Each week, PrivSec:Report presents the top 5 headlines from the week’s news and upcoming events in the privacy and security industry. This week the ICO showed it’s teeth by intending to hit both British Airways (BA) and the Mariott with massive fines for data breaches, and the NHS has revealed how badly hackers want to get into their systems.
The sky’s the limit for a data breach fine
The week started with the ICO intending to fine British Airways a massive £183 million following the data back in September 2018 which affected half a million of its customers. The fine amounts to 1.5% of the company’s annual turnover for 2018 as per GDPR regulations. BA say they were “surprised” by the result as they believe they acted quickly enough to avoid any criminal stealing the personal data. Read the full story here.
Check out the ICO
Just one day after the BA announcement, the ICO has really shown its teeth when announcing that they intend to fine Mariott International an even greater £99 million following their data breach revealed in November 2018 that exposed 339 million guest records. The ICO found that Marriott had failed to undertake sufficient due diligence when it had acquired Starwood in 2016. A spokesperson from Mariott International has said they will contest the decision. Read the full report here.
No one is safe
Research has been published this week which reveals how UK businesses hit by cyber-attacks every 50 seconds. The figure has seen a massive increase from last years report, being up 179% from 2018. A spokesperson from the conductors of the research has stressed that all businesses are under attack and more needs to be done to minimise the threat of online attacks. Read the full rundown of the research here.
To whom it doesn’t concern
Energy company E.on has issued an apology after an email blunder exposed customer addresses to other customers via email. The email contained information requesting meter readings which affected just under 500 customers. Many of the customers are threatening to report the energy company to the ICO despite the company being in contact with those affected by the incident. Read more about the breach here.
Block the haters
The NHS holds some of the most personal information on patients, and following a Freedom of Information request the NHS revealed in the last three years alone, it has blocked approx. 11.4 million malicious emails The Imperial College has said the NHS still remains vulnerable to cyber attacks, due to a combination of outdated computer systems and a lack of skills and awareness in cybersecurity. Read the full story here.
Ok Google, it’s your turn – what do you know?
Finally, we have been made aware of the various issues with smart speakers – particularly with Amazon reportedly listening in to conversations and that information is kept indefinitely, but this week it has been revealed that Google workers note down Google Assistant commands. Google has said it’s to “improve services” but one employee had to listen to dialogue spoken by a woman who was in trouble, and no guidelines have been provided as to what to do in such situations. Read more here.
Quote of the week:
“There are only two types of companies: those that have been hacked, and those that will be”
– Robert Mueller, FBI Director
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/