Orange hack exposes data of over 1 million customers
France’s largest telecoms group has suffered it’s second cyber breach in just three months. Confidential information belonging to 1.3 million people, including their names, telephone numbers, dates of birth and email addresses have been exposed. Hackers were able to gain access to a platform that Orange used to send promotional emails and text messages for its commercial campaigns in France. Orange has assured customers that “all necessary actions have been implemented to correct the relevant technical dysfunctions and to prevent any new illegitimate access to this data”. Affected customers have been warned not to reply to any further attempts to gain information from them.
Another privacy controversy for Facebook
Multicard breaches privacy of 9000 customers
Australia’s Privacy Commissioner, Timothy Pilgrim, has concluded that Global ID card solutions provider, Multicard, breached customers’ privacy after their personal data was leaked online. It was found that Multicard had stored personal information including names, birth dates, addresses, and credit card numbers, on a publicly accessible server (without appropriate security controls) resulting in the data becoming available online. The information was discoverable through Google over a 4 month period and was accessed and downloaded by unauthorised parties. In his statement, the Commissioner said that the breach could have been easily avoided and that Multicard failed to implement basic security measures to protect the information.
Heartbleed data leak case closed
Canada’s privacy watchdog has announced that it will not investigate further, the recent data breach suffered by the Canadian Revenue Agency (CRA) as a result of the Heartbleed bug. The Interim Privacy Commissioner, Chantal Bernier, has stated that there is no active investigation into the Heartbleed security glitch that hit the CRA e-filing site affecting thousands of Canadian tax filers, as it was an “internet-wide issue that was probably not malicious”. Bernier stated that the leak exposed the vulnerability of the internet as opposed to the deficiencies of any one dataholder and at present the breach does not appear to be caused by any management failing.
ICO issues data protection warning
The Information Commissioner’s Office (ICO) has written to the UK’s main political parties warning them to follow data protection and e-marketing rules in the run-up to European and local elections on 22 May. The warning comes just months after the Market Research Society accused the Conservative Party of breaching data protection rules with an online survey. According to the ICO, political campaigns may conduct genuine research to formulate policies, but communications claiming to be for research which are actually intended to gain support, are not allowed. The ICO has issued detailed guidance on the matter.
Shipping industry faces cyber attack
According to a recent analysis by the Director of Information Protection at KPMG, cyber security in the shipping industry is 10 to 20 years behind that of office-based computer systems, leaving it wide open to ever-increasing cyber threats. KPMG has worked with one, unnamed major shipping company, which already has strong grounds to suspect it has been the victim of a deliberate hacking attack. The key risk areas faced by the industry include a lack of IT specialists, unsuitable IT system controls and unorganised structures. Shipping companies are advised to take action now to update the way they operate, to build greater awareness and to tighten risk assessments to ensure control systems effectively protect against any impending cyber attack.
White House offers privacy advice
The White House will be setting out plans to advise US citizens on how best to protect their privacy in the mobile era. Following a 90-day review of “big data”, the White House is expected to encourage companies to protect privacy and identify areas for further study, rather than calling for a legislative overhaul. The proposals come following the Snowden revelations concerning the NSA data collection programmes. The review is being led by John Podesta, Senior Counselor to the President, who has described it as a “scoping exercise” to look broadly at tech privacy issues as opposed to an attempt at developing detailed policies.