Privacy Transformation - Issue 105

PRIVACY

HSE cyber attack: 'Inevitable' major Irish entity would be hit

HSE cyber attack: 'Inevitable' major Irish entity would be hit

With malware attacks becoming more sophisticated and concerning, and critical infrastructure increasingly targeted, it was inevitable a major Irish public entity would be hit eventually. On Friday morning, it was the Health Service Executive.

High Court rejects Facebook bid to block probe that could stop data transfers from EU to US

High Court rejects Facebook bid to block probe that could stop data transfers from EU to US

Facebook Ireland has lost its bid to block the Data Protection Commissioner from conducting a probe into the matter.

Fianna Fáil calls for social media companies to request ID to fight online abuse

Fianna Fáil calls for social media companies to request ID to fight online abuse

Fianna Fáil backbenchers have called for social media companies to request ID when users create accounts as part of a ban on anonymous social media accounts.

Almost half of Irish people are concerned about sharing personal information online

This is a decline of 8% from 2019 to 2020, placing Ireland close to the global average of 45%.

SECURITY & TECH

Thousands of HSE computers rely on out-of-date software

Thousands of HSE computers rely on out-of-date software

The Health Service Executive's information technology system is relying on thousands of out-of-date computers because a plan to replace them has not been completed.

RELATED

This is how long hackers will hide in your network before deploying ransomware or being spotted

Microsoft EU Data Boundary dubbed ‘smoke and mirrors’

Microsoft EU Data Boundary dubbed ‘smoke and mirrors’

Data protection experts claim Microsoft’s decision to create an EU data boundary is a tacit admission that it routinely transfers and processes the personal data of European citizens outside the bloc, raising further questions about where its UK customers’ data goes.

RELATED

France says Google, Microsoft cloud services are OK for sensitive data

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Patient data from HSE hack has appeared on the dark net, Minister confirms

Patient data from HSE hack has appeared on the dark net, Minister confirms

Stephen Donnelly said that it was “distasteful” that law firms were “licking their lips” at prospect of suing the State over the HSE cyber hack.

RELATED

Here’s how much your stolen personal data is worth on the dark web

Data breach at Muckross Park after hack on hotel email account

Data breach at Muckross Park after hack on hotel email account

Breach at Co Kerry hotel may have allowed the hacker access to some guests' email addresses

Verizon Data Breach Report 2021: Pandemic Has Caused Major Surge in Phishing, Ransomware and Web App Attacks

Verizon Data Breach Report 2021: Pandemic Has Caused Major Surge in Phishing, Ransomware and Web App Attacks

Verizon's data breach report for 2021 frames the degree to which the pandemic has influenced cyber criminal activity, with the focus shifting strongly toward work-at-home infrastructure.

See Resources Section for link to report.

ENFORCEMENT

HSE could face €1m fine for GDPR failings over cyber attack 

HSE could face €1m fine for GDPR failings over cyber attack

HSE breach may see Data Protection Commission utilise the full extent of its fining powers on a State body for the first time, says expert

Irish Credit Bureau fined by regulator for data breach

Irish Credit Bureau fined by regulator for data breach

The Irish Credit Bureau (ICB) has been fined €90,000 and reprimanded for a “serious” breach of the General Data Protection Regulation (GDPR). It is the largest domestic fine levied by the Irish data regulator.

Read DPC Decision

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

DPC Decision: Irish Credit Bureau DAC

DPC Decision: Irish Credit Bureau DAC

Data Protection Commission 21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland

Verizon 2021 Data Breach Investigations Report (DBIR)

Verizon 2021 Data Breach Investigations Report (DBIR)

Access Verizon's 2021 Data Breach Investigation Report

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.