Big fines aren’t the big deal

Uber decided to double-down in its race to the moral bottom. Not content with spying on customers, misleading regulators, employing sex-pests and generally having a toxic corporate culture, the taxi-subsidy service tried to conceal a hack that breached the personal details of more than 57m people, including drivers as well as riders. Much is being … Continue reading Big fines aren’t the big deal

You’re in trouble no-o-o-w…

The Equifax mega-breach has now led to two UK regulators investigating the same cock-up. The ICO obviously jumped in straight away, as you'd expect, but now the FCA has turned up to the party, bottle of cheap Bulgarian red from the corner shop in sweaty hand, hoping there's still some cake left. This will be fun. … Continue reading You’re in trouble no-o-o-w…

Yes, data protection matters to you too

It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too

News in brief

UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief

At least make a token effort

I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort

What was that about insider risk?

I think I might have mentioned recently that your main cyber risk is your own staff,  and that it's more often carelessness than ill intentions. Apparently I was being clairvoyant again: yesterday Boeing notified the regulator that an employee had accidentally sent out the personal details of 36,000 staff in an email to his wife.  Now Boeing has to pay for … Continue reading What was that about insider risk?

Encrypt data at rest

The Register reports this morning: American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Encrypted? Obviously not. Excuse? None. https://www.becrypt.com/uk/encryption http://buy.symantec.com/estore/clp/productdetails/pk/drive-encryption http://www.deslock.com/ https://www.checkpoint.com/products/full-disk-encryption/ http://windows.microsoft.com/en-gb/windows-vista/bitlocker-drive-encryption-overview BitLocker is even free. How hard … Continue reading Encrypt data at rest