Cloud communications company Twilio says some of its customers’ data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.
In an attack on Twitter, data of 5.4 million users was stolen, which was then offered for sale on the Internet, the company has confirmed. Last month, Restore Privacy reported that an attacker had obtained account details of 5.4 million users through a vulnerability in Twitter. The vulnerability made it possible to retrieve telephone numbers […]
Sixty percent of breaches have resulted in companies recouping the cost of fines, clean-up, and technological improvements by increasing prices, essentially making consumers pay for breaches and companies’ lack of preparedness, according to the “Cost of Data Breach Report 2022”.
Telecom provider T-Mobile has reached a settlement in the United States with the victims of a major data breach that occurred last year in which the personal data of 79 million current and former American customers was stolen. This included names, dates of birth, social security number and driver’s license information, as well as telephone […]
The processing of location data is unnecessary, such as Windows 10’s location setting being automatically enabled violates the “data protection by default” requirement under Article 25(2) GDPR. The DPA noted that the principle of “data protection by default” requires that the controller, when using third-party software or firmware, ensures that functions for which there is […]
The America’s leading not-for-profit health plans and health care provider Kaiser Permanente,, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. An attacker accessed an employee’s email account containing patients’ protected health information (PHI) which included the patients’ first and last names, medical record numbers, dates of service […]
The America’s leading not-for-profit health plans and health care provider Kaiser Permanente,, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. An attacker accessed an employee’s email account containing patients’ protected health information (PHI) which included the patients’ first and last names, medical record numbers, dates of service […]
Organizations often ask how much chance they have on data protection fines and how much financial reserve they should make for that. Unit 27 June EDPB guidelines on calculating GDPR fines are released for public consultation. Interesting is to have a look at the example for mitigating and aggravating factors that could influence the height […]
Legoland Germany has leaked the data of thousands of customers via an IDOR vulnerability. Just adjusting a number in a URL was enough to download reservation data dating back to 2015. This includes period of stay, names and addresses of customers who made the reservation for Legoland, as well as the people who were with […]
Bank of Ireland failed to:– report dataleaks without delay;– provide sufficient detail to the DPC;– issue communications to data subjects without undue delay;– failed to implement appropriate technical and organisational measures. Result: €463,000 fine