Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Mathew J. Schwartz • September 20, 2018

Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.

General Data Protection Regulation (GDPR)

Under GDPR, Data Breach Reports in UK Have Quadrupled

Latest

Electronic / Mobile Payments Fraud

Equifax Breach: Key Lessons Learned

Nick Holland • September 14, 2018

The latest edition of the ISMG Security Report features an analysis of a new Government Accountability Office report on the causes of last year's massive Equifax breach. Also: An update on the role of tokenization in protecting payments.

Cybercrime

RiskIQ: British Airways Breach Ties to Cybercrime Group

Mathew J. Schwartz • September 11, 2018

The British Airways breach, in which up to 380,000 website and mobile users' payment card details were stolen, traces to card-scraping code injected into a script on the airline's website by the cybercrime group called Magecart, says security firm RiskIQ.

Artificial Intelligence & Machine Learning

GDPR Spurs Interest in Insider Threat Prevention

Mathew J. Schwartz • September 4, 2018

The EU's General Data Protection Regulation, which has tough breach notification requirements, is spurring global interest in technologies to help prevent insider breaches, says Tony Pepper of Egress Software Technologies.

Cybercrime

Card-Skimming Malware Campaign Hits Dozens of Sites Daily

Jeremy Kirk • September 3, 2018

In the past six months, more than 7,000 sites that run Magento e-commerce software have been infected with malicious JavaScript designed to harvest customers' payment card details as they finalize their orders, a security researcher warns.

General Data Protection Regulation (GDPR)

Facebook's Security and Privacy Overhaul Comes at a Price

Mathew J. Schwartz • July 26, 2018

Facebook is making substantial investments to improve its data security and privacy practices. But the long-term cost of those investments and impact on the bottom line has spooked investors, leading to a $120 billion loss in market value on Thursday, the largest one-day loss of value for a U.S. traded company.

Breach Notification

Timehop Reveals Additional Data Compromised by Hacker

Jeremy Kirk • July 16, 2018

Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.

Compliance

Analysis: California's Groundbreaking Privacy Law

Nick Holland • July 13, 2018

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.

Data Security

Cryptocurrency's Skyrocketing Money Laundering Problem

Nick Holland • July 6, 2018

Leading the latest edition of the ISMG Security Report: CipherTrace CEO Dave Jevans discusses recent research on cryptocurrency money laundering and whether regulation is possible. Plus, California passes a new privacy law.

Data Masking & Information Archiving

Data Classification for the Masses

Mathew J. Schwartz • July 5, 2018

In the age of GDPR, more organizations are looking to data classification - including more automated techniques for doing so - as a way to not only help them protect their crown jewels, but in the case of a breach quickly identify what went missing, says Digital Guardian's Tony Themelis.

3rd Party Risk Management

What Apps Are Peeking Into Your Gmail?

Jeremy Kirk • July 5, 2018

Google says it closely vets third-party party applications that peek into Gmail boxes. But an investigation by the Wall Street Journal raises questions if consumers are fully aware of the consequences of granting access to third-party apps and the practices of email-scanning companies.

Cyberwarfare / Nation-state attacks

Austerity Bites Critical National Infrastructure Security

Mathew J. Schwartz • July 3, 2018

Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.

Big Data Security Analytics

Facial Recognition: Big Trouble With Big Data Biometrics

Mathew J. Schwartz • July 3, 2018

Numerous technology firms now offer facial biometrics recognition search tools for big data sets. But information security expert Alan Woodward warns that these big data sets must be "considered and regulated very heavily" or else we'll be "living in 1984 without knowing it."