Irish companies are believed to be reporting less than 5% of cyber attacks to police, according to disparities between figure from the Garda cyber crime unit and reports from private cyber security companies. Detective Superintendent and Head of the Garda Nation Cyber Crime Bureau, Michael Gubbins, has said that brand damage and embarrassment are among reasons given by companies for the under-reporting of cyber crime to the Gardai.
Eir is back in hot water again with the Data Protection Commissioner after the company issued a statement stating that it had lost an unencrypted staff laptop containing the details of 37,000 Eir customers. Eir has said that the data contained names, email addresses and customer account number, but that no financial details were compromised in the breach.
Eir is no stranger to data breaches, and has reported having multiple laptops with customer data lost or stolen in the past
Harvey Norman, the retail giant with 13 stores in the Republic and a further two stores in Northern Ireland, has admitted to customers that it suffered a data breach through a third-party tool used on its website. “We wish to alert you to a data breach that has occurred in the systems of a third-party website service provider, Typeform, which has resulted in the unauthorised access to some Harvey Norman data,” the company said earlier this week in a statement.
Harvey Norman was just one of the many companies affected by a breach at Typeform, a third-party website service provider
The flow of data between the United States and the EU may be at risk as tensions are rising around Privacy Shield. If you haven’t been living under a rock for the last two years, you will likely have heard of the GDPR – the EU data protection regulation that now fiercely protects EU citizen data, whether in the hands of a non-EU or EU-based organisation. You may have wondered, then, how companies in places like the US are still able to legally hold and process EU data without falling foul of the GDPR, and the answer is Privacy Shield. Privacy Shield is a framework that allows companies on both sides of the Atlantic to transfer data while complying with the GDPR. However, this may all soon change, with Members of the European Parliament calling for Privacy Shield to be brought up to scratch or invalidated.
Privacy Shield’s predecessor, Safe Harbour, was already invalidated in 2016 after it was ruled to be inadequate by the EU
In one of the last data breach fines to be handed down in a pre-GDPR Europe, the University of Greenwich has been ordered to pay a £120,000 fine to the Information Commissioner’s Office. The breach in question stemmed from a micro-website set up by students in 2004, and ultimately resulted in the details of 20,000 staff members and students being leaked online.