Sarah Michael reports: Witchery has shut down its mobile website after it was hit with a security breach that exposed customers’ personal details and orders. A glitch in the “track my order” function for online shopping opens personal details pages of other customers, and even allows them to edit the information. It also allows them…
Category: Non-U.S.
Vodafone Iceland breached, customer details, SMSes stolen
Michael Lee reports: Vodafone Iceland is now in the middle of an investigation into how its website was attacked and customer data information, including SMS messages, were leaked to the public. On November 30, the company’s Icelandic website was defaced by attackers and subsequently taken offline. At the time, Vodafone did not believe that any…
UK: An undertaking serves as a reminder that all employees need to be trained on data protection
The Information Commissioner’s Office (ICO) notes that an Undertaking has been signed by the Royal Borough of Windsor & Maidenhead, following an incident in which restricted information about 257 employees was disclosed on its intranet in error. The incident occurred in January of 2013 when a spreadsheet with details on employees who had not signed…
UK: Foyle Women’s Aid undertaking and follow-up
I guess the Information Commissioner’s Office (ICO) doesn’t publicly post all undertakings, as we are first finding out about an August undertaking in November, when a follow-up was conducted and disclosed. In June 2012, the ICO learned that a folder belonging to a Criminal Justice Support worker employed by Foyle Women’s Aid, was left in a…
UK: Council criticized for data protection breaches
BBC reports: A report by the Information Commissioner said “immediate action is required” to ensure Anglesey council complies requirements (sic). It said “physical security and storage standards relating to manual records within the council’s offices were not appropriate”. The council says it has agreed an action plan to address concerns and said work was already…
How Germany’s taxman used stolen data to squeeze Switzerland
Edward Taylor, Matthias Inverardi and Mark Hosenball report: In the digital age, pen and paper are useful tools for intrigue. In 2007, Sina Lapour, an assistant to a private banker at Credit Suisse, hand-copied the names of potential tax evaders listed on two of the firm’s internal computer systems. By not downloading information, Lapour avoided…