Shane Chambers No Comments

Central Statistics Office P45 Data Breach Caused by Human Error

The Central Statistics Office has admitted to a data breach involving an error by a staff member, leading to a sever breach of data protection rules. Reports were made last week that a past employee for the CSO has been sent P45s of other past and present employees in error. The past employee was outraged at the time, as she believed that 1000 people’s records had been breached.

The CSO has since issued a “sincere apology” for the incident, and volunteered that the incident had not affected 1000 people, but had actually concerned 3000 former employees.


The Central Statistics Office has apologised for a staff error which sent 3000 P45s to a past employee – a catastrophic data breach

Read more

Shane Chambers No Comments

Uber: How Not to Handle a Data Breach

Uber is back in the hot water again after it has revealed that over 57 million records were exposed in a 2016 data breach, which it subsequently covered up. This news comes not long after Uber ousted founder and CEO Travis Kalanick, who was suceeded in August by Dara Khosrowshahi. Kalanick was forced out of his own company due to a litany of scandals, and now Khosrowshahi is keen to do things the right way – hence the fresh statement declaring the breach. However, this has put Uber into a very troubling situation as not only do they face legal action for covering up a data breach, but it has also revealed an incredibly poor security culture within the company.


Uber will already be subject to regular external data audits for the next 20 years due to a previous, much smaller data breach

Read more

Shane Chambers No Comments

New Survey Estimates 75% of Irish Businesses Not Ready for GDPR

A new survey has been conducted by Mazars and McCann Fitzgerald on Irish businesses around their levels of GDPR readiness, and the results are not pretty. An astounding three quarters of businesses surveyed say that they’re not ready for the GDPR, which comes into effect in six months time. This latest insight into how the new EU data protection regulation will affect Irish businesses has revealed that they are facing serious levels of difficulty in complying with the new rules.


The Office of the Data Protection Commissioner has stated that there will be “no leeway” for non-compliance come May

Read more

Shane Chambers No Comments

Credential Stuffing

Credential Stuffing is a common practice in cyber crime where a hacker or cyber criminal gains access to a user’s email addresses and password, and proceeds to try that password against other accounts/services belonging to that individual. This is performed based on the knowledge that users often reuse the same passwords between different accounts/services, albeit sometimes with slight variations.

This is a highly effective means of attack, as users may change passwords for services that they are aware have been breached, but may not think to change that password where it is in use on other accounts. Credential stuffing is also commonly used when attempting to commit identity theft against a user.

It is highly recommended that all users do not reuse passwords between services, and to use a password manager if required to help them remember distinct, secure passwords.

Shane Chambers 1 Comment

Businesses Confused by “State of the Art” GDPR Tech Requirement

GDPR is coming. Rapidly, as it so happens, and at the time of writing there is just over 6 months to go until the 25th May 2018 deadline for compliance. Since the GDPR was adopted by the EU in 2016, businesses have been trying their best to understand the impending data protection regulation and, ultimately, ensure they are compliant. The GDPR is no straight-forward matter, though, as much of the phrasing is purposely vague to allow for possible technological advances, and to ensure that the regulation itself does not become obsolete in the near future. The idea is that if the GDPR specified which technologies were to be employed by a business in order to safeguard its data, it may be superseded by new technologies – thus reducing the effectiveness of the regulation. A key GDPR requirement, under Article 32, states that data controllers and processors are required to “implement appropriate technical and organizational measures” taking into account “the state of the art and the costs of implementation” and “the nature, scope, context, and purposes of the processing”. But what exactly does state of the art mean?


The EU has specifically worded some GDPR requirements in a vague manner, to ‘future-proof’ them from technological advances

Read more