Fridges could be listening to you…the downside and privacy problems of interconnectivity

July 27, 2017

The Fairfax press has run a legitimate, if breathless, report on fridges having the potential to turned into listening devices in Queensland police say fridges could be turned into listening devices.  The context of the story is about parliamentary inquiry into surveillance powers.  It touches on two neglected but potent developments; the new modes of surveillance, in this case using connected devices, and the expansion of the internet of things, with the attendant weakness with data security and privacy protections.  It is a timely reminder of Read the rest of this entry »

Sweden, careful and conscientious Sweden, has a massive data breach

July 26, 2017

It is not too common that Sweden finds its itself as the victim of a massive data breach.  It was an early implementer of data protection laws and generally has been seen as having a good system in place to protect personal information.  As the itnews article  Sweden exposed sensitive data on citizens, military personnel and the New York Times with Swedish Government Scrambles to Contain Damage From Data Breach that maintaining proper data security is a constant challenge. It is likely to Read the rest of this entry »

Lloyd’s estimates that an extreme cyber attack could result in losses of up $121 billion

July 23, 2017

Lloyds has published a report titled Counting the Cost where it estimates that of the potential economic impact of a hypothetical malicious hack on a cloud service provider, and attacks on vulnerable computer systems run by businesses around the world could be as high as $53bn and $28.7bn respectively. A cloud service disruption scenario, because of the uncertainty around aggregating cyber losses could result in losses as high as $121bn, or Read the rest of this entry »

Federal Trade Commission halts company that used information in loan applications to sell personal information to third parties wanting leads for their own business purposes for the pu

July 20, 2017

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

Ashley Madison data breach results in $11.2million settlement

July 15, 2017

The Ashley Madison breach of 2015 when 25 gigabytes of data, including personal information was accessed and stolen was one of the biggest breaches to that date.  It also resulted in huge embarrassment for users of the Ashley Madison website and major reputational damage for Ashley Madison.  Not only did it Read the rest of this entry »

Royal Free London NHS Foundation Trust enters into undertaking because of the breach of the Data Protection Act in turning over sensitive medical data of around 1.6million patients to DeepMind

The UK Information Commissioner’s Office (the “ICO”) has its detractors however as a regulator it has been by far more energetic than its Australian equivalent.  The legislative structure is different as is the resourcing.  The UK Data Protection Act provides more scope for enforcement action and the penalties can be swingeing.  That said the approach taken by the ICO in both adopting an educational approach, the carrot, but also high profile and tough regulatory action, monetary penalty notices, highlights a difference with the Office of the Information Commissioner, which has been all about the education and very little about the enforcement. That has had a deleterious effect on privacy and data protection compliance in Australia.

The ICO took action against the Royal Free London NHS Foundation Trust for failing to Read the rest of this entry »

US National Institute of Standards and Technology releases draft Application Container Security Guide

The National Institute of Standards and Technology (“NIST”) has released a draft of is Application Container Security Guide.  While the NIST is an American agency its guides have Read the rest of this entry »

Data breaches at Flight Centre and elsewhere…the excuse “Human Error” seems to be more acceptable than system faults..really?

The passport details of Flight Centre customers have been released to third parties who were working with Flight Centre in developing business products.  The extent of the breach, in terms of numbers of passport holders personal information being leaked and what exactly was released to the unauthorised party, has not been disclosed.  That level of opaqueness in notification tends to be typical in Australia but much less so in the United Kingdom and the United States. Curiously the Flight Centre stresses that human error, rather than a systems failure, was the cause of the breach.  As if that makes it better or less serious.  The Privacy Act Read the rest of this entry »

Medicare numbers available on the dark web

July 4, 2017

The theft of personal information and subsequent sale on the internet, the “darknet” to be more dramatic, is common, lucrative and, because poor privacy and cyber security policies and protections by many organisations, an increasingly attractive way for criminals to make money. It is not necessary to obtain credit card or bank details.  Getting official identifiers like social security numbers have intrinsic value.  Which is why the report of Medicare numbers being sold on line is Read the rest of this entry »

Anthem Inc, America’s largest health insurance company settles litigation over hack of 79 million people’s accounts for $115 million

June 24, 2017

Reuters reports in Anthem to pay record $115 million to settle U.S. lawsuits over data breach a resolution of a class action arsing out of a massive data breach of 79 million individuals’ personal information.

The Plaintiffs’ website announced that the court will consider the settlement on Read the rest of this entry »