Privacy Transformation - Issue 179
PRIVACY
Data Protection Commission asked to investigate garda data retention
The Data Protection Commission has been asked to investigate An Garda Síochána's practice of retaining files on people who have been cleared of producing or sharing child sexual abuse material.
DPC facing legal action over GDPR complaint against Catholic Church
A man has launched High Court proceedings over what he claims is the Data Protection Commission's failure to complete an investigation of a complaint he made over the Catholic Church's refusal to destroy records it has about him.
UK Home Office accused of breaching privacy laws after cancelling international student’s visa
The Home Office used location data from an international student’s mobile phone to detain him for allegedly breaking his visa conditions.
SECURITY & TECH
HSE computers only monitored for viruses during daytime hours prior to cyberattack, report reveals
Attack on health service last year has cost almost €100m to date, Comptroller and Auditor General finds.
RELATED: Cost of HSE cyberattack reaches €70m
Banks face their 'darkest hour' as malware steps up, maker of antivirus says
Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead security researcher Sergey Lozhkin.
NHS vendor Advanced won't say if patient data was stolen during ransomware attack
The NHS technology vendor said its incident recovery is likely to be slow following an August ransomware attack.
World’s largest crypto exchange hacked with possible losses of $500m
Binance, the latest crypto company to experience a targeted hack, temporarily suspends transactions and the transfer of funds.
Microsoft Exchange servers hacked to deploy LockBit ransomware
Microsoft is investigating reports of a new zero-day bug abused to hack Exchange servers which were later used to launch Lockbit ransomware attacks.
The EU’s biometric power-grab is sinister and grotesque
Brussels is rolling out an invasive new border system that will cause massive delays, and further undermine our liberty.
Meta’s New Quest Pro VR Headset Harvests Personal Data Right Off Your Face
Cameras inside the device that track eye and face movements can make an avatar’s expressions more realistic, but they raise new privacy questions.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
DATA BREACH
Shein owner Zoetop fined $1.9m over data breach response
New York Attorney General Letitia James accuses Zoetop of lying about the extent of the 2018 attack.
DJI drone tracking data exposed in US
Over 80,000 drone IDs were exposed in a data leak after a database containing information from dozens of airspace monitoring devices manufactured by the Chinese-owned DJI was left accessible to the public.
MyDeal data breach impacts 2.2M users, stolen data for sale online
Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum.
Optus tells customers affected by data breach they can no longer use passports as online ID
Exposed passport numbers blocked from being used in national Document Verification System
Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack
Wine dealer Vinomofo is the latest Australian company to be targeted by a cyber-attack.
ENFORCEMENT
Texas Sues Google for Collecting Biometric Data Without Consent
Ken Paxton, the state attorney general, said products like Google Photos and the Nest camera had violated Texans’ privacy rights.
UK ICO: Easylife Limited
Easylife Limited has contravened Article 5(1)(a) of the GDPR in that there were serious deficiencies in the way it has collected, processed, and used the personal and special category data of 145,400 individuals.
More on the latest GDPR enforcement news can be found on:
RESOURCES
ICO: Research provisions guidance for UK GDPR
The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.