Firms not honouring data access requests could face criminal prosecution says ICO

The Information Commissioner’s Office has warned organisations that failure to honour data access requests made by customers or failing to do so within mandated timelines could expose them to criminal prosecution under GDPR. In January, a report from cloud data integration solutions provider Talend revealed that as many as 74 percent of UK-based organisations were […]

New spear phishing attacks targeting senior execs at multiple times

Security researchers have uncovered a spear-phishing campaign that involves hackers sending malicious emails to CEOs, CFOs, CTOs, and SVPs at a large number of organisations, asking them to participate in a Doodle poll to reschedule an upcoming board meeting, with the emails linking to an Office 365 credential theft site. According to researchers at security […]

Three in four firms unable to honour GDPR data requests

As many as three in four organisations in the UK are at present unable to fulfil an essential requirement under GDPR that mandates organisations to fulfil data access requests from their customers within 30 days of receiving such requests. According to a report from cloud data integration solutions provider Talend, only 17 percent of organisations […]

Hyatt launches bug bounty programs to uncover security vulnerabilities

Soon after Marriott International announced that a massive data breach it suffered last year compromised approximately 383 million data records, including 5.25 million unique unencrypted passport numbers, Hyatt announced that it is launching a new bug bounty programme to plug security weaknesses in its customer-facing platforms. Launched in partnership with HackerOne, the bug bounty programme will […]

Vision Direct hack puts customers’ money at risk

Vision Direct says a hack attack has exposed thousands of its customers’ personal data including payment card numbers, expiry dates and CVV codes. The contact lens retailer said anyone who had entered their details into its site between 3 and 8 November could be affected. It added that it had identified 16,300 people as being at […]

Heathrow fined by the ICO over USB stick data breach

Heathrow Airport has been fined £120,000 by the Information Commissioner’s Office for “serious” data protection failings. It comes after a staff member lost a USB stick last October containing “sensitive personal data”, which was later found by a member of the public. Reports at the time claimed this included the Queen’s security and travel arrangements, […]

Morrisons appealing over staff data leak compensation

A legal battle for compensation by thousands of Morrisons staff whose personal details were posted online by a disgruntled employee has reached the Court of Appeal. The High Court ruled last year that the supermarket was liable for the release of information and its employees were entitled to compensation. The case is the first data leak […]

Uber to pay $148M over data breach cover up

Ride-hailing firm Uber is paying $148m (£113m) to settle legal action over a cyber-attack that exposed data from 57 million customers and drivers. The massive breach happened in 2016 but Uber sought to hide it from regulators. The company paid the hackers behind the intrusion $100,000 to delete the data they grabbed from Uber’s cloud […]