News

Privacy and data protection

• July 29, 2021 29 Jul'21

  Investigatory Powers Tribunal finds UK spy agencies unlawfully collected personal data

  Campaign groups Privacy International and Liberty are gearing up to bring further legal action after a court found that UK spy agencies unlawfully collected phone and internet records

• July 28, 2021 28 Jul'21

  Almost half unaware of GP data-sharing plans

  Around half of adults in England – approximately 20 million people – remain unaware of the scope of the NHS GPDPR programme, prompting calls for a public education campaign

• July 27, 2021 27 Jul'21

  ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower

  The Information Commissioner’s Office has ended its involvement in a dispute between a data breach whistleblower and NatWest bank

• July 27, 2021 27 Jul'21

  US lawmakers call for probe into ‘arrogant’ spyware firm

  US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal

• July 27, 2021 27 Jul'21

  TikTok sets up cyber security hub in Dublin

  Dublin-based cyber centre will oversee the security of TikTok’s users across Europe

• July 27, 2021 27 Jul'21

  How IBM is solving the data privacy problem

  IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy

• July 26, 2021 26 Jul'21

  No More Ransom initiative saves £850m over five years

  Initiative’s free ransomware decryption tools have been used by more than six million people since 2016

• July 25, 2021 25 Jul'21

  Tokyo 2020 hit by data breach

  The user names and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised, but government official claims the data leak was not large

• July 25, 2021 25 Jul'21

  OAIC: Uber failed to protect personal data of Australians

  Uber did not take reasonable steps to protect Australians’ personal information from unauthorised access, says Australia’s national privacy watchdog

• July 21, 2021 21 Jul'21

  France’s Macron among alleged Pegasus targets

  Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware

• July 20, 2021 20 Jul'21

  NCSC’s Cameron urges deeper cyber alliance-building

  Speaking to an event in Israel, NCSC CEO Lindy Cameron has praised joint UK-Israeli efforts on security collaboration

• July 20, 2021 20 Jul'21

  NHS Digital tightens rules for GPDPR data scrape

  The proposed collection of patient data held by GPs will now only commence when three key criteria have been fulfilled, says NHS Digital

• July 19, 2021 19 Jul'21

  UK, US confirm Chinese state backed MS Exchange Server attacks

  UK and US governments, alongside the EU and Nato, have formally attributed the March 2021 Microsoft Exchange Server attacks to Chinese state-backed actors

• July 19, 2021 19 Jul'21

  Pegasus mobile RAT abused to monitor journalists and activists

  Israel-based surveillance specialist NSO Group is facing renewed pressure after it emerged its Pegasus mobile surveillance tool may be being widely abused by repressive regimes

• July 19, 2021 19 Jul'21

  Privacy Shield: One year on and companies are still grappling for answers

  Activist lawyer Max Schrems and Eduardo Ustaran, partner at Hogan Lovells, look for common ground in a problem with no easy answers

• July 15, 2021 15 Jul'21

  Lawyers take EncroChat hacking operation to French supreme court

  Lawyers head to French supreme court after appeals court finds EnroChat inception legal under French law

• July 15, 2021 15 Jul'21

  Privacy Shield: US surveillance law reforms essential for EU-US data, says EU parliamentary study

  EU Committee on Civil Liberties, Justice and Home Affairs study calls for major reforms of US spying laws to enable an EU-US data-sharing agreement to replace Privacy Shield

• July 15, 2021 15 Jul'21

  Singapore to invest S$50m in ‘digital trust’ capabilities

  The Singapore government is pumping in S$50m to bolster research in technologies that will foster digital trust in areas such as privacy protection and identity management

• July 14, 2021 14 Jul'21

  REvil ransomware crew drops offline, reasons murky

  The REvil ransomware operation appears to have gone dark, but claims about its demise are almost certainly exaggerated

• July 13, 2021 13 Jul'21

  Secureworks sets up in EU datacentre for XDR services

  New datacentre location helps Secureworks’ customers meet EU data residency requirements

