Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.
British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.
Human error looks to be the obvious culprit in an accidental data breach by Britain's Cabinet Office, which published the home addresses of celebrities such as Elton John and Olivia Newton-John when it released a list of individuals set to be recognized for their contributions to British society.
While CCPA has drawn the biggest headlines when it comes to new U.S. privacy laws, businesses and consumers should also take notice of New York's SHIELD Act, which goes into effect in March 2020. The law is expected to have impact on Wall Street firms and other financial institutions headquartered in the state.
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Foxit Software, the developer of popular PDF and document software, says user accounts were compromised in a breach. The company, which has 560 million users, isn't saying how the breach occurred, how many accounts were affected or for how long.
Given the massive impact of the Equifax data breach, is the recently announced proposed settlement fair? One consumer advocate calls the money to be paid out by the consumer reporting agency the equivalent of a "parking ticket." Here's an analysis of the settlement's terms.
Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.
The digital revolution has given healthcare organizations new tools to increase team efficiency and improve their customer experience. But it's also opened up new vectors that cybercriminals can use to attack. As your attack surface expands to infrastructure that you don't own or control, becomes increasingly...
Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8 million users' private photos may have been revealed to 1,500 apps built by 876 developers.
Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation?
While PIPEDA is not a new law and been on the books for a long time, what is coming is...
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
2018 has been an important year in Canada from a cybersecurity and privacy standpoint. The introduction of Canada's new National Cybersecurity Strategy in June of this year along with the upcoming mandatory breach notification requirements effective November 1, 2018 are just the tip of the iceberg. In a complex world...
On May 25, 2018, per the General Data Protection Regulation (GDPR), organizations with business ties to the European Union needed to comply to GDPR standards. The cost of non-compliance are stiff fines. The GDPR contains nearly 100 separate and nuanced articles that can be difficult to understand even if you are a...