MOJ fined GBP 180,000

The ICO has announced one of the highest possible fines to be imposed on a government department.  The Ministry of Justice has been ordered to pay a civil penalty of GBP 180,000 for failing to tell  prisons to turn on the encryption function on backup computer memories. The failings have led to  highly sensitive information being insecurely handled by 75 prisons across England and Wales for  over a year. The ICO has confirmed that the MOJ has now taken action to ensure all hard drives used  by prisons are securely encrypted.

27 million South Koreans affected by data breach

70% of South Korea’s population between the ages of 15 and 65 (more than 50% of South Korea’s total  population) may have had their personal information stolen in a data breach involving 27 million  people and 220 million records. Hackers targeted registration pages for online gaming and gambling sites and online ring tone and movie  ticket stores to steal records including names, passwords and resident registration numbers.

Orange sanctioned by French regulator

After notifying the French privacy watchdog CNIL, that the personal details of almost 1.3 million  of its customers had been lost, an investigation found that Orange and its supplier had repaired  the security breaches. The CNIL found that Orange   had not conducted a security audit of the  supplier before engaging its services for email campaigns, and had not protected the data updates  it sent to the supplier on customer information. The mobile technology giant has received a public  warning from the regulator.

UPS latest data breach

United Parcel Service has announced that it is the latest victim of a series of cyber attacks. The  company has reportedly  faced malware attacks across 51 stores in the U.S., representing 1% of the  existing 4,470 UPS stores in the U.S. The breach has affected approximately 105,000 customer  transactions, with debit and credit card details being amongst the information the hackers have  obtained. UPS issued an apology to those whose data may have been compromised and is still  investigating the attack. The freight forwarding company is offering complimentary credit  monitoring services and identity fraud protection to those affected. The news comes prior to an advisory released by the Department of Homeland Security  which states that over 1,000 American businesses have been affected by similar cyber attacks.

First ever fine issued in Singapore under the Personal Data Protection Act

A tuition agency and its director are the first to be sanctioned under the “Do Not Call” rules  which came into force in January. The fine comes after Star Zest Home Tuition advertised the  services of its tutors by sending messages to Singapore phone numbers all of which were listed on  the Do Not Call Registry. Firms are banned from marketing to any number listed on the registry  without obtaining consent beforehand. The agency and director responsible were each fined USD  39,000 (USD 3,000 per charge) after pleading guilty to 13 of 37 offences committed. Star Zest and  its sole director have since apologised for the incident and have assured authorities that they are  now acting in compliance with the rules.

Sony PlayStation back online after attack

A group named Lizard Squad have claimed to be responsible for a distributed denial of service  attack taking down Sony’s PlayStation Network. Sony has since announced that the network is back  online and that no personal information has been stolen. However the issue didn’t stop there, as  the group claiming responsibility for closing the network had also tweeted that there were  explosives on board an American Airlines flight carrying Sony Online Entertainment President, John  Smedley. The FBI are investigating the bomb threats meanwhile the Lizard Squad have announced plans  to now target Xbox Live.

Global watchdog sounds cyber attack alarm

Market watchdog Greg Medcraft (chairman of the board of the International Organisation of  Securities Commissions), has warned of the growing danger of cyber attacks on financial markets,  and has advised companies and regulators around  the world to address the “uneven” response to the  threat of online assaults. A more concerted effort to tackle cyber threats worldwide is called for as current approaches vary too much. Regulators are looking to produce a  global “toolbox” next year to assess whether firms are sufficiently robust, and are managing their risks adequately.