Background information Date of final decision: 9 December 2021 National case Controller: Warsaw University of Technology Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), Security of processing (Art. 32(1), Art. 32(2)) Decision: infringement of GDPR, fine issued Key words: principles, processing, security, data protection Summary of…
Category: Hack
Cyberattack Hits Ukrainian Websites as Russia Tensions Mount
Alberto Nardelli, Vladimir Kuznetsov and Kateryna Choursina report: Ukraine’s worst cyberattack in four years brought down the websites of scores of government agencies for hours. Authorities didn’t immediately identify the source of the hacks, which took place as tensions with Russia intensified over its troop buildup across the border. Seventy government agencies were hit, including…
Breach of the Protection and Accountability Obligations by Nature Society (Singapore) 14 Jan 2022
A financial penalty of $14,000 was imposed on Nature Society (Singapore) for breaches of the PDPA. First, the organisation failed to put in place reasonable measures to protect personal data on its website database. Second, it did not appoint a data protection officer. Lastly, it did not have written policies and practices necessary to comply…
Ransomware gang behind attacks on 50 companies arrested in Ukraine
Catalin Cimpanu reports: Ukrainian authorities have detained five members part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas. The arrests, which took place earlier this week, targeted the group’s leader, a 36-year-old Kyiv resident, his wife, and three acquaintances. Officials said the group hacked into…
Hackers Raided Panasonic Server for Months, Stealing Personal Data of Job Seekers
Graham Cluley writes: Tech giant Panasonic has confirmed that one of its servers suffered a data breach which saw the personal information of job applicants accessed by an unauthorised party. The security breach, which saw hackers illegally access a Panasonic file server located in Japan via an overseas subsidiary, began on June 22 2021, and only ended…
South African justice department clueless about hacked data
It’s not exactly the headline you’d want for your agency, but that’s what MyBroadband came up with for this report by Myles Illidge: The Department of Justice and Constitutional Development (DoJ&CD) has no idea whether any data was stolen during a ransomware attack on its systems in September 2021. “The Department cannot tell with certainty as to…