Security Breaches

A former gambling industry worker who unlawfully obtained and sold personal data relating to over 65,000 online bingo players has been found guilty of committing three offences under section 55 of the Data Protection Act. Marc Ben-Ezra, of Finchley, was given a three year conditional discharge and ordered to pay £1,700 to Cashcade Limited as well as £830.80 costs at Hendon Magistrates Court today. Information Commissioner, Christopher Graham, said: “This case shows that the unlawful trade in personal information is [...]

Adidas has taken its website content offline after suffering what it described as a “sophisticated, criminal cyber-attack”. The German sportswear maker said it had no evidence that its consumers’ data had been impacted, but that it was taking down the affected sites to protect visitors. The news follows a series of attacks against Sony earlier in the year. Millions of users details were compromised. A statement from Adidas said that it discovered the incident on 3 November. The firm said [...]

A security breach at the secure socket layers (SSL) certificate issuing authority of Dutch telco KPN has gone undetected for four years. The company’s Corporate Markets division announced on Friday that it has stopped issuing SSL certificates because in 2007 hackers compromised one of its servers. Previously issued certificates from KPN Corporate Markets remain in play, although there is an outside chance that they may have been compromised, the company confirmed. It has replaced its web servers and says it [...]

Rochdale Metropolitan Borough Council has become the latest local authority to be named and shamed by the Information Commissioner’s Office (ICO) after breaching the Data Protection Act by losing the details of 18,000 residents on an unencrypted memory stick. The device contained names, addresses and council payment details, although not bank account details, and has yet to be recovered despite being lost in May, according to the ICO. The council failed to ensure that memory sticks were encrypted, and did [...]

In the past two days the Information Commissioner’s Office (ICO) has reported serious data breaches involving three public bodies, two of which are NHS Trusts. Yesterday the ICO said that confidential patient records were found to have been dumped in public bins by staff at University Hospitals Coventry & Warwickshire NHS Trust on separate occasions this year. Sally Anne Poole, acting head of enforcement, explained that the sensitivity of the data held by the NHS imposes a duty to protect [...]

Sensitive data belonging to 480 lawmakers and their staff may have been exposed for more than a month, after computers in Japan’s Parliament were infected by malware, it was widely reported on Tuesday. The data-stealing trojan compromised computers used by three members of the Lower House, and possibly a server, The New York Times said. It gained a foothold after a lawmaker opened a file attached to an email at the end of July, Japan’s Asahi Shimbun newspaper reported. The [...]

The Linux community has been hit by more security woes after a breach forced the temporary closure of the web sites of the Linux Foundation and others. At the time of writing, LinuxFoundation.org, Linux.com and all sub domains were offline and replaced with a message informing visitors that a security breach occurred on 8 September, most likely as a result of an intrusion on Kernel.org at the end of August. “We are in the process of restoring services in a [...]

Belgian security firm GlobalSign is to resume issuing website authentication certificates, after a hacker claimed to have breached its systems. The company is still investigating whether bogus certificates were created in its name. Had that happened, cyber criminals would have been able to spy on users accessing supposedly secure sites. An earlier attack on Dutch company DigiNotar resulted in several hundred false certificates being issued. GlobalSign said it would start bringing its systems back online on Monday, but did not [...]

University Hospital of South Manchester NHS Foundation Trust lost the personal information of 87 patients when a medical student mislaid an unencrypted memory stick. According to the Information Commissioner’s Office (ICO), the trust breached the Data Protection Act when the personal details of patients, and sensitive information relating to their treatment, were lost last December. The mistake happened when a medical student, who had been on a placement at the hospital’s Burns and Plastics Department, copied data onto a personal, [...]

Up to 300,000 Iranians may have had their Google email monitored using security certificates stolen from Dutch firm DigiNotar. The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates. The report suggests the certificates were used in Iran to eavesdrop on email accounts. The list has been passed to Google so it can tell victims they may have come under government scrutiny. On 30 August, security firm Fox-IT was called in [...]