Privacy Transformation - Issue 173

PRIVACY

Instagram fined €405M for violating kids’ privacy

Instagram fined €405M for violating kids’ privacy

The Irish Data Protection Commission has fined Meta-owned social media platform Instagram €405 million for violations of the General Data Protection Regulation.

Sydney school’s use of fingerprint scanners in toilets an invasion of privacy, expert says

Moorebank High School installed the scanners to prevent vandalism and track student movements after consultation with community focus group

SECURITY & TECH

Security News This Week: Police Across US Bypass Warrants With Mass Location-Tracking Tool

Security News This Week: Police Across US Bypass Warrants With Mass Location-Tracking Tool

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.

Montenegro hit by ransomware attack, hackers demand $10 million

Montenegro hit by ransomware attack, hackers demand $10 million

The government of Montenegro has admitted that its previous allegations about Russian threat actors attacking critical infrastructure in the country were false and now blames ransomware for the damage to its IT infrastructure that has caused extensive service disruptions.

BlackCat ransomware claims attack on Italian energy agency

BlackCat ransomware claims attack on Italian energy agency

The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE).

Thousands of Hikvision Cameras Vulnerable to a Security Bug

Thousands of Hikvision Cameras Vulnerable to a Security Bug

Analyzing about 285,000 Hikvision web servers online, researchers spotted over 80,000 of them vulnerable to a remote command injection bug.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's threat report is drawn from recent open source reporting.

DATA BREACH

Update of HEA Springboard website exposes personal data of 45,000 users

Update of HEA Springboard website exposes personal data of 45,000 users

Members of the Garda, the prison service and people working in the HSE are among those whose details could be viewed online.

TikTok hacked, over 2 bn user database records stolen: Security researchers

TikTok hacked, over 2 bn user database records stolen: Security researchers

Cyber-security researchers on Monday discovered a potential data breach in Chinese short-form video app TikTok, allegedly involving up to 2 billion user database records.

Samsung discloses data breach after July hack

Samsung discloses data breach after July hack

Electronics giant Samsung has confirmed a new data breach today after some of its U.S. systems were hacked to steal customer data.

Russian streaming platform confirms data breach affecting 7.5M users

Russian streaming platform confirms data breach affecting 7.5M users

Russian media streaming platform 'START' (start.ru) has confirmed rumors of a data breach impacting millions of users.

Suspected Ransomware Attack on InterContinental Hotels Affected Over 4,000 Guests

Suspected Ransomware Attack on InterContinental Hotels Affected Over 4,000 Guests

According to an analysis by cyber intelligence company Hudson Rock, just over 4,000 InterContinental Hotels Group users and 15 of its 325,000 employees were compromised in the attack.

ENFORCEMENT

DPC: Instagram hit by record €405 million fine by Irish Data Protection Commissioner

DPC: Instagram hit by record €405 million fine by Irish Data Protection Commissioner

This is the biggest fine ever handed out by the Data Protection Commissioner.

ICO: Halfords fined for sending nearly 500,000 unwanted marketing emails

ICO: Halfords fined for sending nearly 500,000 unwanted marketing emails

The Information Commissioner’s Office (ICO) has fined Halfords Limited £30,000 for sending 498,179 unsolicited marketing emails to people without their consent. Halfords came to the attention of the ICO following complaints in relation to a direct marketing email about a “Fix Your Bike” government voucher scheme, which was sent on 28 July 2020.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

ICO publishes guidance on privacy enhancing technologies

The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organisations unlock the potential of data by putting a data protection by design approach into practice.

[Read draft guidance]

RESOURCES

EDPB: Overview on resources made available by Member States to the Data Protection Supervisory Authorities

The European Data Protection Board (EDPB) gathered some statistics on resources made available by Member States to the supervisory authorities (SAs) from the European Economic Area (EEA).

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.