Privacy and data protection

ICO slams Experian over ‘invisible’ data processing

Data processing practices used by Experian broke data protection law, says Information Commissioner’s Office Continue Reading

Calls for clarity over Amazon insider breach

Security experts call for more clarity from Amazon over an apparent leak of customer data Continue Reading

Pet project: How Pets at Home cares for customers with data analytics

In this week’s Computer Weekly, we talk to the chief data officer of Pets at Home, about using data analytics to care for customers. British Airways had its GDPR fine reduced to just £20m – we ask what this means for data protection regulation. And we look at GPT3, the language prediction tool that could revolutionise AI. Read the issue now. Continue Reading

BA breach penalty sets new GDPR precedents

 Continue Reading

Forrester: CIOs must prepare for Brexit data transfer

With the end of the Brexit transition period just weeks away, multi-national organisations will need to re-evaluate how intercompany data is transmitted Continue Reading

SonicWall patches 11 firewall vulnerabilities

SonicWall users are advised to download updates that fix 11 CVEs in the SonicOS operating system, uncovered by Positive Technologies Continue Reading

Protecting remote workers an opportunity to do security better

Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report Continue Reading

Data reveals lack of ethics in decision making systems

A recent survey from price comparison site, comparethemarket.com, has highlighted the subtext, which obscures a host of unfair assumptions made in the depths of computer systems. These assumptions ... Continue Reading

NSA’s top CVE list a timely reminder to patch

Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading

Charities warned over ‘Robin Hood’ cyber criminals

Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it Continue Reading

Trump and Biden campaign apps easy targets for cyber criminals

You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it Continue Reading

Customer loyalty accounts in danger from cyber criminals

Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy Continue Reading

Why securing the DNS layer is crucial to fight cyber crime

Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice Continue Reading

Retailers get access to new security toolkit

The British Retail Consortium has worked with the NCSC to develop a new cyber security toolkit pitched at retailers Continue Reading

Security Think Tank: Essential tools to mitigate double extortion attacks

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Hackney Council services to be disrupted ‘for some time’

Inability to make housing benefit payments is likely to sting some tenants as Hackney cyber attack drags on Continue Reading

Resilient Trickbot down but not yet knocked out

Global, Microsoft-led effort to disrupt the Trickbot botnet has seen some success, but new command and control servers continue to pop up Continue Reading

Police given access to self-isolation data

NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules Continue Reading

BA breach penalty sets new GDPR precedents

The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection Continue Reading

Podcast: Cybersecurity Awareness Month, Covid-19 and storage

We look at how organisations can use Cybersecurity Awareness Month as an opportunity to revisit their handling of data and compliance, especially with changes brought by Covid-19 and home working Continue Reading

Six Russians charged over NotPetya and other attacks

Six members of the APT group known as Sandworm have been charged in the US over a series of attacks including the destructive NotPetya incident Continue Reading

Security Think Tank: Safeguarding PII in the current threat landscape

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

BA argues ICO data breach fine down to £20m

Information Commissioner’s Office levies fine of £20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers – a vast reduction on the initial £183m penalty Continue Reading

Spanish court to question witnesses over ‘illegal surveillance’ of WikiLeaks founder Julian Assange

The Spanish National Court in Madrid is to hear evidence from information security expert Andy Müller-Maguhn and two lawyers who were subject to ‘illegal surveillance’  of their meetings with Julian Assange at the Ecuadorian Embassy in London Continue Reading

Arrests and indictments made in cyber money laundering ring

The NCA has revealed six men were arrested in the UK as part of an international investigation into a money laundering network which handled transactions for some of the world’s most prolific cyber criminal groups Continue Reading

Cloud data protection keeps the Crick’s medical research Covid-secure

Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic Continue Reading

Security Think Tank: Essential tools to mitigate data loss and identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Hackney services still offline in ongoing cyber attack

Services remain disrupted two days after council was hit by a serious incident, as residents are warned to be on their guard Continue Reading

CW APAC: Trend Watch – storage

Many organisations turn to cloud to cut storage bills, but the options available and potential costs are many and varied. In this handbook, Computer Weekly takes a peek at future storage technologies, such as helium and DNA, and offers some valuable tips on how to keep cloud storage costs under control. Continue Reading

Public sector security failings leave UK at risk, says think tank

Reform report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy Continue Reading

US Elections: Malicious internet domains spike as campaigns heat up

Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones Continue Reading

Public data should not be held by US tech giants

One-off evidence sessions to follow up on the recommendations of the House of Lords AI Committee revisit the data and ethics debate Continue Reading

Fintech ‘unicorn’ Klarna probed over data misuse

Online bank blames misuse of user data on human error as Information Commissioner’s Office weighs in Continue Reading

