Irish! data! police! are! preparing! to! whack! Yahoo! over! that! hack!

Er, wait, which hack? We've lost track...


Yahoo! is set to get a spanking under European Union data protection laws for the biggest of the many megabreaches it copped to last year.

The Irish data protection commissioner has stated that a probe by the office into Yahoo!'s megabreach of 2014 – the one in which more than a billion user accounts were affected – has almost concluded; and when it does it will recognise the European unit's culpability for the incident, and as such will be applying "remedial action", likely to be a monetary penalty.

According to Bloomberg, which interviewed the Irish DPC herself, Helen Dixon, Yahoo! said it "has been co-operating with the Commissioner's Office on its investigation and will closely review the findings when available".

Dixon said her office was "of the view that [the breach] could have been detected sooner and the risks mitigated sooner" before adding that the probe was "at the point of concluding" and the office will "impose remedial action where the findings need us to do that".

Of course, whatever those findings are, from May next year the pain that comes with that remedial action could be much more severe. Under the EU's new General Data Protection Regulations, companies found in breach of European privacy laws could face fines as significant as 4 per cent of their global annual turnover.

For companies like Facebook and Apple, this will mean dealing with Dixon, whose Irish office is the European lead on their compliance with EU data regulations.

Dixon was also quoted as stating that she wouldn't be shy of making full use of the new GDPR sanctions. "Clearly, talking about fines of 20 million or 4 per cent of global turnover, we could anticipate they're not going to be everyday type fines," she told Bloomberg. "But there are going to be cases where there simply are mass-scale breaches that have significant effects on millions of users. The only way to start driving a better compliance culture is to have those types of enforcement tools in our toolkit." ®

Narrower topics


Other stories you might like

  • Elasticsearch server with no password or encryption leaks a million records
    POS and online ordering vendor StoreHub offered free Asian info takeaways

    Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.

    Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte.

    StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Millions of people's info stolen from MGM Resorts dumped on Telegram for free
    Meanwhile, Twitter coughs up $150m after using account security contact details for advertising

    Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.

    The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they "assume at least 30 million people had some of their data leaked." MGM Resorts, a hotel and casino chain, did not respond to The Register's request for comment.

    The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter's Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums.

    Continue reading

Biting the hand that feeds IT © 1998–2022