Who’s getting it wrong?
Facebook has revealed that almost 50 million of its users were left exposed by a security flaw. Facebook’s disclosure of the breach came just under the 72-hour window for disclosing the news to privacy commissioners as required by the GDPR. As Facebook Europe is based in Ireland, the Irish Data Protection Commissioner is the authority that will deal with breach. If found to be in breach of the GDPR the maximum fine Facebook could face is £1.25bn – 4% of its annual turnover. Read more here.
The ICO has begun formal enforcement action against 34 organisations that have failed to pay the new data protection fee. The data protection regulator has sent notices of its intent to fine the organisations unless they pay. Those who don’t could face a maximum fine of £4,350. Read more here.
The personal details of ministers and other MPs could have been accessed by anyone after a major security flaw in the Conservative Party’s official conference app. Several ministers, including those with top-ranking security clearance, were reported to have received nuisance calls from the public after the breach. Read more here.
Bupa has been fined £175,000 by the ICO for failing to have effective security measures in place to protect customers’ personal information. In 2017 a Bupa employee was able to extract the personal information of 547,000 Bupa Global customers and offer it for sale on the dark web. The ICO’s investigation found systematic inadequacies in the way Bupa safeguarded personal information and that they went unchecked for a long time. Read more here.
The ICO has fined a Manchester firm £150,000 for making thousands of nuisance direct marketing phone calls. The company, Oaklands Assist UK, made 63,724 calls over a two month period in 2017 to people who were registered with the Telephone Preference Service. There were 59 complaints. Read more here.
A former nurse at Southport and Ormskirk Hospital NHS Trust has been prosecuted for access patients’ medical records without authorisation. The people whose records she accessed included that of a friend and one child. She was dismissed for gross misconduct and fined by the ICO. Read more here.
Tesco Bank has been fined £16.4m by the UK Financial Conduct Authority for failings surrounding a cyber attack on its customers in November 2016. The fraudsters got away with £2.26m which Tesco Bank refunded to account holders. The FCA said the bank failed to exercise due skill, care and diligence in protecting its personal current account holders. Read more here.
New data from Lloyds Bank has revealed that in the last year the number of UK companies on the receiving end of business scams involving emails has risen by 58%. The average loss from these types of frauds has reached £27,000. A significant number of those polled said they’d encountered scammers who had posed as their boss or a supplier. Even worse, a quarter of victims of impersonation fraud were apparently so ashamed they decided to hide their mistake from their team for fear of being fired. Read more here. You may be interested to read an article our MD Matthew Lamb has written about this type of scam known as social engineering and how to manage it in today’s digital world.