Security Think Tank: Adapting defences to evolving ransomware and cyber crime

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

EU’s top court questions legality of UK phone and internet data surveillance

European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies Continue Reading

The future of storage

In this week’s Computer Weekly, we examine emerging technologies in storage such as helium disks and DNA. Ransomware is becoming more sophisticated and the attackers more tactical. And as the EU’s top court challenges the UK over surveillance, we ask what this means for data privacy after Brexit. Read the issue now. Continue Reading

Hackney Council services offline after ‘serious’ cyber attack

Services to residents of the London borough of Hackney are being disrupted by a cyber attack Continue Reading

Security Think Tank: What you need to know about addressing the doxing threat

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Five Eyes spy group again demands access to private messages

Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms Continue Reading

Cyber security skills ad branded ‘crass’ by minister

Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic Continue Reading

Software AG caught in double extortion ransomware hit

Data stolen from prominent German software company by Clop ransomware gang appears on the dark web Continue Reading

Security Think Tank: Tighten data and access controls to stop identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Magecart strikes website of school payments service Wisepay

Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

Emotet rated September’s ‘most popular’ malware

The current resurgence of Emotet is attracting attention as governments issue new warnings and cyber criminals rush to exploit the chaotic US election Continue Reading

Coronavirus face mask spammer fined by ICO

The director of software company Studios MG spammed members of the public at the height of the pandemic as one of its directors tried to shift a job lot of face masks Continue Reading

Crown Prosecution Service suffers 1,600 data breaches in 12 months

CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office Continue Reading

Threat of GDPR fines increasingly driving security buying decisions

Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget Continue Reading

CW Middle East: Egypt’s datacentre plans take a step forward

While it builds an IT services industry, Egypt is also investing in infrastructure and now plans to develop a datacentre industry. Read in this issue how, as part of this plan, Egypt’s parliament has passed a data protection law. Also read how the Europe, Middle East and Africa region has seen traditional IT outsourcing deals reduce in value by 21%, while the business process outsourcing market fell by 9%. Continue Reading

5G regulation failures are a threat to UK’s national security

Defence Committee report on the security of 5G brands existing regulations outdated and unsatisfactory Continue Reading

Department for Education failed to protect data on millions of children, says ICO

The Department for Education’s National Pupil Database, which contains millions of items of data on the UK’s schoolchildren, was found to be non-compliant with data protection regulations across the board Continue Reading

ICO wraps up Cambridge Analytica investigation

Information Commissioner’s Office concludes its investigation into Cambridge Analytica, saying no additional evidence has come to light that would change its previous assessments Continue Reading

Southeast Asia remains hotspot for cyber attacks

Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020 Continue Reading

EU’s top court questions legality of UK phone and internet data surveillance

European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies Continue Reading

The privacy and compliance challenges organisations face in 2021

Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider? Continue Reading

Scotland digital identity prototype pilot successful

Digital Identity Scotland’s 10-week test of its digital identity prototype finds that users understand the concept of two-factor authentication and using the same credentials across services Continue Reading

Ransomware attacks go through the roof

The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point Continue Reading

The Most Influential Women in UK Technology 2020

In this week’s Computer Weekly, we announce our annual list of the Most Influential Women in UK Technology, and talk to this year’s winner, Stemettes CEO and diversity campaigner, Anne-Marie Imafidon. Meet our five Rising Stars and the latest entrants to our women in tech Hall of Fame. Read the issue now. Continue Reading

Fake news tops list of online concerns worldwide

Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation Continue Reading

HMRC warns locked-down freshers of ‘wave’ of tax scams

New university intake may be being targeted by cyber criminals amid Covid-19 confusion Continue Reading

FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer

The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor Continue Reading

WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for the extrajudicial kidnapping and torture of an Egyptian cleric Continue Reading

Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading

Security pros face sanctions if they help ransomware victims pay

New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off Continue Reading

Judge to give verdict on Julian Assange’s extradition after Christmas

Judge Vanessa Baraitser said today that she would make a ruling in early January on whether WikiLeaks founder Julian Assange should be extradited to the US Continue Reading

WikiLeaks revelations ‘shed light of truth’ on war on terror, court hears

WikiLeaks disclosures led to ‘revelations of extraordinary journalistic importance’ about detention in Guantamo Bay and civilian casualties in Iraq and Afghanistan Continue Reading

Blackbaud admits hackers stole banking details, passwords

Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought Continue Reading

GitHub makes code vulnerability scanning feature public

Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage Continue Reading

‘American friends’ spied on Julian Assange in Ecuadorian Embassy, court hears

Two former employees of UC Global, which provides security services to the Ecuadorian Embassy in London, claim the company shared surveillance footage with the US of the WikiLeaks founder meeting with lawyers and other visitors Continue Reading

