A Scottish council has been rapped by the regulator for repeatedly failing to train staff around data protection. West Dunbartonshire Council were told to implement training on several occasions, as well as being advised to put in place a policy around home working. But their failure to do so ultimately contributed to a data breach…
Category: Non-U.S.
Amazon denies Movimiento Cuidadano’s claim that they were “hacked”
DataBreaches.net is not alone in being outraged that in response to a massive data leak that put the information of 87 million Mexican voters at risk, Movimiento Ciudadano appears to be falsely claiming that the voter data list they stored on Amazon cloud was “hacked.” The political party has been repeating that false claim on Twitter and in…
American Samoa Domain Registry Was Exposing Client Data Since the mid-1990s
Catalin Cimpanu reports: A British security researcher that goes online only by the name of InfoSec Guy revealed today that American Samoa domain registry ASNIC was using an outdated domain name management system that contained a bug allowing anyone to view the personal details of any .as domain owner. The researcher also claims that anyone…
Movimiento Ciudadano admits it was their copy of the Mexican voter list on AWS, tries to deflect blame to researcher
A reader kindly informed me that Movimiento Ciudadano, one of the political parties that had legitimate access to Mexico’s voter data list, has admitted it was responsible for the leak on Amazon. Except that as I read more, I realized they weren’t really admitting they were responsible for the leak. I’ve been trying to read/translate a number…
PH: BIR probes employees for leaking sensitive data
Ben O. de Vera reports: The Bureau of Internal Revenue (BIR) is looking into an alleged leak of confidential information obtained from tax tipsters. In Revenue Memorandum Circular No. 50-2016 issued last April 22, BIR Commissioner Kim S. Jacinto-Henares said the leak was allegedly perpetrated by the bureau’s own officers and employees. Henares said the…
Norway Starts Requiring Data Breach Notification
Marcus Hoy reports: The Norwegian Data Protection Authority recently said it will require companies to notify individuals whose personal data has been disclosed without their consent. DPA Senior Adviser Eirin Oda Lauvset told Bloomberg BNA April 18 that Norwegian laws don’t specify a general right for data subjects to be informed of breaches. According to the DPA,…