Japan suffers massive data leak
Tokyo police have arrested a systems engineer at education firm Benesse, accused of stealing the personal data of at least 7.6 million customers and selling the details for profit. The data was saved onto a portable recording device, sold to a broker of name lists for millions of Yen and later used for direct mailing. The information, which contained names, addresses, birth dates and phone numbers, could include up to 20.7 million items. The breach is one of the largest-ever data leaks in Japan and Benesse have released a statement that uncovering the cause of the leak and preventing malicious use of the leaked information are top priorities.
Goodwill suspected payment card breach
Goodwill Industries International has been notified of a possible payment card breach at its U.S. based retail outlets following potential hacking which compromises its point of sale terminals. Successful attacks against POS systems have taken place despite a campaign to ensure payment card systems are secure. The U.S. Secret Service is investigating along with industry fraud units. Goodwill has released a statement that it is planning to take “prompt and appropriate actions” if a breach is discovered.
Australian data breach takes 3 years to report
Catch of the Day claims to be Australia’s number one online department store with the only retail website experiencing higher traffic being Amazon. In an email to all their customers, the retailer admitted that it knew of a data breach back in May 2011. The illegal cyber-attack occurred in early 2011 and saw encrypted passwords and user information taken from the Catch of the Day database. Only those members who joined prior to 7 May 2011 were affected but a limited number of these customers also had credit card data stolen. The retailer has claimed that it acted swiftly at the time to shut down the attack and inform the relevant authorities. Catch of the Day have refused to comment any further on the matter.
Royal Assent granted
The new Data Retention and Investigatory Powers (DRIP) Act came into force last week requiring UK telecoms companies to retain information about customers’ communications. The DRIP Act, which was enacted following a fast tracked approval process, is more specific than the previous law with regards to the purposes for which data is to be disclosed. The Act requires internet and phone companies to collect their customers’ personal communication data, tracking their phone and internet use, and store it for 12 months to give access to the police, security services and up to 600 public bodies on request. However, a legal challenge against the Act is being brought in the high court backed by human rights organisations concerned that blanket retention of data is a breach of fundamental rights to privacy.
EU privacy watchdogs and search engines meet
EU privacy regulators and search-engine providers are meeting to determine how the “right to be forgotten” can be enforced. According to the Article 29 Data Protection Working Party, regulators plan to develop “elaborate, coordinated and coherent guidelines” to handle complaints over refusals by Google Inc and others to remove information. Google is currently grappling with “vague and subjective tests” set by the EU Court on how it must handle requests for information to be removed. Microsoft will be amongst those attending and a Google spokesperson has stated that the company has “plans to cooperate with privacy officials”.
Italy gives Google 18 months
Italy’s data protection regulator has given Google 18 months to change the way it treats and stores user data, bringing an end to its part in a European drive to reform Google’s privacy policies. The Italian watchdog has said that Google’s disclosure to users on how their data was being treated remains inadequate and as part of the process, Google has agreed to present a document by the end of September that will set a roadmap of steps to comply fully with the Italian regulator’s decision. Failure to comply could result in fines of up to EUR1 million. The news comes at the same time New York federal judge Gorenstein, grants prosecutors access to a Gmail user’s email as part of a criminal probe. Google have not commented on the decision.
Hacking experts protect cars from cyber attack
Security experts who exposed methods for hacking the Toyota Prius and Ford Escape have developed technology protecting cars from cyber-attacks. The “intrusion prevention device” contains a set of computer algorithms that listen to traffic in a car’s network to identify anomalies and block rogue activity. The auto industry has increased efforts to identify and mitigate potential cyber security risks over the past few years.