Privacy Transformation - Issue 176
PRIVACY
US expected to publish Privacy Shield executive order next week
The White House is expected to publish its long-awaited executive order on transatlantic data transfers next week, according to three officials with knowledge of the matter. The order is designed to address European concerns over surveillance practices in the United States and may be signed by President Joe Biden and then published as early as October 3, one of the officials said.
MEPs call for independent review of Irish DPC after Dublin visit
MEP Maite Pagazaurtundúa said the delegation was concerned that Ireland’s data protection authority is ‘a bottleneck’ of GDPR enforcement.
Instagram launches High Court appeal against record €405 million fine
The fine was issued following an investigation into the way Instagram handled teenagers’ personal data.
SECURITY & TECH
LockBit ransomware builder leaked online by “angry developer”
The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.
Ransomware data theft tool may show a shift in extortion tactics
Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future.
AI Is Probably Using Your Images and It's Not Easy to Opt Out
In one stark example of how sensitive images can end up powering these AI tools, a user found a medical image in the LAION dataset, which was used to train Stable Diffusion and Google’s Imagen.
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.
DATA BREACH
Massive Australian data hack prompts privacy laws overhaul
After a massive data breach in which the personal information of up to 9.8 million users of the Optus telecom company was stolen, the Australian government has said it will overhaul privacy laws to require that affected companies notify banks.
RELATED: Optus, Australia’s second largest telco, says customer data exposed in data breach
Revolut hack exposes personal data of tens of thousands of users
Revolut said 0.16pc of its global customers were affected by a data breach that was detected and contained ‘within hours’.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
ENFORCEMENT
ICO: Action taken against SEVEN organisations who failed in their duty to respond to information access requests
The Information Commissioner’s Office (ICO) has taken action against seven organisations who have failed to respond to the public when asked for personal information held about them, known as a Subject Access Request (SAR). A SAR must be responded to within one to three months.
Morgan Stanley fined $35m after hard drives sold with customer info still on them
Morgan Stanley Smith Barney has agreed to pay a paltry $35 million penalty after customers' sensitive records were left unencrypted on unwiped hard drives that were auctioned off after decommissioning.
More on the latest GDPR enforcement news can be found on:
RESOURCES
DPC Decision: Allianz plc - June 2022
This decision arose from an own-volition inquiry commenced by the DPC pursuant to section 110 of the Data Protection Act 2018 to consider whether Allianz had complied with the GDPR in relation to its processing operations.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.