Privacy and data protection

Law firm and cyber criminals clash over source of stolen data

Cyber attack victim Jones Day says its data was stolen in a supply chain attack, but the gang holding it to ransom disagrees Continue Reading

North Korea accused of Pfizer Covid vaccine cyber attack

South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour Continue Reading

Central government should promote data policy compliance, say civil servants

Most civil servants want the government to gain additional powers to promote data policy compliance to ensure better use of data, according to research Continue Reading

Post Office to offer digital ID services to customers

Post Office partnership with Yoti is intended to expand customer choice as to how people prove their identity when accessing services Continue Reading

NCSC recognises UK’s top cyber schools

National Cyber Security Centre CyberFirst Schools initiative has handed out 14 gold, silver and bronze awards recognising excellence in cyber security teaching Continue Reading

Government to impose new digital identity system across all Gov.uk services

Cabinet Office minister Michael Gove writes to Whitehall departments mandating the use of a new digital identity system that will allow citizens to be tracked across the Gov.uk website Continue Reading

Security Think Tank: Renewed US stability may ease cyber tensions

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

UK border surveillance regime highly privatised, says Privacy International

Research from Privacy International raises concerns about the deep involvement of technology companies in the development and deployment of various technologies throughout the UK’s border regime, along with the lack of scrutiny they receive Continue Reading

Security Think Tank: Biden must address insider security threat first

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Hacked Finnish therapy business collapses

Vastaamo, the Finnish psychotherapy centre whose patients were blackmailed by a cyber criminal gang, has filed for bankruptcy Continue Reading

Government launches digital identity trust framework

The government’s draft framework, which aims to set out rules for the use of digital identities, will be tested with industries, services, users and organisations ahead of a final version being published Continue Reading

CW Benelux: Is reluctance to report cyber crimes in the Netherlands helping the criminals get away?

According to an academic study in the Netherlands, only one in seven Dutch people report a cyber crime to the police when it happens - feeling it is better to sort the problem out themselves because they don’t think the police will do anything. This is storing up trouble as cyber crime is an increasing problem in the country. Also in this issue, read why Dutch bank ABN Amro is selling its head office. Continue Reading

Security Think Tank: Biden’s team can make a difference on security

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Singtel falls prey to supply chain attack

The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack Continue Reading

Dating app users warned to watch out for scammers

A vast amount of money was lost to romance scammers last year, and with millions of people isolated in lockdown the problem is getting worse, according to a report Continue Reading

Privacy advocates call for European probe into Palantir

 Continue Reading

HelloKitty almost certainly behind CD Projekt ransomware attack

Theories that the cyber attack on a high-profile gaming studio was orchestrated by players who are disappointed in a videogame are likely wide of the mark, according to analysis Continue Reading

Sim-swapping crooks targeted celebrities, influencers

Eight arrests have been made in England and Scotland in connection with a series of Sim-swapping attacks targeting high-profile victims Continue Reading

Security Think Tank: UK well-placed to work with Biden on cyber

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Facebook sued for data-sharing practices with third parties

Data protection claim filed in London against social media giant for its alleged failure to give at least one million users in England and Wales meaningful control over their personal data Continue Reading

Government launches review of use of health data for research

The review, which will be led by Ben Goldacre, will look at home-efficient and safe use of health data for research and analysis Continue Reading

Data breaches are a ticking timebomb for consumers

Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure Continue Reading

Cyberpunk 2077 developer refuses to pay up after ransomware attack

Polish video game developer CD Projekt has released details of a ransomware attack on its systems Continue Reading

NHS reports fewer phishing emails in 2020

The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020 Continue Reading

Security Think Tank: Biden has a chance to renew cyber alliances

As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard? Continue Reading

Data of thousands of Dutch citizens leaked from government Covid-19 systems

Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19 Continue Reading

EncroChat: Appeal court finds ‘digital phone tapping’ admissible in criminal trials

Appeal Court decides EncroChat-encrypted phone records can be used in criminal trials. Critics say the decision means phone tapping no longer has a ‘clear meaning in the digital age’ Continue Reading

Google Chrome update to patch serious zero-day

A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible Continue Reading

Financial regulatory body bombarded with malicious emails

New disclosures reveal the FCA’s systems bounced almost a quarter of a million malicious emails in a three-month period Continue Reading

Security firm Stormshield loses source code in cyber attack

Source code from two products developed by French cyber security firm was compromised in a December 2020 incident Continue Reading

Denmark and Sweden to issue digital vaccine certificates

Sweden and Denmark announce plans to develop digital certificates that prove people have been vaccinated against Covid-19 Continue Reading

Woodland Trust hit by cyber attack in December

Conservation charity is investigating what it describes as a ‘sophisticated’ cyber attack but has waited nearly two months to inform its members Continue Reading

Fraud and cyber crime still vastly under-reported

The scale of digitally enabled crime in the UK is dramatically under-reported, new statistics indicate Continue Reading

