FBI nabs website for selling breached records

(Jan 17, 2020) Silicon Republic reports the U.S. Federal Bureau of Investigation has shut down WeLeakInfo.com for selling personal records from data breaches over the last three years. According to the FBI, the website collected personal information from more than 10,000 data breaches and then sold access to the records for as little as $2. Types of records collected and sold included names, email addresses, usernames, phone numbers and unencrypted passwords. Meanwhile, the Federal Trade Commission announced f... Read More

N&L privacy commissioner investigating breach of city's website

(Jan 17, 2020) The Office of the Information and Privacy Commissioner of Newfoundland and Labrador is investigating a data breach of a city's website, Insurance Business Canada reports. The city of Corner Brook found four unauthorized users accessed its website's directory. The directory contained residents' names, addresses and birthdates. The information of 10,000 people may have been exposed in the breach. City officials could not confirm whether personal information was viewed during the incident. "We have... Read More

'Non-sensitive' data exposed in P&N Bank breach

(Jan 16, 2020) A data breach at Australia’s P&N Bank exposed “non-sensitive” personal information, including customer names, addresses, account numbers and balances, iTnews reports. In an email to P&N’s approximately 96,000 members, CEO Andrew Hadley said no customer passwords or credit card details were compromised. The incident occurred during a server upgrade by a third-party IT provider around 12 Dec. 2019 and is being investigated by the Western Australian Police Force and federal authorities. “Up... Read More

US court approves $1.38B Equifax class-action settlement

(Jan 15, 2020) The U.S. District Court Northern District of Georgia has signed off on Equifax's $1.38 billion class-action settlement over its 2017 data breach, BankInfoSecurity reports. According to Chief Judge Thomas Thrash Jr.'s decision, Equifax will put $1 billion toward improving its data security, while a maximum of $31 million in damages will be distributed among affected consumers. "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders o... Read More

Web con: 'To Notify or Not to Notify? That Is the Question'

(Jan 14, 2020) Privacy professionals must navigate data breach notification regulations around the world, and their organizations risk significant reputational and financial damages for noncompliance. To meet these requirements, privacy professionals must find new ways to approach their incident response operations. Join the IAPP Jan. 30 for this sponsored web conference to learn the key steps involved to streamline the incident response process and the best practices to comply with global data breach notifica... Read More

49M data broker records for sale online

(Jan 14, 2020) Forty-nine million business contacts believed to belong to San Francisco–based data broker LimeLeads are being sold on a hacking forum, ZDNet reports. Security researcher Bob Diachenko said an internal Elasticsearch server was exposed since at least July 27, 2019. He notified LimeLeads Sept. 16, and the company secured the server the next day. The hacker has been selling the data, including user emails, addresses, company revenue and number of employees, since October 2019. Meanwhile, BankInfoSe... Read More

Amazon employees fired over leaked customer data

(Jan 13, 2020) Amazon has fired an undisclosed number of employees after customers' email addresses and phone numbers were shared with a third party in violation of the company’s policies, TechCrunch reports. The company sent an email to customers Friday, and a spokesperson confirmed a number of employees were terminated, but it is unknown how many, when and with whom the customers’ information was shared and how many customers were affected. Amazon’s email to customers said no other information was shared and... Read More

South Korean court finds privacy officer liable for data breach

(Jan 10, 2020) According to Hunton Andrews Kurth's Privacy & Information Security Law Blog, the Seoul Eastern District Court has ruled a South Korean privacy officer was negligent in preventing a 2017 data breach that affected 494,000 combined customers and employees. Hana Tour Service's Kim Jin-Hwan was charged with violations of South Korea’s Personal Information Protection Act and the Network Act. The court's decision includes a 10 million won fine for Hwan in addition to a previous 327.25 million won f... Read More

ICO fines retailer 500K GBP for data breach affecting 14M

(Jan 9, 2020) The U.K. Information Commissioner's Office fined DSG Retail 500,000 GBP for a data breach. The ICO found hackers installed malware on 5,390 cash registers at DSG's Currys PC World and Dixons Travel locations between July 2017 and April 2018. Hackers were able to access 5.6 million payment card records and the personal information of 14 million individuals, including names, postcodes and email addresses. The attack went on for nine months before it was detected. The agency found DSG violated the ... Read More

A breakdown of Singapore's mandatory breach notification law

(Jan 9, 2020) In a post for Reed Smith's Technology Law Dispatch blog, Counsel Charmian Aw, CIPP/A, CIPP/E, CIPP/US, CIPM, FIP, examines the details of Singapore's amended mandatory data breach notification law. Besides describing the contents and provisions of the law, Aw provides specific information on breach-reporting requirements and need-to-know information for organizations prior to the law taking effect.Full Story... Read More