Catalin Cimpanu reports:
The Swedish government has exposed sensitive details on
millions of citizens in one of the biggest government screw-ups ever, and the
official responsible for the whole fiasco was fined only half of her’s monthly
salary, which is 70,000 Swedish krona — or around $8,500.
The leak happened in September 2015, when the Swedish
Transport Agency (STA) decided to outsource the management of its database and
other IT services to companies such as IBM in the Czech Republic, and NCR in
Serbia.
Read more on BleepingComputer.
[From the
article:
It was only in March 2016 that the Swedish Secret Service
realized what happened, and started an investigation, warning other government
agencies that unauthorized foreigners were now in control of their IT systems
after the STA had bypassed necessary security checks just to expedited the
transition to the new IT system as they wanted to fire local IT
staff.
According to several Swedish newspapers, the leaked data included:
- Data from all drivers licenses in
Sweden
- Personal details of all persons
in Sweden's witness relocation program
- Personal details of Sweden's
elite military units
- Personal details of Sweden's
fighter pilots
- Personal details of all of
Sweden's pilots and air controllers
- Personal details of all Swedish
citizens in a police register
- Details of all Swedish government
and military vehicles
- Details about Sweden's road and
transportation infrastructure
How do errors like this even happen? Normal procedure would be to look at the
entire dataset and copy selected records to a new file. This looks like, “Give them a copy of the
file. The data they want is probably in
there somewhere.”
Wells Fargo Accidentally Releases Trove of Data on Wealthy
Clients
When a lawyer for Gary Sinderbrand, a former Wells Fargo
employee, subpoenaed the bank as part of a defamation lawsuit against a bank
employee, he and Mr. Sinderbrand expected to
receive a selection of emails and documents related to the case.
But what landed in Mr. Sinderbrand’s hands on July 8 went
far beyond what his lawyer had asked for: Wells Fargo had turned over — by
accident, according to the bank’s lawyer — a vast trove of confidential
information about tens of thousands of the bank’s wealthiest clients.
The 1.4 gigabytes of files that Wells Fargo’s lawyer sent
included copious spreadsheets with customers’ names and Social Security
numbers, paired with financial details like the size of their investment
portfolios and the fees the bank charged them.
… By Mr.
Sinderbrand’s estimate, he has financial information for at least 50,000
individual customers.
… The files were
handed over to Mr. Sinderbrand with no protective orders and no written
confidentiality agreement in place between his lawyers and Wells Fargo’s.
… The disclosure
is a data breach that potentially violates a bevy of state and federal consumer
data privacy laws that limit the release of personally identifiable customer
information to outside parties.
State and
federal regulations also require companies to notify customers when their
information has been improperly released, as Wells Fargo may now do.
… Based on the
fairly narrow subpoena that his lawyer submitted — it sought communications
about Mr. Sinderbrand’s employment and compensation — there was no reason for
the bank to turn over such information, especially without any redactions, Mr.
Sinderbrand said.
Sounds like a “we gotta do something” law.
UK to bring in drone registration
It will affect anyone who owns a drone which weighs more
than 250 grams (8oz).
… There is no time
frame or firm plans as to how the new rules will be enforced and the Department
of Transport admitted that "the nuts and bolts still have to be ironed
out".
… "There will
be people who will simply not be on the system, that's inevitable."
Similar registration rules in the US were successfully
challenged in court in March 2017 and as a result are currently not
applicable to non-commercial flyers.
Dr McKenna said there were also issues around how a
drone's owner could be identified by police and whether personal liability
insurance should also be a legal requirement in the event of an accident.
No comments:
Post a Comment