damage. Tyler Carbone of Terbium Labs outlines the essential elements and use cases of a mature DRP program.