Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Under GDPR, organizations that suffer certain types of breaches must inform the ICO within 72 hours of learning that they have been breached.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Mathew J. Schwartz • December 10, 2018

The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.

►

General Data Protection Regulation (GDPR)

How Cyber Insurance Is Changing in the GDPR Era

Latest

Cybercrime

GOP Hacking Incident: What Happened?

Nick Holland • December 7, 2018

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

3rd Party Risk Management

Emails Expose Sensitive Internal Facebook Discussions

Jeremy Kirk • December 6, 2018

A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Breach Notification

Marriott's Mega-Breach: Many Concerns, But Few Answers

Jeremy Kirk • December 3, 2018

Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.

Fraud Management & Cybercrime

Federal Prosecutors Discuss SamSam Indictments

Nick Holland • November 30, 2018

In the latest edition of the ISMG Security Report, hear prosecutors discuss the indictments of two Iranians in connection with SamSam ransomware attacks. Also: Updates on allegations that Google is violating GDPR and cryptocurrency's impact on crime trends.

Cloud Security

'Data & Leads' Site Disappears After Data Exposure Alert

Mathew J. Schwartz • November 29, 2018

Another day, another "Have I Been Pwned" alert, this time involving 44.3 million individuals' personal details found in unsecured instances of Elasticsearch, which appear to have been left online by Data & Leads, a Toronto-based data aggregation firm.

Geo-Specific

PageUp Breach: 'No Specific Evidence' of Data Exfiltration

Jeremy Kirk • November 26, 2018

Australian human resources software developer PageUp says it has found "no specific evidence" that attackers removed data after the company warned in May that it had been breached. But investigators have found that attackers installed all of the tools they would have needed to exfiltrate data.

Data Security

Amazon Snafu Exposed Customers' Names and Email Addresses

Jeremy Kirk • November 23, 2018

Amazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online. The online retailing giant maintains that its systems were not breached. It says it's sent an email notification to all affected customers and that the problem has been fixed.

Business Email Compromise (BEC)

French Cinema Chain Fires Dutch Executives Over 'CEO Fraud'

Mathew J. Schwartz • November 13, 2018

French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Cybercrime

Radisson Suffers Global Loyalty Program Data Breach

Mathew J. Schwartz • November 2, 2018

Radisson Hotel Group has suffered a data breach that resulted in the theft of data for its global loyalty program members. The company, which operates 1,400 hotels, says the breach touched data for "less than 10 percent" of all Radisson Rewards members, but it hasn't released a victim count.

Cybercrime

British Airways Finds Hackers Stole More Payment Card Data

Mathew J. Schwartz • October 26, 2018

British Airways has discovered that hackers compromised payment card data and personal details for 185,000 more customers than it had originally suspected and that its systems were first breached not in August, but April. The airline now counts 429,000 data breach victims.

Cybercrime

UK Facebook Fine: Just the Beginning?

Nick Holland • October 26, 2018

This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.

Data Security

Facebook Slammed With Maximum UK Privacy Fine

Mathew J. Schwartz • October 25, 2018

Facebook has been slammed with the maximum possible fine under U.K. law for "a very serious data incident" that exposed an estimated 87 million Facebook users' personal details to political campaign influence firm Cambridge Analytica.