Entire Source Code Base Stolen and Posted Online The term a massive breach doesn’t quite describe what took place at Twitch, Amazon’s streaming platform. Twitch announced the breach on Twitter on Oct. 6, 2021. The amount of data is staggering—around 125GB—but the scope of its content is truly astonishing. The hackers stole: All of Twitch’s source code. All of it. Every piece of software they’ve written in-house. Remuneration details for their content creators.
UK EU Adequacy Decision Accepted On the June 17, 2021 the EU countries voted on the adequacy decision for the UK. The item in question—the bit that’s either adequate or not—is the UK’s data protection framework. The data protection framework of a non-EU country has to be ratified by the EU before personally identifiable information is permitted to be sent from the EU to that country. Basically, the data protection framework in the non-EU country must be as thorough as the GDPR, and the personally identifying information must be protected and safeguarded just as comprehensively as if it were being processed in a EU country.
Irish Council for Civil Liberties Launch Major Litigation The Irish Council for Civil Liberties (ICCL), said in a statement that online advertising amounts to “the Biggest. Data. Breach. Ever” and accusing internet adland of compiling “secret dossiers” on every single netizen. The ICCL is fronted by Johnny Ryan, privacy-focussed web browser Brave’s ex-chief policy officer. He said: “These secret dossiers about you – based on what you think is private – could prompt an algorithm to remove you from the shortlist for your dream job.
EU Parliament votes on UK Adequacy Decision Today This morning the European Parliament will debate the adequacy or otherwise of the protection of personal data provided by the United Kingdom’s data protection framework. This is the UK’s version of GDPR as contained within the Data Protection Act 2018 (DPA 2018). Two resolutions will then be put to the vote. Although we’ve come this far and we’re close, it isn’t a done deal.
Student Downloads Pirated Software and Infects COVID-19 Research Institute A research student working at a European biomolecular research institute wanted to obtain copy of the software he used at the Institute for his personal use. The cost of a license proved too much for the students budget, so he asked on an online forum if there was a way he could get a cracked copy of the software. That is, one that has been modified by cybercriminals so that licensing is bypassed.
533 Million Facebook Accounts from 106 Countries Leaked Online Yet again, Facebook suffers a data breach embarrassment. Underlining once more—as if it was needed—that Facebook does not practice what it preaches when it comes to safeguarding and protecting its users’ personal data. The breached data is freely available on the Dark Web. Usually, breaches of this type are monetized. The threat actors charge other cybercriminals for access to the data.
EU and U.S. Data Flow Talks Cranked Up a Notch As I reported back in July 2020 in a blog titled CJEU Invalidates EU-US Privacy Shield Agreement, the EU-U.S. Privacy Shield agreement, which allowed data to be transmitted out of the EU to participating US companies, was ruled invalid by the Court of the European Union (CJEU). On March 25th, 2021, the EU Commissioner for Justice and the U.S. Secretary of Commerce made a joint statement on the state of the negotiations to find a solution that would permit the flow of personal data to recommence.
Gobbledegook Tweet Causes Panic An ominous tweet from the US Strategic Command—the agency responsible for looking after America’s nukes—simply said “;l;;gmlxzssaw”. Was it a message in a strange code, or maybe a glitch in the software? Had the account been hacked—and if so, what else had been hacked? Thankfully, this time, there’s no need for panic. It turns out a working-from-home manager had left his computer unattended and his young child mashed on the keyboard a few times.
Post-Brexit EU-UK Adequacy Decision Has Been Drafted Before you can transmit personal data from a European Union country to a country not within the EU or the European Economic Area—known as a third country—there has to be an adequacy decision made by the European Commission. The third country must have a framework in place that both provides data protection and upholds the rights of the data subjects as well as—or better than—the EU’s General Data Protection Regulation.
GCHQ and MI5 Cannot Rely on General Warrants The High Court ruled on January 8th, 2021 that it was unlawful for the GCHQ and MI5 to use warrants issued under Section 5 of the Intelligence Services Act 1994 (ISA) to interfere with the property—including computers—of multitudes of people based on a single warrant. The High Court quashed a 2016 decision by the Investigatory Powers Tribunal (IPT), and ruled that section 5 of the Intelligence Services Act (ISA) 1994 does not permit the issuing of general or thematic warrants to authorise property interference and certain forms of computer bugging, monitoring and hacking.
Copyright (c) 2020-22 McKay Consulting. All Rights Reserved.
Template by Bootstrapious. Ported to Hugo by DevCows.
