Dr. Adem Koyuncu and Valerie Mei of Covington & Burling write: On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in…
Category: Non-U.S.
Travelex Forced into Administration After Ransomware Attack
After all these years of reporting on breaches, it’s still unusual to read that a company has folded as a result of a data breach, but we live in different times because of the added burden of the pandemic. Phil Muncaster reports: Ransomware victim Travelex has been forced into administration, with over 1000 jobs set…
Argentina exposes COVID-19 health data in error
Tim Sandle reports: Argentina’s health officials have apparently exposed personal medical data relating to some 115,000 COVID-19 quarantine exemption applicants, in what represents a major health sector data breach. […] An Elasticsearch database containing personal information of more than 115,000 Argentinians who applied for COVID-19 circulation permits was exposed on the web without a password…
UK Dentists May Have Had Bank Details Stolen Following Data Breach
When I saw the ransomware attack on the British Dental Association noted on a Russian-language forum, I didn’t think too much about it. After all, it was just another professional organization or guild organization, right? Maybe I should have paid more attention because the organization may have stored more personal and sensitive information that I…
Pepperstone Updates Clients on Data Breach Investigation
Aziz Abdel-Qader reports: Multi-regulated FX broker Pepperstone has just updated its clients about the data security breach that occurred just over a week ago. The company said the security issue had originated from one of its third-party vendors after cybercriminals used malware to compromise its computers and obtained access to the provider’s credentials. Not so long after…
SPARTOO: sanction of 250,000 euros and injunction under penalty to comply with the GDPR
From the CNIL, the French data protection authority: SPARTOO is specialized in the online shoe sales sector. For this activity, it has a website accessible in thirteen countries of the European Union. The CNIL inspected the company in May 2018, and noted shortcomings concerning the data of customers, prospects and employees. The President of the CNIL therefore…