Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

By: Wang Wei

After fining British Airways with a record fine of £183 million earlier this week, the UK’s data privacy regulator is now planning to slap world’s biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach.

This is the second major penalty notice in the last two days that hit companies for failing to protect its customers’ personal and financial information compromised and implement adequate security measures.

In November 2018, Marriott discovered that unknown hackers compromised their guest reservation database through its Starwood hotels subsidiary and walked away with personal details of approximately 339 million guests.

The compromised database leaked guests’ names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences.

The breach, which likely happened in 2014, also exposed unencrypted passport numbers for at least 5 million users and credit card records of eight million customers.

According to the Information Commissioner’s Office (ICO), nearly 30 million residents of 31 countries in the European and 7 million UK residents were impacted by the Marriott data breach.

The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.

Last year, the General Data Protection Regulation (GDPR) was introduced in Europe that forces companies to make sure the way they collect, process, and store data are safe.

More: https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html?m=1

10 cyber security trends to look out for in 2019

By: Nick Ismail

What cyber security trends and issues can the world expect in 2018: more stringent regulation, creations of new roles?

2018 was an interesting year for all things cyber.

It was the year that brought major breaches pretty much every week. Most recently, the Marriott Hotel group suffered a significant data breach, while Quora fell foul to some cyber criminals.

Cyber security is still the issue on every business leaders mind.

This year, organisations have had to get their house in order with GDPR, amongst others, coming into force on 25 May. The stakes for protecting your organisation from cyber threats have never been higher.

So, what can we expect to see in 2019 then? Here are some things to consider.

Cyber security regulations improvement

We need to see a continuing improvement in the relevant regulations as apply to cyber security.

The dynamic and fast-moving nature of cyber security outpaces regulation which is far too slow and clumsy to be of any benefit and might actually hinder security by building a culture of compliance with regulations and a false sense of security against enemies who are agile, motivated, and clever.

Data theft turning into data manipulation

We can expect to see attackers changing their methodology from pure data theft and website hacking to attacking data integrity itself.

 This type of attack, in comparison to a straightforward theft of data, will serve to cause long-term, reputational damage to individuals or groups by getting people to question the integrity of the data in question.

Privacy is human right: Satya Nadella

By: IndUS Business Journal

London– Microsoft CEO Satya Nadella has called on technology companies to defend users’ privacy as human right, urging firms and governments to collectively work together to protect the most vulnerable section in society.

Speaking at an event “Future Decoded” here on Thursday, Nadella applauded the European Union’s General Data Protection Regulation (GDPR) as first step towards securing data privacy, The Registrar reported.

“All of us will have to think about the digital experiences we create to treat privacy as a human right,” Nadella was quoted as saying.

“GDPR as a piece of legislation, a piece of regulation is a great start and we’ve done a lot of hard work to become compliant with GDPR,” Nadella added, adding that the companies need to develop ethical standards around Artificial Intelligence (AI).

Nadella said that 54 Azure Cloud regions worldwide is “more than any other provider”.

According to him, underwater data centres will play a key role in expanding Microsoft’s Cloud computing platform.

Under its “Project Natick”, Mictosoft has already deployed a 40-foot data centre pod on the seafloor off the coast of Scotland.

“Since 50 per cent of the world’s population lives close to water bodies, we think this is the way we want to think about future data centre expansion,” Nadella said.

Microsoft also unveiled an AI report titled “Maximising the AI Opportunity” for businesses.

The company announced at the event that the health agency NHS Scotland will deploy Office 365 to all of its 161,000 employees, moving away from a complicated organisation that included more than 100 separate computer systems.

More: http://indusbusinessjournal.com/2018/11/privacy-is-human-right-satya-nadella/

Cibersegurança: mais de 146 bilhões de registros serão roubados até 2023

By: TI inside- Redação

Um novo relatório da Juniper Research constatou que mais de 33 bilhões de registros serão roubados por cibercriminosos somente em 2023, um aumento de 175% sobre os 12 bilhões de registros que deverão ser comprometidos em 2018, resultando em perda acumulada de mais de 146 bilhões de registros para todo o período.

A nova pesquisa, O Futuro do Cibercrime e Segurança: Análise de Ameaças, Avaliação de Impacto e Principais Fornecedores 2018-2023, descobriu que, apesar de legislações como GDPR e PSD2 exigirem fortes medidas de segurança cibernética e autenticação para proteger dados pessoais e financeiros, os níveis médios de os gastos com segurança cibernética permanecerão relativamente estáticos.

