Oliver Wright reports: The Brexit campaign group Leave.EU and an insurance company run by its founder Arron Banks are facing fines of £120,000 for data protection breaches. The Information Commissioner’s Office (ICO) is to fine Leave.EU £15,000 for unlawfully using Eldon Insurance customers’ details to send 300,000 political marketing messages, and a further £45,000 for…
Category: Miscellaneous
United States: National Futures Association Adopts Notification Requirement For Certain Cybersecurity Incidents
Jeffrey P. Taft and Matthew Bisanz of Mayer Brown write: On January 7, 2019, the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.1 As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services…
Youth-run agency AIESEC exposed over 4 million intern applications
Zack Whittaker reports: AIESEC, a non-profit that bills itself as the “world’s largest youth-run organization,” exposed more than four million intern applications with personal and sensitive information on a server without a password. Bob Diachenko, an independent security researcher, found an unprotected Elasticsearch database containing the applications on January 11, a little under a month…
Ca: UCP members ‘at risk for identity theft’ after laptop stolen, expert says
Lucie Edwardson reports: The United Conservative Party‘s privacy policies are being questioned after a party laptop was stolen out of an employee’s car in a parkade. The laptop contains the names, addresses and contact information of 40,000 UCP members. Experts say the language used in the memo to inform members was confusing and didn’t answer important questions….
North Korea defector hack: Personal data of almost 1,000 leaked
BBC reports: Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said. A personal computer at the state-run centre was found to have been “infected with a malicious code”. The ministry said this is thought to be the first…
US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…