The data protection gloves have finally come off in Europe after GDPR enforcement began last May - the U.K.'s privacy watchdog has proposed large post-breach sanctions against British Airways and Marriott. Consider the tables now turned on firms that fail to properly safeguard personal data.
Britain's privacy watchdog says it plans to fine hotel giant Marriott $125 million under GDPR for security failures tied to a 2014 breach of the guest reservation database for Starwood, which Marriott acquired in 2016. Undiscovered until 2018, the breach exposed 339 million customer records.
Chinese social media companies WeChat Pay and AliPay reportedly will attempt to introduce digital payment services to serve the growing number of smartphone users in India. But can they meet tough regulatory requirements and carve out a piece of the market?
Britain's privacy watchdog has proposed a record-breaking $230 million fine against British Airways for violating the EU's General Data Protection Regulation due to "poor security arrangements" that attackers exploited to steal 500,000 individuals' payment card data and other personal details.
The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically. But what more is needed to mitigate risks?
Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1 TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed. Although the databases have been secured, an investigation is continuing.
Italy's data protection regulator has slapped a $1 million fine on Facebook for mismanaging user data and precipitating the Cambridge Analytica debacle. But that pales by comparison to the the fine that's reportedly still being weighed by the U.S. Federal Trade Commission.
The debate over whether the U.S. government should have the right to force weak crypto on Americans has returned. Here's what hasn't changed since the last time: mathematics and the choice between strong crypto protecting us or weak encryption - aka backdoors - imperiling us all.
The India parliament is considering a new Aadhaar amendment bill that would introduce a host of changes in line with the Supreme Court's decision that Aadhaar cannot be made mandatory for identification and authentication for certain private-sector purposes.
Attackers - likely operating from China - have been surreptitiously hacking into global telecommunications providers' networks to quietly steal metadata and track subscribers - and those with whom they communicate - as part of an ongoing cyber espionage operation, warns security firm Cybereason.
WhatsApp, the messaging service owned by Facebook, says it's ready to launch its digital payment services, WhatsApp Pay, in India following its beta test. But the Supreme Court says WhatsApp first must comply with RBI's data localization requirements.
Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.
The annual Infosecurity Europe conference this year returned to London. Here are visual highlights from the event, which featured over 240 sessions and more than 400 exhibitors, 19,500 attendees and keynotes covering data breaches, darknets, new regulations and more.