On Monday, it was announced publicly that Wi-Fi security, specifically the WPA2 standard, was essentially broken. The culprit is a bug named KRACK (Key Reinstallation Attack) which takes advantage of fundamental flaws in how WPA2 operates, and has exposed many shortcomings in how the industry responds to such attacks as well. WPA2 (Wi-Fi Protected Access II) is hugely prevalent, as it is the current generation of authentication used on wireless networks. That means that almost every wireless device could be affected by KRACK, as most devices use WPA2. This includes everything from laptops and phones to routers and IoT (Internet of Things)/Smart devices.
Data transfer between the EU and US had come under fire in the Irish courts, due to a dispute in the clause Facebook Ireland uses to send data back to its international parent, Facebook US. EU data protection and privacy laws are among the strongest in the world, and as such, any data pertaining to EU citizens cannot be transferred outside Europe without strong assurances in place that the data will be processed under EU-compliant terms. While the US data protection laws are considered inadequate for European data, many international tech companies circumvent this using a model known as “standard contractual clauses”, whereby the parent company (Facebook US, in this example) enters into a contract with their EU subsidiary (Facebook Ireland) which pledges to meet the EU’s strict rules. Ireland is home to the European headquarters of 9 out of 10 of the of the world’s largest social media companies, and standard contractual clauses have been considered legally acceptable by the EU since 2001.
Ireland is home to 9/10 of the world’s largest social media companies (including Facebook), making it a crucial link between EU and US regulations.
Equifax, one of the “big three” credit bureaus in the US, is in hot water at the moment after suffering a data breach which has exposed personal data for 143 million people. Social security numbers, birth dates, addresses and even some driver’s license numbers are believed to have been compromised, making this one of the largest data breaches to date. While most of the data exposed to “unauthorised access” belonged to US citizens, Equifax stated that that “limited personal information for certain UK and Canadian residents” had also been compromised.
Equifax made a series of mistakes following the data breach, culminating in replacement of the CEO, Richard F. Smith
INTO, the Irish National Teachers Organisation, has reported that it was the target of a cyber attack in recent days, notifying up to 30,000 teachers and retired staff who may have had their personal data compromised. The organisation has stated that any user who has completed online courses on their website (intolearning.ie) may be affected, which includes not only current teaching staff but also past staff who had booked retirement planning courses.
INTO, the Irish National Teachers’ Organisation, does not believe any financial data was accessed during the attack
With the EU General Data Protection Regulation (GDPR) only 8 months away from coming into force, surveys are showing that many businesses across the UK and Ireland are still confused about exactly what the regulation means for them, and may be unprepared for GDPR. A survey conducted of over 1000 IT decision makers revealed that 64% were unaware that customers’ birth dates are considered personally identifiable information (PII), which is especially worrying as any mishandling of such data could constitute a breach of the GDPR and result in fines of up to €20 million. 42% did not realise that email marketing databases contained PII, 32% did not consider physical addresses to be and 21% did not even consider customer email addresses to be PII. In contrast, 85% of these survey respondents reported that they have reviewed the GDPR requirement thoroughly and 79% believe they have done everything they need to do to secure their data. This disparity marks a worrying trend for businesses, big or small.