• July 13, 2021 13 Jul'21

  Dutch prosecutor ordered to give evidence on EncroChat hack

  Netherlands court rules that a public prosecutor should give evidence about the role of the Dutch in the EncroChat cryptophone hack which has led to arrests of organised gangs worldwide

• July 12, 2021 12 Jul'21

  NSW department of education hit by cyber attack

  Australia’s New South Wales department of education takes some systems offline as a precautionary measure in response to a cyber attack last Thursday

• July 09, 2021 09 Jul'21

  Met Police should release information on British WikiLeaks journalists passed to US, tribunal told

  The Metropolitan Police should release correspondence with the US Department of Justice about three UK based WikiLeaks journalists, despite national security claims, a tribunal heard

• July 07, 2021 07 Jul'21

  US government given permission to appeal UK’s decision to not extradite Julian Assange

  US offers assurances that Assange could serve time in his home country of Australia if convicted

• July 07, 2021 07 Jul'21

  ICO to probe Hancock over private email use

  Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business

• July 07, 2021 07 Jul'21

  How the UK Cyber Security Council plans to professionalise security

  As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is

• July 07, 2021 07 Jul'21

  Opportunists seen targeting Kaseya REvil victims

  Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident

• July 06, 2021 06 Jul'21

  About 60 Kaseya customers hit by REvil

  Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend

• July 06, 2021 06 Jul'21

  Cyber insurance costs up by a third

  The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance

• July 06, 2021 06 Jul'21

  BA reaches settlement in data breach group action

  A group action against BA following its 2018 data breach has been successfully settled

• July 05, 2021 05 Jul'21

  REvil crew wants $70m in Kaseya ransomware heist

  Two days after one of the largest ransomware attacks in history by the REvil/Sodinokibi gang, the security community is assessing its next moves, while over 1,000 victims remain in limbo

• July 03, 2021 03 Jul'21

  Berlin court finds EncroChat intercept evidence cannot be used in criminal trials

  In a major setback for police hacking operations, Berlin’s regional court has decided that intercepted data from the EncroChat phone network should not be used in criminal prosecutions

• July 02, 2021 02 Jul'21

  Cyber attackers up the ante on embattled IT teams

  Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements

• July 01, 2021 01 Jul'21

  Cyber espionage campaign targeted central Asian states

  The Afghan, Kyrgyz and Uzbek governments are all thought to have been targeted by the same APT

• July 01, 2021 01 Jul'21

  NHS IT fraudster Barry Stannard sentenced to five years in prison

  Stannard used his position as head of unified communications at an Essex NHS Trust to cheat the taxpayer of more than £800,000

• July 01, 2021 01 Jul'21

  Nominations open for 2021 Security Serious Unsung Heroes Awards

  Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators

• June 30, 2021 30 Jun'21

  Half of mobile phones sold in the UK at risk of security issues

  Lengthy mobile phone contracts leave buyers at risk of their devices losing support for security updates

• June 30, 2021 30 Jun'21

  REvil affiliates offer hefty ransom discounts, data reveals

  REvil or Sodinokibi ransomware activity is higher than ever, but its success appears to be relative, with some affiliates prepared to dramatically cut their prices

• June 30, 2021 30 Jun'21

  LinkedIn denies exposure of 700 million user records is a data breach

  Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach

• June 30, 2021 30 Jun'21

  Cops seize criminal VPN used by ransomware gangs

  A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity

• June 29, 2021 29 Jun'21

  EU recognises UK data protection adequacy but warns against divergence

  The European Commission has granted the UK data adequacy, allowing data sharing between the EU and the UK, but warns it may yet be revoked

• June 29, 2021 29 Jun'21

  Video game industry under relentless cyber attacks

  Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns

• June 28, 2021 28 Jun'21

  UK’s FCA bans crypto exchange Binance as crackdown spreads

  Ban on Binance Markets comes amid a wider global crackdown on the largely unregulated global market for cryptocurrencies and related assets.

