European Union flag. (Photo: Yanni Koutsomitis, via Flickr/CC)

Europe's Strong GDPR Privacy Rules Go Into Full Effect

Mathew J. Schwartz • May 25, 2018

The EU's General Data Protection Regulation has gone into full effect as of May 25, 2018. After a two-year grace period following the passage of the legislation, member states' data privacy watchdogs are now enforcing the strong privacy rules, which offer worldwide protection for Europeans.

Anti-Malware

Blockchain for Identity Management: Early Examples

Latest

Breach Notification

GDPR Enforcement Begins: Impact on Healthcare, Banking

Nick Holland • May 25, 2018

Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.

General Data Protection Regulation (GDPR)

GDPR a Litmus Test for Cross-Border Privacy Attitudes

Mathew J. Schwartz • May 25, 2018

To judge by the flood of GDPR-themed email hitting inboxes, Europe's privacy law has been designed to ensure that you say "yes" to companies that monetize the buying and selling of your personal details, regardless of whether you remember ever having done business with them before.

ATM Fraud

Police Bust Suspected Fraudsters in Romania and Spain

Mathew J. Schwartz • May 23, 2018

Following 33 arrests, police in Europe say they have dismantled a Romanian-led crime gang that used phishing attacks, online scams and fake invoices to steal more than $9 million from victims in Spain, including individuals as well as organizations ranging from hospitals to government agencies.

General Data Protection Regulation (GDPR)

GDPR: Is Australia Ready?

Jeremy Kirk • May 22, 2018

With enforcement of the EU's GDPR set to begin on May 25, Australian organizations vary in readiness. Steve Ingram of PwC says it's not too late for companies to prepare for GDPR, but it will be too late to ask regulators for forgiveness if something goes wrong.

Cybercrime

DDoS Attacker Receives 15-Year Sentence

Mathew J. Schwartz • May 21, 2018

John Gammell of New Mexico has been sentenced to serve 15 years in prison for launching DDoS attacks against prior employers and business competitors, as well as for being a convicted felon in possession of firearms.

Governance

Websites Still Under Siege After 'Drupalgeddon' Redux

Jeremy Kirk • May 21, 2018

Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.

General Data Protection Regulation (GDPR)

GDPR Compliance for US Healthcare: What You Need to Know

Marianne Kolbasuk McGee • May 21, 2018

Strict HIPAA compliance is a great preparation for compliance with the European Union's General Data Protection Regulation, which will be enforced starting May 25, according to attorneys Robert Stankey and Adam Greene, who provide compliance insights in an in-depth interview.

General Data Protection Regulation (GDPR)

GDPR: The Looming Impact on US Banks

Nick Holland • May 21, 2018

The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.

Data Breach

Respiratory Services Provider Lincare Settles Breach Case

Marianne Kolbasuk McGee • May 18, 2018

Respiratory care provider Lincare Inc. has signed an $875,000 settlement of a class action lawsuit brought by current and former employees in the wake of a 2017 breach involving a business email compromise scam. The company was previously fined by federal regulators after another breach.

Cybercrime

Nonstop Breaches Fuel Spike in Synthetic Identity Fraud

Mathew J. Schwartz • May 18, 2018

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

Cybercrime

Health Data Breach Tally: The Latest Additions

Marianne Kolbasuk McGee • May 17, 2018

The number of health data breach victims added to the official federal tally so far in 2018 has doubled in recent weeks to more than 2 million. The largest breach of the year so far involved a break-in at a California government office.

Authentication

DHS Issues More Medical Device Cybersecurity Alerts

Marianne Kolbasuk McGee • May 16, 2018

The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems.