Last month, this blog reported that the UK site of Lush cosmetics had been hacked. Three weeks later, Lush customers in Australia and New Zealand are being notified by email that those Lush sites were hacked as well. The breaches occur to be separate hacks and reportedly only affect those who placed orders online. The…
Category: Non-U.S.
UK: Treasury does well out of local data breaches
Taxpayers’ money is being used to pay hundreds of thousands of pounds of fines imposed on councils for data protection breaches. In the past two months, the Information Commissioner’s Office (ICO) has fined councils more than £350,000 for falling foul of laws. Defending the decisions the ICO said the purpose of monetary penalties is to…
UK: Police officers and staff broke data laws 67 times in three years
Often, the only way we find out the scope of a problem is when the media or activists file a freedom of information request. Some data revealed thanks to a Freedom of Information request made by the Scunthorpe Telegraph: Humberside Police officers and staff breached data protection laws 67 times in the past three years,…
UK: Around 10,000 CRB background checks land in the wrong inbox
Gwent Police is taking remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act for accidentally emailing results of Criminal Reference Bureau (CRB) checks performed by the force to a member of the public. An email containing a spreadsheet of the results of around 10,000 CRB enquiries was…
UK: Labour forum leaks email addresses
John Leyden reports: Basic design flaws on a Labour party members forum exposed the email addresses of users to harvesting. Surfers who register through the site http://members.labour.org.uk were invited to confirm their membership, and activate their account, by clicking on the link in an email sent to a specified account. The email follows the form…
Ie: Data breach at RecruitIreland.com
Aoife Carr reports that Gardai are investigating a security breach involving the recruitment website RecruitIreland.com: It is thought that names and e-mail addresses of those registered with the site were accessed for spamming purposes. The site was shut down yesterday afternoon when the breach was noticed….. CVs, usernames and passwords are not thought to have…