Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Authorities in the Netherlands have smacked Haga Hospital with a GDPR fine.

Patient Record Snooping Incident Leads to GDPR Fine

Marianne Kolbasuk McGee • July 18, 2019

Authorities in the Netherlands recently levied a $516,000 fine under the General Data Protection Regulation against a hospital in the Hague in connection with a data breach involving "dozens" of staffers who snooped on the electronic medical records of a celebrity.

Active Defense & Deception

8 Takeaways: European Data Protection Summit

Latest

Application Security

Security Flaw Exposed Valid Airline Boarding Passes

Mathew J. Schwartz • July 16, 2019

A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.

Artificial Intelligence & Machine Learning

Leak Confirms Google Speakers Often Record Without Warning

Mathew J. Schwartz • July 12, 2019

George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.

General Data Protection Regulation (GDPR)

Security Teams Confronting New Risks and Regulations

Scott Ferguson • July 8, 2019

New regulations are leading enterprises to rethink how they secure customer data. At the same time, businesses are subject to more risk from their third-party partners. Chis Niggel of Okta explains how these two trends are complicating enterprise security.

Business Continuity Management / Disaster Recovery

Cloudflare Calls Internet Outage 'Small Heart Attack'

Nick Holland • June 28, 2019

The latest edition of the ISMG Security Report discusses Cloudflare's harsh criticism of Verizon over an internet outage it labeled as a "small heart attack." Plus: sizing up the impact of GDPR; reviewing highlights of the ISMG Healthcare Security Summit.

Breach Notification

Identity as a Game-Changing Breach Defense

Information Security Media Group • June 25, 2019

Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.

Artificial Intelligence & Machine Learning

Visual Journal: Infosecurity Europe 2019

Mathew J. Schwartz • June 18, 2019

The annual Infosecurity Europe conference this year returned to London. Here are visual highlights from the event, which featured over 240 sessions and more than 400 exhibitors, 19,500 attendees and keynotes covering data breaches, darknets, new regulations and more.

Cybercrime

10 Highlights: Infosecurity Europe 2019 Keynotes

Mathew J. Schwartz • June 14, 2019

Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.

Cybercrime

Analysis: The Cybersecurity Risks Major Corporations Face

Nick Holland • June 14, 2019

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?

Cybercrime

No Invitation Required: Hackers Can Phish Evite Users

Mathew J. Schwartz • June 11, 2019

Online invitation site Evite has been hacked and information on an unspecified number of users stolen. In a data minimization fail, the breach apparently dates from earlier this year, but it's been tied to "an inactive data storage file associated with Evite user accounts" from before 2014.

General Data Protection Regulation (GDPR)

Under GDPR, UK Data Breach Reports Quadruple

Mathew J. Schwartz • May 29, 2019

One year after Europe's tough new GDPR privacy law went into full effect, authorities in Britain have seen the number of annual data breach notifications more than quadruple. Meanwhile, the number of data protection complaints filed by Europeans has doubled.

Anti-Phishing, DMARC

Verizon DBIR: C-Level Executives in the Crosshairs

Nick Holland • May 22, 2019

C-level executives are 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches. This is among the key findings of the latest Verizon's Data Breach Investigations Report. Author John Grim shares insight.

Fraud Management & Cybercrime

Facebook Password, Email Contact Mishandling Worsens

Jeremy Kirk • April 19, 2019

Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.