A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor’s personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.
French data protection watch dog and data privacy agency, CNIL, has imposed nearly a $57 million fine against Google for violating GDPR privacy rules. This is the first time GDPR-related penalties have been imposed against a large U.S. technology company since GDPR was first made into law last year.
A massive data leak from an ElasticSearch server has exposed information on over 108 million bets, as well as personal information, deposits and withdrawals. The server was not configured with any password or authentication required to protect the data.
The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”
On Wednesday, October 24th, Cathay Pacific disclosed a data breach of passenger personal data of 9.4 million customers:
The company downgraded the user impact to 30 million users from 50 million users and also shared the details of the attacks that exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018.
Air Canada notified customers of a data breach involving the airline’s mobile application and potentially impacting thousands of user profiles.
Clarkson PLC (“Clarksons”), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.
Account data associated with 92 million users of genealogy and DNA testing service MyHeritage were leaked and found on a third party private server.
Expedia subsidiary Orbitz has determined on March 1, 2018 that personal data stored on their platform was compromised.