Anita Anand of Allen & Overy writes: The Article 29 Working Party this week published draft Guidelines on personal data breach notificationunder GDPR. The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day. Many are now asking what further…
Category: Of Note
Kromtech Security Center Releases Tool to Identify and Prevent Data Leaks for Amazon S3 Users
Since 2015, this site has been reporting on data leaks due to misconfigured databases or devices that are indexed on shodan.io or other specialized search engines. Many of the leaks I have reported on involve AWS S3 buckets. And despite the fact that Amazon has issued reminders and guidance to its customers about securing buckets,…
UK: NHS data loss scandal deepens with further 162,000 files missing
Rajeev Syal and Denis Campbell report: The scandal over the biggest ever loss of NHS medical correspondence has deepened with the revelation that a further 162,000 documents went missing, in addition to the 702,000 pieces of paperwork already known to have gone astray. MPs said they were “dumbstruck” to learn that even more material relating…
Data breach exposes millions of South Africans’ personal records
Andrew Fraser reports: A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt. Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30m unique South African ID numbers. The…
South Korean Gov’t Investigating Bithumb Security Breach, World’s Largest Cryptocurrency Exchange
Joseph Young reports: Local news publications and leading media outlets in South Korea have reported that Bithumb, the world’s largest cryptocurrency exchange by trading volume, suffered a security breach that affected 30,000 users on the trading platform. Seoul Central Prosecutor’s Office for Advanced Criminal Investigation has announced that it had taken over the case and…
New attack works against all WPA2 WiFi networks: Android & Linux most vulnerable, but iOS and macOS too
Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can…