Thousands of Lloyds customers affected by RSA data box theft

The personal data of thousands of Lloyds Bank Premier Account customers has been lost following the theft of a data box from an RSA data centre. The breach only affects customers who had free Royal Sun Alliance (RSA) home insurance cover provided through their Premier Accounts between 2006 and 2012. The data does not yet appear to have been misused, but RSA is offering identity protection and the FCA and the ICO are both investigating.

Cyber extortion gang steps up attacks against financial services industry

According to net firm Akamai, the extortion gang DD4BC (which stands for "DDoS for Bitcoins") has been active since September 2014 and is also targeting media groups and gaming companies. The group routinely threatens to take firms' servers offline by launching DDoS attacks unless bitcoin ransoms are paid. It also blackmails companies by threatening to embarrass them on social media if payment is not made. DD4BC is thought to have conducted over 140 attacks in just 10 months.

EU-US data protection umbrella agreement finalised

The agreement, which has been under negotiation since March 2011, creates a framework for the protection of personal data transferred between the EU and the US for law enforcement purposes. EU Commissioner Vera Jourova promised that the agreement would ensure high-level protection for personal data used by the EU and US law enforcement agencies, including criminal records. The Umbrella Agreement will only be officially signed once the US Congress has approved the Judicial Redress Bill, which will give EU citizens privacy rights before the US courts.

Over 10 million records breached in hack on New York health insurer

Excellus BlueCross BlueShield, which discovered the attack on 5 August 2015 after hiring forensic experts, has announced that hackers first accessed its systems in December 2013 and "may have gained unauthorised access to individuals’ information". This is thought to include names, dates of birth, Social Security numbers and contact details as well as financial and claims information. The fact that Excellus encrypted the data will not stop hackers from being able to see it, as the hackers gained full administrative access to the company network.

Russia tightens internet privacy laws amid widespread criticism

The new rules, which came into force on 1 September, require companies to store any data they hold about Russian citizens on Russian territory. The new requirements, which could affect more than a million companies, have caused considerable confusion, as internet giants such as Google, Facebook and Twitter have sought to understand how the provisions will be applied. Critics have dismissed Moscow's claims that the new law is intended to protect the privacy of Russian citizens, describing the move as a further crackdown on internet freedom in the country and warning that companies will risk increased surveillance and may even be forced to provide information to the security services.