Data Breaches
Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector
As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to report privacy breaches and have privacy management programs. The two provisions are the last to come into force from amendments made to B.C.’s Freedom of Information and Protection of Privacy Act in November 2021. Mandatory breach reporting…
Read More »WhatsApp data breach sees nearly 500 million user records up for sale
A post on a “well-known hacking community forum” claims almost half a billion WhatsApp records have been breached and are up for sale. The post, which multiple sources have confirmed is likely to be true, claims to be selling an up-to-date, 2022 database of 487 million mobile numbers used on…
Read More »Is the EDPB’s ‘targeted update’ to data breach reporting guidance a ‘mini-budget’ moment for GDPR regulation?
You would have had to be living under a rock to have missed all the political turmoil in the U.K. over the past few weeks concerning the U.K. government’s “mini-budget.” In essence, even the staunchest government allies now accept it was a mistake to make changes to the U.K. tax…
Read More »Part 2 | Privacy 101 – Obligations Under Québec’s New Act 25: Why you must now record and report privacy violations
This podcast series, intended for private sector companies doing business in Québec, dives into the requirements of Act 25 coming into force on September 22, 2022. Candice Hévin and Marie-Eve Jean, from our Privacy & Data Protection Group, lead the discussions on the changes to the private sector regime, namely the amendments to the…
Read More »Uber’s ex-security chief faces landmark trial over data breach that hit 57m users
Uber’s former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach. The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at…
Read More »Massive data breach at Arnprior Regional Health
Arnprior Regional Health says a cyber attack compromising data dating back decades has taken place. The health network says they became aware of the hack on its IT system on Dec. 21, 2021. Information including names, dates of birth, contact information, health card numbers, recent hospital visits, and diagnoses. ARH…
Read More »Facebook fined $18.6M over string of 2018 breaches of EU’s GDPR
Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed…
Read More »Hackers demand $15 million ransom from TransUnion after cracking “password” password
International credit bureau TransUnion says that hackers managed to breach a server operated by its South African division, and gained access to the personal information of individuals. According to an FAQ published by TransUnion South Africa, the cybercriminals gained access to the sensitive data by using the compromised credentials of one of…
Read More »SEC to Require Hacks to Be Reported Within Four Days
Wall Street’s watchdog voted to unveil a rule on Wednesday that aims to enhance how public companies disclose when they experience a breach, and how soon. Under the proposed Securities and Exchange Commission (SEC) measures, a company would have to spell out when it experiences a risk and what strategies…
Read More »Fraud and scam activity hits all-time high
Using data gathered from analyzing more than one billion sites, the 2022 State of Phishing and Online Fraud Report highlights the trends that drove digital scams in 2021. In this, the company’s third year of tracking phishing and scam data, we can see with no uncertainty how the pandemic has…
Read More »