• June 28, 2021 28 Jun'21

  HMRC-branded phishing scams surge despite protections

  The number of HMRC-branded phishing scams surged 87% in the past 12 months, according to latest revealed figures

• June 28, 2021 28 Jun'21

  Lazada rolls out public bug bounty programme

  Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty

• June 25, 2021 25 Jun'21

  NCSC CEO: UK-Ireland collaboration crucial to stop cyber threats

  Speaking at a conference in Dublin, NCSC Lindy Cameron is highlighting the importance of continued collaboration between the UK and Ireland to protect shared interests and counter security threats

• June 25, 2021 25 Jun'21

  Anglesey schools offline after cyber attack

  Isle of Anglesey County Council is investigating a cyber attack that has forced it to shut down systems at all five secondary schools on the island

• June 25, 2021 25 Jun'21

  CMA to probe Amazon and Google over fake reviews

  The CMA has opened an investigation into Amazon and Google over possible breaches of consumer protection law

• June 24, 2021 24 Jun'21

  Google hands third-party cookies a stay of execution

  Google’s proposed Privacy Sandbox initiative – which will see third-party cookies phased out in the Chrome web browser – has been pushed back to 2023

• June 24, 2021 24 Jun'21

  Stalkerware apps becoming normalised among young people

  Data in a new report appears to show that dangerous stalkerware apps are becoming normalised in younger age groups

• June 24, 2021 24 Jun'21

  EncroChat investigators had access to decryption ‘master key’, claim lawyers

  Defence lawyers claim that French investigators compromised the encryption of EncroChat and were able to decrypt messages from servers in a French datacentre

• June 23, 2021 23 Jun'21

  City of York picks Barracuda Networks for data protection

  York Council needed to refresh its backup service to bring new security protections after it went ‘all-in’ on Microsoft Office 365

• June 23, 2021 23 Jun'21

  UK councils reported over 700 data breaches to ICO in 2020

  Data disclosed under the Freedom of Information Act reveals an estimated 700 data breaches were reported to the Information Commissioner’s Office by local councils last year

• June 23, 2021 23 Jun'21

  Openness can protect Dutch companies against ransomware

  Dutch businesses that suffer ransomware attacks need to be more open about it, if this growing problem is to be brought under control

• June 22, 2021 22 Jun'21

  NSPCC, IWF help under-18s scrub their nude photos from the web

  Report Remove tool is designed to be used by under-18s to report nude images or videos of themselves that have appeared online

• June 21, 2021 21 Jun'21

  Parliamentary devices left in taxis, buses, trains and pubs

  Nearly 100 devices belonging to parliamentary staffers, including MPs and peers, were lost or stolen over the course of 2019 and 2020

• June 18, 2021 18 Jun'21

  NHS App reaches six million users, thanks to Covid vaccine feature

  More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status

• June 18, 2021 18 Jun'21

  ICO issues guidance on facial recognition in public spaces

  Information commissioner’s concern over the problematic use of facial recognition in public spaces has prompted her to publish official guidance on its deployment, while civil society calls for an outright ban

• June 18, 2021 18 Jun'21

  Lorca Ignite programme targets breakout cyber talent

  Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme

• June 18, 2021 18 Jun'21

  Carnival Cruises hit by fourth cyber incident in a year

  Latest data breach at Covid-hit cruise line comes hot on the heels of two recent ransomware attacks and a spring 2020 breach

• June 17, 2021 17 Jun'21

  Cyber crooks target Amazon Prime users ahead of retail bonanza

  A surge in malicious domain registrations ahead of Amazon Prime Day indicates cyber criminals have set their sights on exploiting vulnerable shoppers

• June 15, 2021 15 Jun'21

  NHS Test and Trace picks Risk Ledger to secure supply chain

  Risk Ledger’s technology promises ‘unparalleled’ visibility into NHS Test and Trace’s supply chain

