In this week’s Data Privacy News…
Data about students has been stolen from at least 10 universities in the UK, US and Canada after a cyber attack on a cloud computing provider.
Human Rights Watch and children’s mental health charity, Young Minds, have also confirmed they were affected.
The hack targeted Blackbaud, one of the world’s largest providers of education administration, fundraising, and financial management software. The US-based company’s systems were hacked in May.
It has been criticised for not disclosing this externally until July and for having paid the hackers an undisclosed ransom.
In some cases, the data was limited to that of former students, who had been asked to financially support the establishments they had graduated from. But in others it extended to staff, existing students and other supporters.
The institutions the BBC has confirmed have been affected are…..
The National Cyber Security Centre (NCSC) has warned that hackers linked to the Russian intelligence services are targeting UK researchers working on a coronavirus vaccine.
The warning has been issued by the UK’s cyber security agency alongside its US and Canadian counterparts.
The UK’s cyber security agency, the NCSC, has revealed Russian cyber criminals have targeted UK academic and healthcare organisations with the aim of stealing information relating to the development of a Covid-19 vaccine.
The NCSC – working with counterparts in the US and Canada – identified the attackers as a hacking group known to security researchers as APT29.
The Government has admitted that England’s Covid-19 Test and Trace programme has broken a data protection law, according to a letter sent to privacy campaigners.
The Department of Health and Social Care acknowledged it had failed to carry out a risk assessment on how the system would affect privacy.
It follows the threat of legal action from the Open Rights Group, which claims that the programme to trace contacts of those infected with Covid-19 has been operating unlawfully since its launch on May 28.
A spokesman for the DHSC said there is “no evidence” of data being used in an unlawful way.
Source & full story: Evening Standard
The more time you spend in this high-frequency kaleidoscope of under-25s doing wacky things, the more experience its recommendation algorithm — a code that uses a number of tools and factors to personalise TikTok feeds for each person — has in bringing you distractions tailored to your tastes.
Ultimately, TikTok learns what you like and shows you more and more of it. The cornerstone of the app is its #ForYou page — “for” and “you” being the tip-off that the app intends to know you better than you know yourself —which is a seemingly infinite vertical expanse of short video clips designed to keep you scrolling for as long as possible.
Sounds innocent — indeed, mindless — enough, but this week the Chinese social media app beloved by Gen Z is at the centre of a building controversy that goes to the heart of government.
Source & full story: Evening Standard
A Premier League club came close to losing £1m during a transfer deal because of cyber hackers.
The National Cyber Security Centre (NCSC) said it was only the intervention of the unnamed club’s bank that stopped the theft.
It was one of several incidents highlighted as evidence that sport needed to improve its cybersecurity.
“The impact of cybercriminals cashing in on this industry is very real,” said the NCSC’s Paul Chichester.
Source & ful story: BBC Sport
A customer of telecomms firm, T-Mobile, has filed a suit in Washington federal court, claiming that the company’s lacking security measures were the reason thousands of dollars’ worth of crypto was drained from his crypto exchange account.
Carlos Tapang accused T-Mobile for “failure to provide appropriate security for its customers”, according to Law360. He stated that inefficient security measures allowed the thieves to transfer his own phone number to another carrier, thus enabling the theft.
Tapang claims 1,000 OmiseGo (OMG) tokens and 19.6 BitConnect coins were stolen. This was, supposedly, exchanged for 2.875 Bitcoins, which at the time of the theft, November 7th, were worth USD 20,466.55 total.
Apparently, the company had assured Tapang they would add a PIN number to his account prior to the incident, but didn’t actually implement it. According to The Verge, “The complaint also lists several anonymous internet users who have posted about similar security breaches to their own T-Mobile accounts.”
Source & full story: CryptoNews
If you liked the news stories on this page, check out our Premium Privacy Insights for informative articles on wide-ranging global data privacy issues.