Orange hack exposes data of over 1 million customers

France’s largest telecoms group has suffered it’s second cyber breach in just three months. Confidential information belonging to 1.3  million people, including their names, telephone numbers, dates of birth and email addresses have been exposed. Hackers were able  to gain access to a platform that Orange used to send promotional emails and text messages for its commercial campaigns in France.  Orange has assured customers that “all necessary actions have been implemented to correct the relevant technical dysfunctions and  to prevent any new illegitimate access to this data”. Affected customers have been warned not to reply to any further attempts to  gain information from them.

Another privacy controversy for Facebook

Facebook’s latest acquisition of the fitness tracking app Moves, which tracks user movements, has raised instant concerns after  Moves changed its privacy policy days after the acquisition. Moves’ original policy stated that the company would not disclose data  to third parties without legal obligation or consent, and their company announcement stated that there would be no “co-mingling  of data” after the acquisition. Despite this, Moves has changed its privacy policy to allow the app to “share information, including  personally identifying information” with its affiliates (which includes but isn’t limited to Facebook). Facebook can therefore now use  Moves user’s offline, daily routines to send them targeted advertisements. 

Multicard breaches privacy of 9000 customers

Australia’s Privacy Commissioner, Timothy Pilgrim, has concluded that Global ID card solutions provider, Multicard, breached  customers’ privacy after their personal data was leaked online. It was found that Multicard had stored personal information  including names, birth dates, addresses, and credit card numbers, on a publicly accessible server (without appropriate security  controls) resulting in the data becoming available online. The information was discoverable through Google over a 4 month period  and was accessed and downloaded by unauthorised parties. In his statement, the Commissioner said that the breach could have  been easily avoided and that Multicard failed to implement basic security measures to protect the information. 

Heartbleed data leak case closed

Canada’s privacy watchdog has announced that it will not investigate further, the recent data breach suffered by the Canadian Revenue  Agency (CRA) as a result of the Heartbleed bug. The Interim Privacy Commissioner, Chantal Bernier, has stated that there is no active  investigation into the Heartbleed security glitch that hit the CRA e-filing site affecting thousands of Canadian tax filers, as it was an  “internet-wide issue that was probably not malicious”. Bernier stated that the leak exposed the vulnerability of the internet as opposed to  the deficiencies of any one dataholder and at present the breach does not appear to be caused by any management failing. 

ICO issues data protection warning

The Information Commissioner’s Office (ICO) has written to the UK’s main political parties warning them to follow data protection  and e-marketing rules in the run-up to European and local elections on 22 May. The warning comes just months after the Market  Research Society accused the Conservative Party of breaching data protection rules with an online survey. According to the ICO,  political campaigns may conduct genuine research to formulate policies, but communications claiming to be for research which are  actually intended to gain support, are not allowed. The ICO has issued detailed guidance on the matter. 

Shipping industry faces cyber attack

According to a recent analysis by the Director of Information Protection at KPMG, cyber security in the shipping industry is 10 to 20  years behind that of office-based computer systems, leaving it wide open to ever-increasing cyber threats. KPMG has worked with  one, unnamed major shipping company, which already has strong grounds to suspect it has been the victim of a deliberate hacking  attack. The key risk areas faced by the industry include a lack of IT specialists, unsuitable IT system controls and unorganised  structures. Shipping companies are advised to take action now to update the way they operate, to build greater awareness and to  tighten risk assessments to ensure control systems effectively protect against any impending cyber attack.

White House offers privacy advice

The White House will be setting out plans to advise US citizens on how best to protect their privacy in the mobile era. Following a  90-day review of “big data”, the White House is expected to encourage companies to protect privacy and identify areas for further  study, rather than calling for a legislative overhaul. The proposals come following the Snowden revelations concerning the NSA data  collection programmes. The review is being led by John Podesta, Senior Counselor to the President, who has described it as a “scoping  exercise” to look broadly at tech privacy issues as opposed to an attempt at developing detailed policies.