The following is a Google machine translation of a post by Italy’s data protection regulator. It strikes me yet again how entities covered by the GDPR get fined for poor or inadequate security practices that should — but generally do not — incur monetary penalties here: Sanction by the Privacy Guarantor of 30,000 euros to a…
Category: Non-U.S.
France says Russian state hackers breached numerous critical networks
Bill Toulas reports: The Russian APT28 hacking group (aka ‘Strontium’ or ‘Fancy Bear’) has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia’s military intelligence service GRU, was recently linked to the exploitation of CVE-2023-38831, a remote…
AU: ASIC modifies licensees’ breach reporting obligations
Rachel Walker and Elouise Casey of Dentons write: Failure to comply with the mandatory breach reporting regime is arguably the canary in the coal mine for regulatory compliance to Australian Securities and Investments Commission (ASIC). We are expecting ASIC’s second annual report on the regime to be published very shortly, and we expect compliance has not…
No need to hack when it’s leaking, Wednesday edition
Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records. The database contained a massive amount of medical test results that included…
Indian govt’s insistence that Aadhaar is secure rings hollow in wake of breaches
Joel R. McConvey reports: India is bleeding biometric information, with new data breaches giving credence to a recent report by the credit rating agency Moody’s warning that Aadhaar’s centralized biometric digital ID system has privacy and security vulnerabilities. A piece in Security Affairs reports that earlier this month, the cybersecurity firm Resecurity found hundreds of millions of records containing…
University of Tokyo PC Infected with Malware in July 2022; Possible Leak of Students’ Addresses, Grades
The Yomiuri Shimbun reports: A computer at the University of Tokyo had been infected with malware, possibly leaking up to 4,341 files containing addresses and grades of students from the academic years of 2003 to 2022, the university said Tuesday. The PC belonged to the Graduate School of Arts and Sciences, the College of Arts…