Our selection of this week’s data privacy news stories…
-
Cyber-Spies Hunt For Covid-19 Research
Hackers from foreign states have been hunting for information, including Covid-19 data and vaccine research, according to a joint warning issued by the US and UK.
The perpetrators have not been named in the alert but are thought to include China, Russia and Iran. The three countries have all suffered major outbreaks of Coronavirus but have denied claims of any involvement in such activities.
UK sources say they have seen extensive activity. However, it is not thought that any data has been stolen so far.
The joint advisory says the UK and US are currently investigating a number of incidents in which other states are targeting pharmaceutical companies, medical-research organisations, and universities, looking for intelligence and sensitive data, including research on the virus.
Source & full story: BBC News
-
UK Contact-Tracing App Could Violate Privacy Law
A UK parliamentary committee has told the British government that the NHS contact-tracing app must not be introduced across the nation until privacy and data protections have been strengthened, following warnings from rights groups that the current trial is unlawful under the Data Protection Act.
The joint committee on human rights said on Thursday it was essential legislation was enacted to ensure the mass surveillance of personal data did not result in a violation before the trial was expanded.
Its report was published following a legal letter from the Open Rights Group warning of “heightened and urgent concerns” that the government had failed to follow laws requiring it to submit an assessment of the risks to the information commissioners office.
Harriet Harman, the chair of the joint committee on human rights, said :
The contact-tracing app involves unprecedented data gathering. There must be robust legal protection for individuals about what that data will be used for, who will have access to it and how it will be safeguarded from hacking.
Source & full story: The Guardian
-
Covid-19: Scam Sites Selling Masks And ‘Cures’ Shut Down
Huge numbers of people have so far reported more than 160,000 suspicious emails to a new scam-busting service, resulting in 300 websites being taken down.
The Suspicious Email Reporting Service was set up two weeks ago by the UK’s National Cyber Security Centre (NCSC).
Many of the scam websites claimed to sell face masks and coronavirus tests — even vaccines — while others were imitations of official government websites designed to trick visitors into submitting their payment card information to the scammers.
Ciaran Martin, CEO at the NCSC praised the “phenomenal response” from the British public, saying:
While cyber-criminals continue to prey on people’s fears, the number of scams we have removed in such a short timeframe shows what a vital role the public can play in fighting back,
Source & full story: BBC News
-
Australian Home Affairs Department Blasted For Data Breach
Privacy experts have blasted Australia’s home affairs department for a data breach revealing personal information concerning 774,000 migrants and people aspiring to migrate to the country.
The department’s SkillsSelect platform, which is hosted by the employment department, invites skilled workers and business people to express their interest in migrating to Australia.
Expressions of interest are stored for two years and displayed on a publicly available app, advertised on the home affairs website, allowing them to receive invitations for skilled work visas.
Expressions of interest are stored for two years and displayed on a publicly available app, advertised on the home affairs website, allowing them to receive invitations for skilled work visas. Other information available includes the applicants’ birth country, age, qualifications, marital status and the outcome of the applications.
Monique Mann, an Australian Privacy Foundation board member, told Guardian Australia:
[the breach was] very serious … especially at a time where the Australian government is expecting trust.
Source & full story: The Guardian
-
Email Scam Tricks EE Users intoDisclosing Payment Details
Customers of British mobile network operator EE have been warned to take extra care with messages they receive from the company following the discovery of a dangerous new phishing threat.
Security researchers have uncovered a new spear-phishing campaign that spoofs messages from the UK’s largest mobile phone network, to try and steal personal information.
The emails detected by the Cofense Phishing Center used official EE imagery, luring victims with the subject line “View Bill -Error”. The message within reported there has been an issue with the customer’s payment, urging them to update their details with EE.
The campaign appears to largely target the login and payment details of corporate executives, which could give hackers access to lucrative business networks.
Source & full story: TechRadar
Got a story that should be told? Let us know
If you liked the news stories on this page, check out our Premium Privacy Insights for informative articles on wide-ranging global data privacy issues.