The Norwegian Data Protection Authority has imposed a EUR 50,000 (NOK 500,000) fine on Moss Municipal Council for failing to adequately protect personal data. The error has been corrected and the case closed. In connection with the amalgamation of the municipalities of Rygge and Moss in January 2020, efforts were made to combine the use…
Category: Non-U.S.
India under attack by rapidly-evolving advanced persistent threat actor SideCopy, says Cisco Talos
Simon Sharwood reports: Cisco’s Talos security unit says it has detected an increased rate of attacks on targets on the Indian subcontinent and named an advanced persistent threat actor named SideCopy as the source. The outfit on Wednesday posted that it has tracked “an increase in SideCopy’s activities targeting government personnel in India using themes and tactics…
Ransomware-hit law firm gets court order asking crooks not to publish the data they stole
Gareth Corfield reports on what sounds like a legal Hail Mary play: A barristers’ chambers hit by a ransomware attack has responded by getting a court order demanding the criminals do not share stolen data. 4 New Square chambers, which counts IT dispute experts among its ranks, obtained a privacy injunction from the High Court…
Spanish King’s health info exposed due to vulnerability in COVID certificate portal
Katie Harris reports: King Felipe VI of Spain’s health data has been exposed in a security breach, insiders fear. The royal was among thousands affected by the computer security failure of the Madrid health system. The breach meant people’s private data such as their telephone number, social security number and address could be accessed by…
People’s Republic of China Passes the Data Security Law: A Summary of What We Know
Kim Peretti, Lance Taubin, and Emily Poole of Alston & Bird write: On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where…
The Waikato DHB breach: What do NZ regulations consider reasonable security?
DataBreaches.net reports on breaches from many countries, including New Zealand. On my companion site, PogoWasRight.org, I’ve posted approximately 200 news stories about privacy incidents there, their privacy laws, and decisions by their privacy commissioner. And on this site, I’ve posted almost 200 more articles about breaches impacting New Zealand. But when the Waikato District Health…