Our pick of the past week’s data privacy news stories…
Outsourcing firm Serco has apologised after accidentally sharing the email addresses of almost 300 contact tracers. The company is training staff to trace cases of Covid-19 for the UK government.
It made the error when it emailed new trainees to tell them about training.
Serco said it had apologised and would review its processes “to make sure that this does not happen again”.
Serco is one of the companies hiring, training and operating the 15,000 contact tracers who do not have clinical training.
But the mistake may leave the firm in breach of data protection rules. It is understood that at least one member of staff has raised the issue with the Information Commissioner.
Source & full story: BBC News
Once again, Facebook is coughing up for another fine. This time the social network giant has been ordered to hand over CAD$9 million (US$6.5 million / £5.3 million) to Canada as part of a settlement over the way it handled users’ personal information between August 2012 and June 2018.
According to Canada’s independent Competition Bureau, Facebook “made false or misleading claims about the privacy of Canadians’ personal information on Facebook and Messenger” and improperly shared data with third-party developers.
In a statement to Reuters, Facebook said it “did not agree” with the finding, but wanted to resolve the matter quickly.
Source & full story: Engadget
Wide-ranging security flaws have been flagged in the Covid-19 contact-tracing app being piloted in the Isle of Wight.
The security researchers involved have warned the problems pose risks to users’ privacy and could be abused to prevent contagion alerts being sent.
GCHQ’s National Cyber Security Centre (NCSC) told the BBC it was already aware of most of the issues raised and is in the process of addressing them.
The researchers have suggested that the NHS considers shifting from its current “centralised” model – where contact-matching happens on a computer server – to a “decentralised” version – where the matching instead happens on people’s phones.
Thinking Cybersecurity chief executive Dr Vanessa Teague said:
There can still be bugs and security vulnerabilities in either the decentralised or the centralised models, …But the big difference is that a decentralised solution wouldn’t have a central server with the recent face-to-face contacts of every infected person. …So there’s a much lower risk of that database being leaked or abused.
Meanwhile, Harriet Harman, who chairs the Parliament’s Human Rights Committee, announced she was seeking permission to introduce a private member’s bill to limit who could use data gathered by the app and how and create a watchdog to deal with related complaints from the public.
Source & full story: BBC News
At least a dozen supercomputers across Europe have shut down after cyber-attacks tried to take control of them.
A pan-European supercomputing group says they seem to have tried to use the machines to mine cryptocurrency.
“A security exploitation” disabled access to the Archer supercomputer, at the University of Edinburgh, on 11 May.
Staff said they were working with the National Cyber Security Centre to restore the system, which had recently installed a pandemic modelling tool.
“We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe,” the team said.
The NCSC said: “We are aware of this incident and are providing support.
Source & full story: BBC News via Yahoo News
A US cyber-security firm has announced plans to establish a centre in Northern Ireland.
Boston-based Cygilant is creating 65 new jobs at the site in Belfast city centre. It will provide security monitoring services to approximately 200 customers.
More than 20 of the jobs that have been announced are already in place, with staff working from home.
Cyber-security is a growing sector in Northern Ireland with the executive aiming to have 5,000 people working in the industry by 2030.
Source & full story: BBC News
EasyJet has admitted that a “highly sophisticated cyber-attack” has affected approximately nine million customers. It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details “accessed”.
The firm has informed the UK’s Information Commissioner’s Office while it investigates the breach.
EasyJet first became aware of the attack in January. It told the BBC that it was only able to notify customers whose credit card details were stolen in early April.
A spokesperson for Easyjet said:
This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted, …We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed.
Source & full story: BBC News
They’re exploiting the fear, uncertainty and doubt people are experiencing during the pandemic, and using the anxiety and desperation to get people to buy things or click on things they wouldn’t have otherwise
So says Morgan Wright, a former senior adviser to the US Department of State anti-terrorism assistance programme.
He’s talking about the scammers and criminals that inhabit the “dark web” who have found a new angle – anxiety over Covid-19.
Mr Wright, who is now chief security adviser at security software company SentinelOne, used to teach behavioural analysts at the US National Security Agency (NSA) about the exploitation of human behaviour.
He is now seeing some of those techniques being used on the dark web, an encrypted part of the internet that can be accessed using popular networks such as Tor.
Criminals hope a heightened sense of fear will make people rush to buy these products, and as a result these items are not cheap; an Australian Institute of Criminology report found the average fake vaccine was being sold for about $370 (£300), while one supposedly sourced from China was selling for between $10-15,000 (£8-12,000).
Source & full story: CentralWorldNews
It is a country that saw an early surge in coronavirus infections – and then used a mass of surveillance data to track anyone who might have come into contact with the virus.
Back in late February, South Korea was battling the worst coronavirus outbreak outside China, with thousands of cases involving members of a church in the city of Daegu.
But now, despite a recent flare-up linked to a nightclub, the virus seems to be under control. The death toll in this country of 52 million people stands at 260, while in the UK nearly 34,000 people have died out of a population of 67 million.
So what has been the government’s main weapon against the virus? In a word, data – a mass of information about the movements of its citizens.
Justin Fendos, professor of cell biology at Dongseo University in the South Korean city of Busan, tells Tech Tent about the scale of the operation to track the infection.
They have taken information methods that are normally used by law enforcement to catch tax evaders or to track criminals, and they’ve repurposed those for public health use.
Source & full story: Yahoo News