Engadget – A thief took Facebook hard drives with payroll data from a worker’s car
“A thief broke into a payroll worker’s car and stole hard drives that reportedly contained unencrypted payroll information for around 29,000 current and former US employees.”
ZDNet – Data privacy: Germans dish out one of the biggest GDPR fines yet over lax call centers
“The €9.55m fine is one of the largest relating to GDPR to date and comes after … the company had failed to enforce Article 32 … which requires businesses to take appropriate technical and organizational measures to protect the processing of personal data.”
BBC – Black Hat: GDPR privacy law exploited to reveal personal data
“About one in four companies revealed personal information to a woman’s partner, who had made a bogus demand for the data by citing an EU privacy law.”
VRTNWS – Chinezen voerden massaal cyberaanvallen uit op Belgische handelsmissie.
“De Belgische delegatie is van tevoren gebrieft om bepaalde veiligheidsmaatregelen te nemen en bijvoorbeeld laptops en gsm’s thuis te laten …”
The Hacker News – New Flaw Lets Rogue Android Apps Access Camera Without Permission
“An alarming security vulnerability … that could allow malicious apps to secretly take pictures and record videos — even when they don’t have specific device permissions to do so.”
The Hackers News – Company detected years-long breach only after hacker maxed out servers’ storage
… According to the FTC, InfoTrax Systems failed to “inventory and delete personal information it no longer needed, conduct code review of its software and testing of its network, detect malicious file uploads, adequately segment its network, and implement cybersecurity safeguards to detect unusual activity on its network.” …
The Register – Ex-Microsoft dev used test account to swipe $10m in tech giant’s own store credits, live life of luxury, Feds allege
“‘No safeguards’ on QA accounts, and suddenly this guy gets a Tesla and $1.6m home, say prosecutors”
Franklin – Handelaar veroordeeld tot boete van 10.000 € voor het opvragen van EID
“Schending van het beginsel van minimale gegevensverwerking” en “De verwerking was niet rechtmatig”
Nakedsecurity – Ransomware attacks paralyze, and sometimes crush, hospitals
“A California medical practice that suffered a ransomware attack … . As a result, it’s closing: the clinic will be out of business as of 17 December 2019.”
CNBC – As the school year begins, beware of hackers
“Colleges, training providers and other private educational companies received more malicious emails than any other sector in the first quarter of 2019, according to Mimecast, an email and data security company.”