From the Information Commissioner’s Office: The ICO has fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers. An ICO investigation looked at the theft of a hard drive device containing 59,592 customers’ names, addresses and bank account details including account numbers and sort codes. The device…
Category: Non-U.S.
Waterly app potentially exposed up to 1 million Israelis’ details- researcher
A vulnerability in a mobile application that many Israelis use to pay their water or other municipal bills may have left 860,000 – 1,000,000 users at risk of account takeover or theft of their personal information. The Waterly app, by M.G.A.R. Ltd, allows users to sign up to pay their water bills. As part of the process, signing up creates…
UK: Car rental firm data thieves sentenced after ICO investigation
From the ICO: Former employees of Enterprise-Rent-A-Car have been sentenced for conspiring to steal customer information that accident claims companies could use to make nuisance calls and sell on as personal injury claims. Details of tens of thousands of customers from the car hire company were sold for hundreds of thousands of pounds, leading to unlawful…
Ca: Thousands of University of Alberta students, faculty put at risk in malware security breach
Juris Graney reports: Malware installed on more than 300 computers put over 3,000 University of Alberta students at risk late last year, but because of a police probe resulting in charges against a 19-year-old man, the breach wasn’t shared campus-wide until Thursday. In a statement posted to its website, Gordie Mah, the chief information security…
PH: ‘Comeleak’: Poll chief rapped for data breach, may face criminal prosecution
Vito Barcelo reports: The National Privacy Commission found the Commission on Elections liable for violating the Data Privacy Act of 2012 and recommended the criminal prosecution of Chairman J. Andres D. Bautista for “the worst recorded breach on a government-held personal database in the world” last March. In a decision, dated Dec. 28, on NPC Case…
UK: Derbyshire computer hacker who broke into a company’s emails is now helping it get secure
Kit Sandeman reports that a 24-year-old man from London who was arrested after targeting an unnamed organization in Derbyshire has been given a “restorative justice” option: The man admitted accessing email accounts by using information found on social media sites such as LinkedIn and Facebook to identify targets, and bypass their security questions. This then…