UK launches first regional cyber-security scheme
The Cyber-security Information Sharing Partnership (CiSP), an online platform for East Midland based companies, was launched this week. Cyber incidents can be anonymously or publically shared on the CiSP to protect against cyber threats. This partnership between law enforcement and businesses reflects the development of Regional Organised Crime Units across England and Wales and aims to make the UK more resilient to cyber threats and a safer place to do business.
Personal data of 4.5 million patients stolen in Chinese cyber-attack
US hospital group, Community Health Systems Inc., has reported 4.5 million patients’ data stolen in a cyber-attack by hackers based in China. Information taken includes patient names, addresses, birth dates, phone numbers and social security numbers and is the largest recorded attack of its kind since 2009 according to data from the US Department of Health and Human Services.
Apple announces users’ personal data will be stored in China
Apple has announced that iCloud user data belonging to people in China will now be stored at China Telecom’s data centres, triggering concerns about users’ privacy and the need to comply with Chinese censorship laws. Other companies such as Google have so far avoided storing data in China for these reasons. Apple has denied any potential security threat on the basis that “all data stored with [their] providers is encrypted, China Telecom does not have access to the content.”
Supervalu reveals payment card breach
One of the largest grocery chains in the US has become the latest retailer to fall victim to a cyber-attack. Customers’ personal information from 180 Supervalu affiliated stores such as account names, numbers, and expiration dates have potentially been stolen by hackers. Supervalu say there is no evidence of any misuse of customer data so far. But they are offering complimentary consumer identity protection to impacted customers for the next 12 months in an attempt to avoid the backlash felt by Target Corp after its data breach last year.
Xiaomi investigated by Singapore’s Personal Data Protection Commission
One of the fastest growing smartphone companies, Xiaomi, is currently being investigated by the Singapore Personal Data Protection Commission after a complaint sparking fears that the company was disseminating users’ data without their consent. Individuals’ carrier name, phone number and IMEI number was being transferred back to a server in Beijing. If found guilty of breaching Singapore’s Data Protection Act Xiaomi could be ordered to stop collecting data, destroy the data or provide access to the data, and may face a fine of up to SGD 1 million (USD 800,000). Negative publicity could have disastrous effects for this rapidly expanding company: Vietnamese consumers have already been advised to beware of the Chinese- made handsets.
Germany proposes new cybersecurity law
Draft legislation imposing more stringent cybersecurity requirements on companies and agencies responsible for critical infrastructure has been submitted by German Interior Minister Thomas de Maiziere. Companies will be required to report any cyber-attacks to the Federal Office for Information Security and will affect companies in “important areas” such as energy, information technology and telecommunications, transport, health, water, food and financial services. The proposal aims at making Germany a pioneer and example to other countries, providing the safest IT systems worldwide. Critics, however, are concerned about the administrative costs for affected companies.
Wearable tech is compromising our privacy
Wearable tech is one of the fastest growing industries in today’s market with products such as smartwatches, smartglasses and rings for public transport payments. As companies rush to retail new products (global sales have more than tripled in the last year) security and privacy considerations are frequently being overlooked by both manufacturers and consumers. These gadgets collect very personal data, including individuals’ sleep and exercise habits, but the lack of regulation within this market makes consumers vulnerable: currently there is nothing to stop applications such as FitBit from selling the data collected to third parties – such as health insurers – without the users’ consent. Consumers are at risk of discovering their healthy intentions today lead to a “privacy nightmare” tomorrow.