Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Directions to a polling station in Orlando, Florida, in 2008. (Photo: Erik Hersman via Flickr/CC)

The Privacy Penalty for Voting in America

Jeremy Kirk • November 16, 2018

Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible.

►

General Data Protection Regulation (GDPR)

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Latest

Business Email Compromise (BEC)

French Cinema Chain Fires Dutch Executives Over 'CEO Fraud'

Mathew J. Schwartz • November 13, 2018

French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Cybercrime

Radisson Suffers Global Loyalty Program Data Breach

Mathew J. Schwartz • November 2, 2018

Radisson Hotel Group has suffered a data breach that resulted in the theft of data for its global loyalty program members. The company, which operates 1,400 hotels, says the breach touched data for "less than 10 percent" of all Radisson Rewards members, but it hasn't released a victim count.

Cybercrime

UK Facebook Fine: Just the Beginning?

Nick Holland • October 26, 2018

This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.

Data Security

Facebook Slammed With Maximum UK Privacy Fine

Mathew J. Schwartz • October 25, 2018

Facebook has been slammed with the maximum possible fine under U.K. law for "a very serious data incident" that exposed an estimated 87 million Facebook users' personal details to political campaign influence firm Cambridge Analytica.

Next-Generation Technologies & Secure Development

Mobile Threats: Myths and Realities

Information Security Media Group • October 1, 2018

There is greater awareness to the proliferation of mobile threats, and yet many organizations still underestimate their own vulnerabilities. Brian Duckering of Symantec discusses the rise and maturity of mobile threat defense.

Critical Infrastructure Security

The Reaction to New White House Cybersecurity Strategy

Nick Holland • September 28, 2018

Leading the latest edition of the ISMG Security Report: The reaction to the recently released White House cybersecurity strategy. Also featured: A discussion of GDPR's impact on class action lawsuits.

Uber Reaches $148 Million Breach Settlement With States

Mathew J. Schwartz • September 27, 2018

Ride-hailing platform Uber Technologies has reached a $148 million settlement agreement with the attorneys general of all 50 states and the District of Columbia over its failure to report a massive 2016 data breach in a timely manner, as well as its inadequate information security practices.

Electronic / Mobile Payments Fraud

Equifax Breach: Key Lessons Learned

Nick Holland • September 14, 2018

The latest edition of the ISMG Security Report features an analysis of a new Government Accountability Office report on the causes of last year's massive Equifax breach. Also: An update on the role of tokenization in protecting payments.

General Data Protection Regulation (GDPR)

Fresh GDPR Complaints Take Aim at Targeted Advertising

Jeremy Kirk • September 13, 2018

A web browser startup, Brave, has filed complaints in Europe alleging Google and other behavioral advertising companies are violating Europe's GDPR. Brave's complaints could set up one of the biggest battles so far over how personal data gets used - or abused - for targeted advertising.

Cybercrime

RiskIQ: British Airways Breach Ties to Cybercrime Group

Mathew J. Schwartz • September 11, 2018

The British Airways breach, in which up to 380,000 website and mobile users' payment card details were stolen, traces to card-scraping code injected into a script on the airline's website by the cybercrime group called Magecart, says security firm RiskIQ.

Artificial Intelligence & Machine Learning

GDPR Spurs Interest in Insider Threat Prevention

Mathew J. Schwartz • September 4, 2018

The EU's General Data Protection Regulation, which has tough breach notification requirements, is spurring global interest in technologies to help prevent insider breaches, says Tony Pepper of Egress Software Technologies.

Cybercrime

Card-Skimming Malware Campaign Hits Dozens of Sites Daily

Jeremy Kirk • September 3, 2018

In the past six months, more than 7,000 sites that run Magento e-commerce software have been infected with malicious JavaScript designed to harvest customers' payment card details as they finalize their orders, a security researcher warns.