• June 15, 2021 15 Jun'21

  Privacy pro salaries rise throughout pandemic, but at a cost

  Data from the IAPP’s latest salary survey reveals some insight into how the pandemic impacted the privacy profession

• June 15, 2021 15 Jun'21

  The Security Interviews: How to build a government model to ‘hack for good’

  Kyle Hanslovan started Huntress to give back after a career in the intelligence sector. After US authorities took action to help people hit by the Microsoft Exchange attacks, we discussed how governments can ‘hack for good’

• June 15, 2021 15 Jun'21

  How healthcare organisations are tapping data analytics

  Healthcare providers are harnessing data analytics to improve clinical and operational outcomes even as they continue to face challenges in data aggregation and data protection

• June 14, 2021 14 Jun'21

  G7 commits to action on ransomware, digital privacy

  The G7 urges Russia to do more to hold criminal ransomware gangs operating from within its borders to account as it commits to more action on the issue

• June 11, 2021 11 Jun'21

  FBI planned a sting against An0m cryptophone users over drinks with Australian investigators

  Australian Federal Police and the FBI came up with the idea over drinks: build a cryptophone network with a built-in backdoor and sell it to crime gangs around the world

• June 11, 2021 11 Jun'21

  CMA secures commitments from Google on future of cookies

  The Competition and Markets Authority is opening a consultation on commitments offered to it by Google to ensure its Privacy Sandbox proposals do not harm digital advertising markets

• June 11, 2021 11 Jun'21

  Australia names ‘strategic’ datacentre operators

  Australia’s Digital Transformation Agency certifies Macquarie Telecom, Canberra Data Centres and Australian Data Centres as strategic operators for hosting government data

• June 09, 2021 09 Jun'21

  FBI arrests distributors accused of selling An0m encrypted phones to crime groups

  Working with overseas law enforcement, the FBI has arrested eight people and named a further 13 accused of distributing An0m phones to organised crime groups

• June 08, 2021 08 Jun'21

  NHS Digital delays data collection plans until September

  NHS Digital has postponed its proposed collection of GP data for two months, to allow more time for the public to understand the process and opt out if wanted

• June 08, 2021 08 Jun'21

  National data guardian calls for dialogue on NHS Digital GP plans

  The UK’s national data guardian says it is important the public has clarity on how their confidential medical information will be used and kept secure under NHS data-sharing plans

• June 07, 2021 07 Jun'21

  Police raids around world after investigators crack An0m cryptophone app in major hacking operation

  Police in 16 countries carried out raids on after Australian Police and the FBI cracked an encrypted An0M communications network used by crime groups

• June 07, 2021 07 Jun'21

  EU privacy chief investigates use of US cloud services

  Use of Amazon and Microsoft’s cloud services by public sector bodies in the European Union is being scrutinised by the bloc’s privacy watchdog

• June 07, 2021 07 Jun'21

  NCSC updates schools ransomware guidance amid surge

  The National Cyber Security Centre says it is dealing with a renewed surge of ransomware attacks targeting schools, colleges and universities

• June 07, 2021 07 Jun'21

  Campaigners plan legal action over NHS data sharing

  Privacy coalition aims to force NHS Digital to push back its plans to scrape medical information on millions of patients into a central database

• June 07, 2021 07 Jun'21

  Updated standard contractual clauses will provide ‘legal certainty’ for transfer of data

  Organisations have 18 months to update data transfer agreements, known as standard contractual clauses, or SCCs, to continue sharing data outside the European Union

• June 04, 2021 04 Jun'21

  BCS: Lack of communication over NHS GPDPR ‘astonishing’

  The Chartered Institute for IT has warned that millions of people are not being properly informed of NHS Digital plans to harvest their data

• June 04, 2021 04 Jun'21

  Secrecy around EncroChat cryptophone hack breaches French constitution, court hears

  French lawyers claim that investigators are unlawfully withholding details of a cryptophone hacking operation in a case that could impact UK prosecutions

