The Norwegian data protection authority (Datatilsynet) has imposed an administrative fine of NOK 250,000 [USD $22,669.69] on Grue municipality for breach of GDPR requirements. They explain: Personal data that should have been confidential was made available to unauthorised persons in the municipality’s public records. This constitutes a breach of the municipality’s duty to ensure adequate…
Category: Non-U.S.
Russia arrests hacker accused of preventing electronic voting during local election
Funny how Russia doesn’t like it when someone interferes with their elections, huh? Daryna Antoniuk reports: Russia’s Federal Security Service (FSB) announced that it had detained a Moscow resident for conducting distributed denial-of-service (DDoS) attacks during local elections in September, targeting infrastructure in the capital and the Moscow region. According to the agency’s press service, the…
Fr: Macron’s bodyguards reveal his location by sharing Strava data
Iain Thomson reports: The French equivalent of the US Secret Service may have been letting their guard down, as an investigation showed they are easily trackable via the fitness app Strava. An investigation by Le Monde has shown that members of the Security Group for the Presidency of the Republic (GSPR) have been openly displaying…
Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds
Harvey Cashore, Daniel Leblanc report: At the height of this year’s tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country’s largest tax preparation firms, H&R Block Canada. Imposters used the company’s confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change…
Russia Tied to Ukrainian Military Recruit Malware Targeting
Mathew J. Schwartz reports: Potential Ukrainian military recruits are being targeted with malware and anti-mobilization messaging through legitimate Telegram channels. A report from Google’s Threat Intelligence Group attributes the “hybrid espionage and information operation” to a suspected Russian group, codenamed UNC5812, whose Telegram persona goes by the handle “Civil Defense.” Telegram remains a vital source of information…
Postel S.p.A. and the 2023 Data Breach: The Medusa Attack and Sanctions from the Data Protection Authority
Over on SuspectFile, Marco A. De Felice writes: In August 2023, Postel S.p.A., a leading Italian company in the postal services and digital communications sector, became the victim of a serious cyberattack. The Medusa cybercriminal group exploited unresolved vulnerabilities in the company’s systems, gaining access to a large amount of sensitive data. This breach raised significant…