Julian Assange would be held with convicted terrorist Abu Hamza in supermax prison, court hears

WikiLeaks founder Julian Assange would be held alongside convicted terrorist Abu Hamza in a supermax federal prison in Colorado, isolated from other prisoners, if he is extradited to the US, Old Bailey told Continue Reading

Threat actors becoming vastly more sophisticated

Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report Continue Reading

NCSC expands schools programme to north-east England and Northern Ireland

Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland Continue Reading

NatWest offers online banking customers free security services

Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading

Ryuk attack downs private health provider in major incident

Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware Continue Reading

Julian Assange would be held in ‘solitary confinement’ in US jail

WikiLeaks founder would be held in a cell the size of a parking space for 22 or 23 hours a day without contact with other inmates before trial Continue Reading

Government updates data ethics framework

The new data ethics framework was created to better reflect how projects are run in practice after finding there was “little awareness” of the previous framework across the public sector Continue Reading

TikTok ban stayed after last-minute court case

TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading

Police Scotland to set up new cyber crime centre

National Centre of Excellence will employ specially trained officers to tackle a vertiginous rise in cyber crime Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

Airbnb hosts’ account data exposed in internal leak

Data exposure within Airbnb’s system was the result of a technical issue but was swiftly fixed, says the firm Continue Reading

Forensic expert questions US claims that Julian Assange conspired to crack military password

Forensic computer expert Patrick Eller told the Old Bailey that US allegations that WikiLeaks founder Julian Assange attempted to decrypt a password to help former soldier Chelsea Manning leak sensitive government documents anonymously do not fit with the evidence Continue Reading

Gartner: Balance safety, privacy and productivity when employees return to the workplace

Organisations may decide that data collection can help keep employees safe in a Covid-secure workplace – but employers must consider all the privacy and productivity implications Continue Reading

Third-party code bug left Instagram users at risk of account takeover

A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device Continue Reading

NHS whistleblower privacy concerns passed on to regulator, but campaigners not holding their breath

NHS Improvement chair Dido Harding acknowledges receiving concerns raised about the anonymity of whistleblowers, but campaigners have little faith that anything will be done Continue Reading

Government blasted over ‘reckless’ contact-tracing security

The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security Continue Reading

Top five ways backup can protect against ransomware

Ransomware threatens to put your data beyond reach, so the best way to prepare is to have good-quality data you can restore from backup. We look at the key things to consider Continue Reading

Data deluge grips enterprises amid digitisation

Two-thirds of respondents in a new Splunk study expect the quantity of data to grow by nearly five times by 2025 as they embrace more emerging technologies Continue Reading

Australians want more control over privacy

Nearly nine in 10 Australians want more control and choice over the collection and use of their personal information amid declining trust in how organisations handle personal data, survey finds Continue Reading

WikiLeaks founder Julian Assange has Asperger syndrome and depression, court hears

Julian Assange is on the autistic spectrum and has a history of depression that would put him at risk of suicide if he is extradited to a US prison, psychiatrists tell the court Continue Reading

Over half of firms intend to continue US data transfers despite Schrems II

Survey shows many organisations do not intend to significantly change their data-sharing practices, at least until there is more guidance from regulators or governments Continue Reading

Video gamers barraged with cyber attacks

From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks Continue Reading

US agencies warn of election disinformation and cyber attacks

Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears Continue Reading

GDS reviewing Cloud First policy post-Schrems II

Review seeks to determine the future of government engagement with cloud hosting services as they relate to cross-border data flows Continue Reading

Scam mobile apps spreading via rogue TikTok accounts

Malicious TikTok accounts are promoting a number of adware scam mobile apps Continue Reading

WikiLeaks published unredacted cables after password was disclosed in book

WikiLeaks published a cache of unredacted government cables after the publication of a book containing the password led to their publication on other parts of the internet, court told Continue Reading

Trump implicated in plans to prosecute Assange over war leaks

US journalist and Trump supporter, Cassandra Fairbanks, said she was given advanced details of US plans to oust Wikileaks founder Julian Assange from the Ecuadorian Embassy and to arrest him for over documents leaked by former soldier Chelsea Manning Continue Reading

Big questions to be answered over TikTok and WeChat reprieve

TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain Continue Reading

WikiLeaks video ‘electrified’ public to civilian war deaths, court hears

New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths Continue Reading

Ex-NCSC boss Ciaran Martin joins cyber venture capital outfit

Outgoing NCSC CEO Ciaran Martin is to take up a new role guiding new investments in cyber security Continue Reading

Outgoing NCSC CEO: Ransomware threat kept us up at night

Former NCSC CEO Ciaran Martin sheds some light on some of the biggest cyber threats currently facing the UK Continue Reading