A strain of ransomware titled SamSam has earned its handlers over 5.1 million euros to date, according to estimates, since it first began hitting enterprises in 2015. Security firm Sophos has released the data in a report, after tracking the Bitcoin addresses found on SamSam ransom notes and sample files.
It has come to light that a recent breach disclosed by Ticketmaster UK may be much larger than initially reported, with not just the company’s UK site, but also their sites for Ireland, New Zealand, Australia, Turkey and even the US found to contain digital card-skimming code. Similar to the recent breach at Harvey Norman, this incident was caused by cyber criminals compromising a third-party service provider, not the site itself directly, leading security experts to believe many more websites may be at risk or have been compromised. This is part of a concerning new trend whereby cyber criminals are targeting third-party providers, who may deal with hundreds of websites, rather than attacking a website individually, exponentially increasing the damage inflicted.
Ticketmaster originally believed that only its UK website had been compromised, in a statement released last week
The flow of data between the United States and the EU may be at risk as tensions are rising around Privacy Shield. If you haven’t been living under a rock for the last two years, you will likely have heard of the GDPR – the EU data protection regulation that now fiercely protects EU citizen data, whether in the hands of a non-EU or EU-based organisation. You may have wondered, then, how companies in places like the US are still able to legally hold and process EU data without falling foul of the GDPR, and the answer is Privacy Shield. Privacy Shield is a framework that allows companies on both sides of the Atlantic to transfer data while complying with the GDPR. However, this may all soon change, with Members of the European Parliament calling for Privacy Shield to be brought up to scratch or invalidated.
Privacy Shield’s predecessor, Safe Harbour, was already invalidated in 2016 after it was ruled to be inadequate by the EU
In one of the last data breach fines to be handed down in a pre-GDPR Europe, the University of Greenwich has been ordered to pay a £120,000 fine to the Information Commissioner’s Office. The breach in question stemmed from a micro-website set up by students in 2004, and ultimately resulted in the details of 20,000 staff members and students being leaked online.
The University of Greenwich, in London, has accepted that it was responsible for the incident, and intends to pay the fine immediately.
Almost two years ago, the European Union signed the General Data Protection Regulation (better known as the GDPR) into law, allowing for a 24 month period before the regulation would become binding to allow organisations and businesses time to comply with its requirements. At the time of writing, the GDPR will come into force in just eight days, a thought which may strike fear into the hearts of many business owners who are not going to be fully compliant by the deadline. So what exactly is going to happen, come Friday the 25th of May? We’ve taken the time to compile some information and predictions to help cut through the noise and focus on what’s important.