WEEK OF SEPTEMBER 13, 2022
Samsung is facing a class action suit over a recent data breach
- The company is accused of failing to fulfill its obligations as a data collector.
- An unauthorized third party managed to access and steal customer information from the company’s U.S. systems, including names, birthdays, contact information, and product registration information.
- The complaint, which was filed at the U.S. District Court for Nevada, alleges that Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner. Over 3,000 customers were affected by the breach, including the plaintiff, Shelby Harmer.
Irish regulators fine Instagram 405 million euros for data breach
- The penalty is the second-biggest issued under the European Union’s stringent privacy rules.
- The Irish watchdog’s investigation centered on how Instagram exposed the personal details of users ages 13 to 17, including email addresses and phone numbers. The minimum age for Instagram users is 13.
- Under the EU’s data privacy rules, the Irish watchdog is the lead regulator for many U.S. tech companies with European headquarters in Dublin.
IRS says it exposed some confidential taxpayer data on website
- Tax agency says error led to posting about some taxpayers with IRAs.
- The data are from Form 990-T, which is often required for people with individual retirement accounts who earn certain types of business income within those retirement plans. That typically includes people whose IRAs are invested in master limited partnerships, real estate or other assets that generate income, not those whose IRAs are solely invested in securities.
- The disclosures included names, contact information and financial information about income within those IRAs. It didn’t include Social Security numbers, full individual income information or other data that could affect a taxpayer’s credit, the Treasury Department determined, according to a letter that the administration is sending to key members of Congress.
Los Angeles schools hit with ransomware attack
- Federal officials are investigating cyber hack affecting the nation’s second-largest school district.
- The Los Angeles Unified School District said the attack was “likely criminal in nature.”
- LAUSD, the school district, didn’t provide details of the cyber breach or specifics of the ransom request, but said there was “significant disruption to our system’s infrastructure,” according to a statement.
Halfords fined for sending nearly 500,000 unwanted marketing emails
- The bike retailer had received complaints over emails about a government voucher scheme that gave people £50 off the cost of repairing a bike.
- Halfords jumped on the scheme to promote free bike assessments in its stores therefore clearly advertising its own services, the Information Commissioner’s Office (ICO) found in its investigation.
- Hundreds of thousands of unsolicited marketing emails were a breach of electronic marketing rules, the ICO concluded.
- Andy Curry, head of investigations at the ICO, said: “It is against the law to send marketing emails or texts to people without their permission. Not only this, it is a violation of their privacy rights as well as being frustrating and downright annoying.
Hackers compromise employee data at PVC-maker Eurocell
- In it, the firm apparently explained that an unauthorized third party accessed its systems. Among the data compromised are: employment terms and conditions; dates of birth; next of kin; bank account, NI and tax reference numbers; right to work documents; health and wellbeing documents, learning and development records; and disciplinary and grievance docs.
- That’s quite a trove for possible fraudsters to leverage in subsequent phishing or even extortion campaigns.
- Eurocell has apparently indicated that there’s no evidence of the data being misused, but that will be of little comfort to those affected.