CDEI: Local government data use must keep up Covid momentum

The Centre for Data Ethics and Innovation says momentum in local authority data use during the Covid-19 pandemic is in danger of being dissipated without central government investment and support for data skills development Continue Reading

Foxtons rejects claims of slow reaction to data leak

Investigators have unearthed 16,000 data records that seem to have been stolen in an attack on property firm Foxtons last year, but the organisation says it acted by the book in dealing with the incident Continue Reading

‘Classic’ Cerber ransomware targets health sector in high volumes

Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black Continue Reading

UKRI suspends services after ransomware attack

UK Research and Innovation was hit by an undisclosed strain of ransomware at the end of January Continue Reading

‘Victory for free speech and openness’ after tribunal confirms no territorial restrictions to FOIA

Freedom of information tribunal rules that investigative journalists and others can use the Freedom of Information Act if they live outside the UK or are not British citizens Continue Reading

Indian firms see growing value of data

Half of Indian IT leaders see a permanent increase in value of data as their organisations come under threat from mounting cyber attacks amid the pandemic Continue Reading

Hunting and anti-hunting groups locked in tit-for-tat row over data gathering

The leaking of internal documents has prompted a row between pro- and anti-hunting groups about the legality of the other’s data collection practices Continue Reading

Biometrics ethics group addresses public-private use of facial recognition

Home Office’s Biometrics and Forensics Ethics Group releases briefing note on the use of live facial recognition in public–private collaborations following a year-long investigation Continue Reading

Pandemic response has improved privacy posture, says Cisco

Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report Continue Reading

Mimecast breach was work of SolarWinds attackers

Mimecast’s investigation into a January 2021 breach of its systems turns up evidence that the culprit was the same group that targeted SolarWinds in December Continue Reading

Emotet botnet goes offline as cops seize servers

The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement Continue Reading

Grindr complaint results in €9.6m GDPR fine

Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices Continue Reading

Emergency Apple updates patch exploited zero-days

Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately Continue Reading

The ransomware routine: pages from the Secret IR Insider’s diary

The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided Continue Reading

Conservatives broke data law to racially profile millions

The Conservative Party acted illegally in collecting data that inferred voters’ ethnicity and religious background, a Select Committee has heard Continue Reading

North Korean state attacks legitimate security researchers

Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group Continue Reading

Juggling data silos, privacy and fraud

Among the uncomfortable truths about the government’s response to the pandemic is the fact that some people have and will continue to play the system. At the time it was introduced, the furlough ... Continue Reading

ICO extends commissioner Denham’s term of office

Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor Continue Reading

Cyber fraud a national security issue, says Rusi report

A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud Continue Reading

Salad as a service: How tech could revolutionise farming

In this week’s Computer Weekly, we find out how new technologies are supporting the rise of vertical farming, and could revolutionise food supply chains. We examine one of the biggest trends in the cloud – serverless computing. And Brexit has not yet ended the debate about UK-EU data protection. Read the issue now. Continue Reading

Cracking the message in a bottle

Between 2016 and 2019, a number of bottles washed ashore in Hamburg, each containing an ‘uncrackable’ message Continue Reading

ICO resumes adtech investigation

The UK Information Commissioner’s Office was criticised for ending its investigation into alleged malpractice in advertising technology, but has now resumed its probe Continue Reading

Sepa data leaks as agency resists ransom demands

The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation Continue Reading

Google threatens to cut off Australia

Google’s threat to end its Australian Search operation comes in the face of new legislation that would force it to pay media publishers for news content Continue Reading

Immigration exemption in data protection law faces further legal challenge

Human rights groups set to take legal challenge against immigration exemption to Court of Appeal on the basis that everyone, regardless of their nationality or residence, should have their fundamental rights and freedoms protected as stated in the GDPR Continue Reading

Gamarue malware found on government-issued school laptops

Devices handed out by the government to support vulnerable children contain malware that appears to be contacting C2 infrastructure in Russia Continue Reading

How can healthcare organisations fight increased cyber crime in 2021?

As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care Continue Reading

Interview: Tony Porter, chief privacy officer, Corsight AI

Tony Porter speaks to Computer Weekly about the changes in facial-recognition during his time as surveillance camera commissioner, the ethics of using the technology, and his new role as chief privacy officer at Corsight AI Continue Reading

Incompetent cyber criminals leak data in opsec failure

Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals Continue Reading

UK fraud agency deploys ArcGIS dashboard for data sharing

The National Fraud Intelligence Bureau says it has achieved improved transparency with the public, as well as saving 3,500 staff hours and £100,000 Continue Reading

Value of GDPR fines shows dramatic increase in 2020

European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise Continue Reading

Criminals fiddled stolen Covid-19 vaccine data to damage trust

Malicious actors manipulated stolen Covid-19 data in a way clearly intended to damage public trust in vaccines, says the EMA Continue Reading

Security Think Tank: In 2021, enable, empower and entrust your users

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

MAS offers guidance on mitigating supply chain threats

Monetary Authority of Singapore revises its technology risk management guidelines to help the financial sector guard against supply chain attacks Continue Reading