Pequenas empresas vulneráveis

Os gastos das pequenas empresas em 2018 representarão apenas 13% do mercado global de segurança cibernética em 2018, apesar de mais de 99% de todas as empresas serem pequenas. Além disso, o custo das violações pode exceder milhões de dólares, diminuindo o volume de negócios dessas empresas.

Muitas dessas empresas usam produtos de consumo, gastando em média US $ 500 por ano em segurança cibernética. Com a digitalização de muitas empresas, isso as deixará vulneráveis ??a novas formas de malware que exigem uma segurança cibernética mais avançada, além da proteção simples do ponto de extremidade.

For Financial Services, Encryption is Essential – But So Is Performance

By: Aamir Lakhani

The financial services industry is one hit hardest by the heightened expectations of consumers to access information, receive help, and conduct transactions anywhere and at any time via their mobile devices. By 2025, Millennials are expected to generate 46 percent of all U.S. income, and yet over a fifth of them have never written a physical check to pay a bill. Instead, 38 percent use apps and mobile tools to make bill payments, and 71 percent consider their banking relationship to be transactional rather than relationship-driven.

In addition, more than one-quarter (27 percent) of Millennials are completely reliant on a mobile banking app. In fact, they are 1.3 times more likely than Gen-Xers and 2 times more likely than Baby Boomers to rely on a mobile banking app for regular banking activities.

For financial firms, the ability to offer such services represents a competitive advantage, with 75 percent of banks making investments to create and improve a customer-centric digital business model. Aside from benefitting consumers, greater accessibility to data on various devices and applications can also improve employee efficiency, meeting the common request for more open networks.

Personal Data at Greater Risk

This shift to online consumer banking has led to increasing data traffic volumes as more users rely on applications and endpoints to interact with their personal data. Addressing this growing volume of traffic has led many financial institutions to adopt cloud, and increasingly, multi-cloud environments. Which means that personally identifiable information (PII) is now regularly travelling across different network domains.

While this increases the accessibility of data for consumers, thereby making financial services firms more competitive, it also means that their data spans a larger potential attack surface, making it more susceptible to cyberattacks. As these attacks become more sophisticated, leveraging artificial intelligence and automation to more effectively detect and exploit vulnerabilities, financial services firms not only need to engage in digital transformation but to also do so securely – protecting the private data of consumers.

Greater Interest in Encryption

Regulators are taking a close look at financial services firms to ensure they are implementing the security controls necessary to keep user data private. One of the core security features being required by these bodies is encryption. Encryption refers to converting plain text into secure code that can only be deciphered with a decryption key. This ensures that data in motion across the network and the web, as well as data at rest in the cloud or data center, cannot be seen by anyone without the key – even if it is stolen – adding a strong layer of security.

Encryption for financial services firms is being recommended today by several regulatory guidelines, including the Federal Financial Institutions Examination Council (FFIEC) and the new General Data Protection Regulation (GDPR).

More: https://www.csoonline.com/article/3284351/security/for-financial-services-encryption-is-essential-but-so-is-performance.html

Facebook and Google use ‘dark patterns’ around privacy settings, report says

By: BBC NEWS Technology

Facebook, Google and Microsoft push users away from privacy-friendly options on their services in an “unethical” way, according to a report by the Norwegian Consumer Council.

It studied the privacy settings of the firms and found a series of “dark patterns”, including intrusive default settings and misleading wording.

The firms gave users “an illusion of control”, its report suggested.

Both Google and Facebook said user privacy was important to them.

The report – Deceived by Design – was based on user tests which took place in April and May, when all three firms were making changes to their privacy policies to be in compliance with the EU’s General Data Protection Regulation (GDPR).

Illusion

It found examples of

  • privacy-friendly choices being hidden away
  • take-it-or-leave it choices
  • privacy-intrusive defaults with a longer process for users who want privacy-friendly options
  • some privacy settings being obscured
  • pop-ups compelling users to make certain choices, while key information is omitted or downplayed
  • no option to postpone decisions
  • threats of loss of functionality or deletion of the user account if certain settings not chosen

For example, Facebook warns anyone who wishes to disable facial recognition that doing so means that the firm “won’t be able to use this technology if a stranger uses your photo to impersonate you”.

The report concluded that users are often given the illusion of control through their privacy settings, when they are not getting it.

“Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears,” the report said.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/technology-44642569

Germany’s Continental Bans WhatsApp From Work Phones

By: AFP

German car parts supplier Continental on Tuesday said it was banning the use of WhatsApp and Snapchat on work-issued mobile phones “with immediate effect” because of data protection concerns.

The company said such social media apps had “deficiencies” that made it difficult to comply with tough new EU data protection legislation, especially their insistence on having access to a user’s contact list.

