Privacy Transformation - Issue 173
PRIVACY
Instagram fined €405M for violating kids’ privacy
The Irish Data Protection Commission has fined Meta-owned social media platform Instagram €405 million for violations of the General Data Protection Regulation.
Sydney school’s use of fingerprint scanners in toilets an invasion of privacy, expert says
Moorebank High School installed the scanners to prevent vandalism and track student movements after consultation with community focus group
SECURITY & TECH
Security News This Week: Police Across US Bypass Warrants With Mass Location-Tracking Tool
Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.
Montenegro hit by ransomware attack, hackers demand $10 million
The government of Montenegro has admitted that its previous allegations about Russian threat actors attacking critical infrastructure in the country were false and now blames ransomware for the damage to its IT infrastructure that has caused extensive service disruptions.
BlackCat ransomware claims attack on Italian energy agency
The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE).
Thousands of Hikvision Cameras Vulnerable to a Security Bug
Analyzing about 285,000 Hikvision web servers online, researchers spotted over 80,000 of them vulnerable to a remote command injection bug.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
DATA BREACH
Update of HEA Springboard website exposes personal data of 45,000 users
Members of the Garda, the prison service and people working in the HSE are among those whose details could be viewed online.
TikTok hacked, over 2 bn user database records stolen: Security researchers
Cyber-security researchers on Monday discovered a potential data breach in Chinese short-form video app TikTok, allegedly involving up to 2 billion user database records.
Samsung discloses data breach after July hack
Electronics giant Samsung has confirmed a new data breach today after some of its U.S. systems were hacked to steal customer data.
Russian streaming platform confirms data breach affecting 7.5M users
Russian media streaming platform 'START' (start.ru) has confirmed rumors of a data breach impacting millions of users.
Suspected Ransomware Attack on InterContinental Hotels Affected Over 4,000 Guests
According to an analysis by cyber intelligence company Hudson Rock, just over 4,000 InterContinental Hotels Group users and 15 of its 325,000 employees were compromised in the attack.
ENFORCEMENT
DPC: Instagram hit by record €405 million fine by Irish Data Protection Commissioner
This is the biggest fine ever handed out by the Data Protection Commissioner.
ICO: Halfords fined for sending nearly 500,000 unwanted marketing emails
The Information Commissioner’s Office (ICO) has fined Halfords Limited £30,000 for sending 498,179 unsolicited marketing emails to people without their consent. Halfords came to the attention of the ICO following complaints in relation to a direct marketing email about a “Fix Your Bike” government voucher scheme, which was sent on 28 July 2020.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
ICO publishes guidance on privacy enhancing technologies
The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organisations unlock the potential of data by putting a data protection by design approach into practice.
RESOURCES
EDPB: Overview on resources made available by Member States to the Data Protection Supervisory Authorities
The European Data Protection Board (EDPB) gathered some statistics on resources made available by Member States to the supervisory authorities (SAs) from the European Economic Area (EEA).
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.