MoD reports 18% rise in data loss incidents

The Ministry of Defence reported more than five hundred data security incidents in 2019-20, with seven serious enough to warrant disclosure to the ICO Continue Reading

Australians lost A$176m to scams in 2020

Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering Continue Reading

150,000 records accidentally wiped from police systems

Home Office claims data wiped from national police systems only relates to people who have never been convicted of a crime or had further police action taken against them following an arrest Continue Reading

Coalition proposes secure standard model for Covid-19 passports

Vaccination Credential Initiative is working to ensure that people vaccinated against Covid-19 can access their records in a secure, verifiable and privacy-preserving way Continue Reading

All EU states can take data protection cases against Facebook, says EU court

An opinion from the European Court of Justice has the potential to lead to a flood of privacy complaints against Facebook if upheld Continue Reading

Old, on-premise systems targeted in Hackney ransomware attack

Council reveals some more insight into how the Pysa ransomware gang infiltrated its systems by exploiting legacy technology Continue Reading

Unforeseen consequences of new technologies put UK at risk

Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems Continue Reading

APAC firms grapple with cyber security amid pandemic

Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work Continue Reading

Security Think Tank: Plan for hybrid working to become normal

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Court to rule on Facebook data sharing after Schrems drops legal challenge against Irish regulator

Irish High Court says it will issue a judgment as soon as possible over a draft decision by Ireland’s data protection commissioner to order Facebook to stop the transfer of data about EU citizens to datacentres in the US Continue Reading

World’s largest dark web market disrupted in major police operation

Coordinated international operation including Europol and the UK’s National Crime Agency has successfully taken DarkMarket offline Continue Reading

Covid-19 immunity passport tests to begin in UK

A Covid-19 immunity and vaccination passport developed by two UK firms and backed by Innovate UK has entered the live testing phase Continue Reading

Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

Data dump understood to include screenshots of emails, peer review information, PDFs and PowerPoint presentations Continue Reading

Palo Alto Networks opens Australia cloud location

The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services Continue Reading

Parler collapse opens door to phishing attacks

The shutdown of controversial social media site Parler, and the publication of huge amounts of user data scraped by ethical hackers, is giving cyber crime experts cause for concern Continue Reading

Security Think Tank: Time for security teams to learn from Covid

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Early stage UK security startups face funding crisis

Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away Continue Reading

Kaspersky claims link between Solorigate and Kazuar backdoors

Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship Continue Reading

Security Think Tank: Don’t bet on a new normal just yet

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Government use of 'general warrants' to authorise computer and phone hacking is unlawful

A court has ruled that the security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens Continue Reading

Picking the right IAM tools is based on more than today’s needs

With remote working now normal, it is important to take proactive steps in managing credentials across platforms that can be subject to multiple data protection regulations. IAM services can streamline this process, but care must be taken to ensure the correct one is chosen Continue Reading

The nation state threat to business

The SolarWinds hack shows the widespread damage possible from a nation state cyber attack. What is the threat to business and how can it be mitigated? Continue Reading

Biden picks cyber veteran to reinvigorate security response

Appointment of career intelligence operative Anne Neuberger signals refreshed security approach for the US government under Joe Biden's administration Continue Reading

Hackney Council data leaked by Pysa ransomware gang

Council data stolen in October is leaked online in a double extortion attack Continue Reading

WikiLeaks founder Julian Assange to remain in prison despite winning extradition battle

Judge cites Assange’s support of NSA whistleblower as one of the reasons for him being at high risk of absconding. He will remain in Belmarsh prison until the US government completes its appeal Continue Reading

SolarWinds attack almost certainly work of Russian spooks

Investigations into the far-reaching SolarWinds Solorigate attack did not let up during the holidays Continue Reading

Scammers impersonating the ACSC on the prowl

The Australian Cyber Security Centre warns of scammers who are using its name to gain control of personal computers and trick users into revealing personal information Continue Reading

Security Think Tank: Cyber effectiveness, efficiency key in 2021

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

WikiLeaks founder Julian Assange cannot be extradited to face charges in US, court rules

Court rules it would be oppressive to send Julian Assange to the US to face trial after finding he is at high risk of suicide. US government says it will appeal Continue Reading

Journalists’ FOI bids stayed as court reconsiders freedom of information rights of people outside UK

Tribunal questions whether people without a British passport or Britons living overseas are eligible to use the UK’s Freedom of Information Act Continue Reading

Top 10 investigations and national security stories of 2020

Here are Computer Weekly’s top 10 investigations and national security stories of 2020 Continue Reading

Top 10 technology and ethics stories of 2020

Here are Computer Weekly’s top 10 technology and ethics stories of 2020 Continue Reading

UK-EU Brexit deal passes Commons with six-month data adequacy bridge

IT industry trade body TechUK has welcomed a six-month data adequacy bridge, in the wake of the EU-UK trade deal that the House of Commons has voted for Continue Reading