“Continental is prohibiting its employees from using social media apps like WhatsApp and Snapchat in its global company network, effective immediately,” the firm said in a statement.

Some 36,000 employees would be affected by the move, a Continental spokesman told AFP.

The company, one of the world’s leading makers of car parts, has over 240,000 staff globally.

A key principle of the European Union’s new general data protection regulation (GDPR), which came into force on May 25, is that individuals must explicitly grant permission for their data to be used.

But Continental said that by demanding full access to address books, WhatsApp for example had shifted the burden onto the user, essentially expecting them to contact everyone in their phone to let them know their data was being shared.

“We think it is unacceptable to transfer to users the responsibility of complying with data protection laws,” said Continental’s CEO Elmar Degenhart.

The Hanover-based firm said it stood ready to reverse its decision once the service providers “change the basic settings to ensure that their apps comply with data-protection regulations by default”.

More: https://www.securityweek.com/germanys-continental-bans-whatsapp-work-phones

European Commission says only two member states ready for GDPR

By: sikur

Capturar

by Charlie Taylor

January 24, 2018

New EU-wide data protection rules are due to come into force in late May

With just over 100 days left before the introduction of new wide-ranging data protection rules across Europe, the European Commission has warned member states to speed up the adoption of national legislation to ensure they are in line with GDPR.

The General Data Protection Regulation (GDPR), which is due to come into force in late May, governs the privacy practices of companies handling EU citizens’ data. The legislation aims to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. There are potentially huge fines for firms that don’t abide by the new rules.

The European Commission said on Wednesday that to date, that Germany and Austria are the only member states who have passed all the necessary legislation needed to bring national laws into step with the new EU-wide regulations.

The commission, which is providing €1.7 million to fund data protection authorities ahead of the introduction of GDPR, also urged member states to ensure relevant bodies are equipped with the necessary resources.

In October, the Irish Government allocated an additional €4 million to the Office of the Data Protection Commissioner under Budget 2018 to allow it to recruit up to 40 new employees ahead of the introduction of GDPR to bring the total funding allocation to almost €11.7 million, a rise of 55 per cent on the prior year.

 

MORE: https://www-irishtimes-com.cdn.ampproject.org/c/s/www.irishtimes.com/business/technology/european-commission-says-only-two-member-states-ready-for-gdpr-1.3366966?mode=amp

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

The Impact of GDPR On Today’s Mobile Enterprise

By: sikur

by John Aisien

Many organizations worldwide have begun preparing for the General Data Protection Regulation (GDPR), a set of rules created by European lawmakers to enhance data protection and privacy for individuals within the European Union (EU).

GDPR enforcement is scheduled to begin in May 2018, and the penalties for non-compliance are steep—as much as 4 percent of the violating company’s global annual revenue, depending on the nature of the offense Clearly, GDPR compliance is becoming a priority for many organizations—including those headquartered outside the European Union. A 2017 PwC survey of 200 security, IT, and business executives from U.S. companies showed that 92 percent considered GDPR compliance to be a top business priority for their data-privacy and security efforts this year.

Companies are prepared to invest in compliance efforts. The PwC study shows that 77percent plan to allocate $1 million or more to GDPR readiness and compliance efforts; 68 percent said they will spend between $1– $10 million, and 9 percent are expected to spend more than $10 million.

More: https://www.scmagazine.com/the-impact-of-gdpr-on-todays-mobile-enterprise/article/710019/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

UK Shipper Clarksons Suffers Data Breach

By: sikur

Capturar.JPG

Phil Muncaster

30 NOV 2017

UK shipping giant Clarksons admitted on Wednesday that it has suffered a data breach and warned that the hacker may soon start leaking the stolen information.

The 165-year-old shipping services organization employs nearly 2000 staff worldwide, with operations in 21 countries.

In a notice yesterday it said it had been the subject of a cyber-break-in:

“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled. We have also put in place additional security measures to best prevent a similar incident happening in the future. Clarksons would like to reassure clients and shareholders that this incident has not, and does not, affect its ability to do business.”

It claimed that the hacker may release some of the data, but gave no indication of the kind of information that was stolen, or how many records, saying only that it is “confidential” and that “lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.”

This lack of transparency may be harder to get away with when the GDPR comes into force, with firms required to give a detailed account to regulators within 72 hours of discovery of a breach.

Clarksons said it is working with police and data security experts to get to the bottom of the incident and has notified the regulators. It has also accelerated roll-out of IT security measures as part of a program that began earlier in the year.

MORE: https://www.infosecurity-magazine.com/news/uk-shipper-clarksons-suffers-data/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist