MOJ fined GBP 180,000
The ICO has announced one of the highest possible fines to be imposed on a government department. The Ministry of Justice has been ordered to pay a civil penalty of GBP 180,000 for failing to tell prisons to turn on the encryption function on backup computer memories. The failings have led to highly sensitive information being insecurely handled by 75 prisons across England and Wales for over a year. The ICO has confirmed that the MOJ has now taken action to ensure all hard drives used by prisons are securely encrypted.
27 million South Koreans affected by data breach
70% of South Korea’s population between the ages of 15 and 65 (more than 50% of South Korea’s total population) may have had their personal information stolen in a data breach involving 27 million people and 220 million records. Hackers targeted registration pages for online gaming and gambling sites and online ring tone and movie ticket stores to steal records including names, passwords and resident registration numbers.
Orange sanctioned by French regulator
After notifying the French privacy watchdog CNIL, that the personal details of almost 1.3 million of its customers had been lost, an investigation found that Orange and its supplier had repaired the security breaches. The CNIL found that Orange had not conducted a security audit of the supplier before engaging its services for email campaigns, and had not protected the data updates it sent to the supplier on customer information. The mobile technology giant has received a public warning from the regulator.
UPS latest data breach
United Parcel Service has announced that it is the latest victim of a series of cyber attacks. The company has reportedly faced malware attacks across 51 stores in the U.S., representing 1% of the existing 4,470 UPS stores in the U.S. The breach has affected approximately 105,000 customer transactions, with debit and credit card details being amongst the information the hackers have obtained. UPS issued an apology to those whose data may have been compromised and is still investigating the attack. The freight forwarding company is offering complimentary credit monitoring services and identity fraud protection to those affected. The news comes prior to an advisory released by the Department of Homeland Security which states that over 1,000 American businesses have been affected by similar cyber attacks.
First ever fine issued in Singapore under the Personal Data Protection Act
A tuition agency and its director are the first to be sanctioned under the “Do Not Call” rules which came into force in January. The fine comes after Star Zest Home Tuition advertised the services of its tutors by sending messages to Singapore phone numbers all of which were listed on the Do Not Call Registry. Firms are banned from marketing to any number listed on the registry without obtaining consent beforehand. The agency and director responsible were each fined USD 39,000 (USD 3,000 per charge) after pleading guilty to 13 of 37 offences committed. Star Zest and its sole director have since apologised for the incident and have assured authorities that they are now acting in compliance with the rules.
Sony PlayStation back online after attack
A group named Lizard Squad have claimed to be responsible for a distributed denial of service attack taking down Sony’s PlayStation Network. Sony has since announced that the network is back online and that no personal information has been stolen. However the issue didn’t stop there, as the group claiming responsibility for closing the network had also tweeted that there were explosives on board an American Airlines flight carrying Sony Online Entertainment President, John Smedley. The FBI are investigating the bomb threats meanwhile the Lizard Squad have announced plans to now target Xbox Live.
Global watchdog sounds cyber attack alarm
Market watchdog Greg Medcraft (chairman of the board of the International Organisation of Securities Commissions), has warned of the growing danger of cyber attacks on financial markets, and has advised companies and regulators around the world to address the “uneven” response to the threat of online assaults. A more concerted effort to tackle cyber threats worldwide is called for as current approaches vary too much. Regulators are looking to produce a global “toolbox” next year to assess whether firms are sufficiently robust, and are managing their risks adequately.