Each week, PrivSec:Report presents the top 5 headlines from the week’s news and upcoming events in the privacy and security industry. This week it’s been revealed that encrypted PDF’s are not as secure as once thought and New York is suing Dunkin’ Donuts over a data breach from back in 2015.
New York state has decided to sue Dunkin’ Donuts because they suffered a data breach back in 2015 and failed to disclose it to the relevant authorities. The breach affected 20,000 customers who were notified at the time of the breach but Dunkin’ failed to implement appropriate safeguards to prevent any future attacks against its users.A spokesperson has said there’s no basis for the claims and that they “look forward to proving our case in court”. Read the full story here.
Keeping national security secure
The House of Commons has declined to release data visible online over fears that it may pose a risk to national security following a FOI request made by The Independent. The decision was made by the House of Commons and has been upheld by the UK’s Information Commissioner, but an expert has said: “It’s worrying that ICO is willing to endorse such speculative arguments to hide data that we’ve previously had access to.” And House of Commons has refused to comment. Read the full story here.
Not even encrypted information is safe
Researchers have developed an attack that can allow threat actors to extract and steal data from encrypted PDF files. The attack named PDFex, has two variants, both of which can allow PDF documents to be modified, thus allowing an attacker to extract and steal data. These attacks rely on an attacker being able to access the victim’s network traffic, or having actual physical access to a storage system – the full findings will be released by the researchers in November. Read the full story so far here.
Security health concerns
Ten hospitals, seven in Australia and three in Alabama, have been held to ransom by cyber-criminals since Monday. The Alabama hospitals were hit so badly that they had to stop taking in patients; the attacks in Australia resulted in booking systems being shut down to quarantine the virus and surgeries being delayed. At present, it’s not known whether the systems are recovered and running as normal. Read the full story here.
Facebook meant well for a change
At the beginning of the year, Facebook announced that it was going to add end-to-end encryption to its messages, but now the UK, US, and Australian governments have clubbed together to put an open letter to Facebook asking for the social networking site to suspend its plans to encrypt all messages on its platforms. The letter argues that the encryption plan would prevent law agencies from discovering illegal activity through Facebook, highlighting the risks surrounding child exploitation. Zuckerberg said: “Law enforcement, obviously is not going to be psyched about that. But we think it’s the right thing to protect people’s privacy more, so we’ll go defend that when the time is right.” Read the full story here.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.