• June 04, 2021 04 Jun'21

  Government action on ransomware epidemic gathers pace

  The US government steps up action against ransomware operators, while the UK’s NCSC publishes guidance on preparing to deal with a ransomware attack

• June 03, 2021 03 Jun'21

  Norway’s auditor general lifts lid on energy industry’s cyber security risks

  Auditor General’s Office questions the security posture of Norway’s energy industry

• June 03, 2021 03 Jun'21

  Tories fined over email data protection breaches

  The Conservative Party broke the law by failing to properly keep records of who had unsubscribed from its mailing list

• June 03, 2021 03 Jun'21

  FireEye sold to private equity, Mandiant regains independence

  FireEye has agreed to sell its products business and name to a private equity consortium, while Mandiant will spin out as an independent threat intel business

• June 01, 2021 01 Jun'21

  Exagrid pays $2.6m to Conti ransomware attackers

  Backup appliance specialist hit by Conti ransomware in May with cyber criminals downloading employee and customer data, confidential contracts and source code

• May 28, 2021 28 May'21

  Privacy experts concerned over NHS data collection plans

  Security and data privacy experts warn NHS Digital that its data collection plans could increase risk and cause a public backlash

• May 27, 2021 27 May'21

  Loss of 150,000 police records made worse by management failures

  The loss of 150,000 records from a number of national policing systems was caused by a human coding error, but made worse by process and management failures

• May 27, 2021 27 May'21

  NGOs file complaints against Clearview AI in five countries

  Privacy and human rights organisations have asked data protection regulators in the UK, France, Austria, Italy and Greece to investigate controversial facial recognition company Clearview AI

• May 26, 2021 26 May'21

  More data stolen in January 2021 than in all of 2017, says report

  The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva

• May 26, 2021 26 May'21

  Millions of pounds lost to crypto fraud on social media

  More than £63m has been lost nationally by victims of investment fraud via a social media platform, says Action Fraud

• May 25, 2021 25 May'21

  GCHQ bulk interception programme breached privacy rights, Strasbourg court rules

  European Court of Human Rights finds that the UK’s bulk surveillance programme breached citizens’ privacy rights

• May 25, 2021 25 May'21

  CyberSprinters game gives kids a head start, says NCSC

  An online game for primary schools, clubs and youth organisations will teach children aged seven to 11 the fundamentals of staying safe online

• May 25, 2021 25 May'21

  Threat of group GDPR legal action haunts CISOs

  The vast majority of security leaders questioned for a new report say they are concerned about the possibility of group legal settlements against them following a serious data breach

• May 25, 2021 25 May'21

  Industry reflects on three years of GDPR

  Looking back on 12 tumultuous months, we assess how GDPR has weathered the effects of the Covid-19 pandemic and Brexit, and consider what the coming year may hold for data protection

• May 24, 2021 24 May'21

  Air India is latest victim of Sita hack

  Data on millions of people who flew with Air India between 2011 and 2021 appears to have been compromised in the recent Sita supply chain attack

• May 24, 2021 24 May'21

  Dutch researchers build security software to mimic human immune system

  Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection

• May 24, 2021 24 May'21

  MEPs urge European Commission to revise UK adequacy decisions

  Members of the European Parliament are calling for the European Commission to ensure EU citizens have greater privacy rights

• May 21, 2021 21 May'21

  Lack of developer attention to cloud security prompts alerts

  The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations

• May 20, 2021 20 May'21

  Pandemic tech use heightens consumer privacy fears

  Report on consumer attitudes to privacy finds evidence of a “heightened sense of fear” as digital footprints expand inexorably

• May 20, 2021 20 May'21

  HP taps micro virtual machines in endpoint security

  HP’s Wolf Security technology stack uses an endpoint security controller to run computing tasks in micro virtual machines so that any potential malware can be isolated and contained

• May 20, 2021 20 May'21

  UK government publishes framework on automated decision-making

  The framework focuses on making the use of algorithms and automated decision-making systems within the public sector more ethical, transparent and accountable