Data Protection News Roundup – 26th May 2020

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.


Coronavirus Response

Wide-ranging security flaws have been flagged in the Covid-19 contact-tracing app being piloted in the Isle of Wight. Read more here.

The contact-tracing software built by Apple and Google to support public health apps with tracking the spread of coronavirus has been released. The Apple and Google software follows what is known as a “decentralised” approach – where the contact data collected stays on a user’s device and can be analysed there, which supporters argue increases privacy and reduces the risk of identifying users by de-anonymising data. Read more here.


Data Breaches

The personal details of nine million Easyjet customers have been accessed by “highly sophisticated” hackers. Easyjet believes that the email addresses and travel details of nine million people were exposed along with the credit card details of more than 2,200 customers. Read more here.

Easyjet is now facing a class action in the High Court with a potential liability of £18 billion (£2,000 per impacted customer). Read more here.

The outsourcing company Serco accidentally shared the email addresses of almost 300 contact tracers recruited to assist in the UK government’s coronavirus “test, track and trace” strategy. Read more here.

According to cybersecurity company, Darktrace, the proportion of attacks targeting home workers increased from 12% of malicious email traffic before lockdown to more than 60% six weeks later. Read more here.

A group of fraudsters conned Norwegian state-owned investment fund Norfund out of $10 million (£8.1 million) by hacking into the company’s email system and falsifying communications with a Cambodian institution. Following an investigation, it was identified that Norfund’s email system was compromised by hackers for several months. They patiently monitored Norfund’s email communications with its clients, gathered information, and created an account impersonating a member of staff authorised to make payments. Read more here.


Other News

Code hosting business, GitLab, recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing – and a fifth of them submitted their credentials to the fake login page. Read more here.

A woman must delete photographs of her grandchildren that she posted on Facebook and Pinterest without their parents’ permission, a court in the Netherlands has ruled. The case ended up in court after a falling-out between the woman and her daughter and the judge ruled that the matter was within the scope of the GDPR. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.