ICO releases annual report

The UK’s privacy watchdog, the Information Commissioners’ Office, has released its annual report for 2014/15. It considers the main developments in data protection for the period, including a change in the law to allow companies to be fined for nuisance calls and texts, and new powers which allow the ICO to carry out audits of the National Health Service records. The report also notes the contribution of the ICO to efforts to update the EU’s privacy regulations. GCHQ staff subject to excessive monitoring

The UK’s Government Communications Headquarters (GCHQ), was last week criticised for exceeding its authority to

monitor the communications of its own staff. In its annual report, the ICO confirmed that the intelligence agency acted in error rather than deliberately spying on staff. Information Commissioner Sir Mark Whaller explained there had been a lack of understanding regarding the capability of monitoring systems. Forty-two other breaches of data privacy law by the UK’s security agencies were also highlighted in the report.

ICO raids suspected cold-calling company

The ICO has carried out a raid at a company suspected of making thousands of unwanted marketing calls, it emerged last week. ICO staff entered the premises in Manchester in search of a machine capable of placing 100,000 of automated calls a day in breach of the UK’s data protection laws. It followed 7,000 complaints from members of the public about the company making unwanted calls containing messages about pension schemes or payment protection insurance.

MoD targeted by “hundreds, if not thousands” of attempted hacks per day

The head of the UK Ministry of Defence’s (MoD) cyber-security branch told the Financial Times this week that the ministry detects up to a million suspicious incidents on its systems every day. Brigadier Alan Hill said “hundreds if not thousands” of these incidents were attempted hacks that could lead to a serious breach of MoD systems. He also commented on the increasing complexity of attacks.

Suspect in USD 55 million ATM thefts appears in New York courts

A man accused of mounting cyber attacks which netted USD 55 million from ATMs around the world has appeared in court in New York, after he was extradited from Germany. Ercan Findikoglu, 33, fought extradition for 18 months but was finally brought to face trial in the US last week. Federal investigators said the thefts, carried out between 2010 and 2013, were particularly sophisticated. They involved the hacking of bank computing systems which deal with prepaid debit cards. Once compromised, the withdrawal limits were raised and teams of runners in 24 different countries withdrew cash from ATMs.

Canada passes new law to force companies to admit to breaches

Canada’s privacy watchdog has gained new enforcement powers under a law which took effect earlier this month, amending the Personal Information Protection and Electronic Documents Act. It will require businesses to disclose breaches of online data privacy which may pose a risk to customers’ financial security or reputation, and subjects businesses to new standards for obtaining consent when acquiring personal data. Failure to comply with the disclosure rules (to be outlined in subsequent regulations) could entail a fine of up to CAD 100,000.

Hacker takes Canada’s secret service website offline

For the second time in as many days, hackers reportedly shut down the website of Canada’s spy agency, CSIS. The denial of service attack confirmed on Tuesday follows a spate of similar attacks on other government websites, including the Justice department and the Senate. A group calling itself Aerith claimed responsibility for the hacks on CSIS, stating that it was in retaliation for changes to the country’s anti-terror laws. A spokesperson for CSIS said no data had been compromised.