Rise in settlements in 2019 included those paid to departing tech security staff shortly before major breach

The Bank of England paid departing staff almost £3m in “golden goodbyes” over 15 months, at the same time as an exodus of workers from its information security team.

Settlement payments to former staff surged to £2.3m in 2019, according to data provided to the Guardian under freedom of information laws. The Bank confirmed that former information security staff received some of the payments.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/33NFLhL
via IFTTT

Russian cybercrime gang is believed to be responsible for taking Garmin services offline

A ransomware attack that took the GPS and smartwatch business Garmin entirely offline for more than three days is believed to have been carried out by a Russian cybercriminal gang which calls itself “Evil Corp”.

Garmin began to restore services to customers on Monday morning, after being held hostage for a reported ransom of $10m, although some services were still operating with limited functionality.

Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin.

Related: Garmin down: how to still get your activities on to Strava

Continue reading…

from Data and computer security | The Guardian https://ift.tt/39xxRJU
via IFTTT

US company forced to shut down call centres, website and some other online services

Garmin has been forced to shut down its call centres, website and some other online services after a ransomware attack that encrypted the smartwatch maker’s internal network and some production systems.

The US company shut down services including the official Garmin.com site and all customer services, including phone lines, online chat and email.

Related: The five: ransomware attacks

Continue reading…

from Data and computer security | The Guardian https://ift.tt/2WRd9jo
via IFTTT

NSO Group was sued last year by messaging app owned by Facebook

• Who has been using spyware on Catalan independence campaigners?

An Israeli company whose spyware has been used to target journalists in India, politicians in Spain, and human rights activists in Morocco may soon be forced to divulge information about its government clients and practices after a judge in California ruled that a lawsuit against the company could proceed.

NSO Group was sued by WhatsApp, which is owned by Facebook, last year, after the popular messaging app accused the company of sending malware to 1,400 of its users over a two-week period and targeting their mobile phones.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/2OBWhs6
via IFTTT

Exclusive: Pablo Iglesias calls alleged targeting of independence movement figures unacceptable

The Spanish deputy prime minister, Pablo Iglesias, has become the most senior political figure to call for a parliamentary investigation into the use of spyware to target prominent members of the Catalan independence movement, saying such practices are “unacceptable in a democracy”.

A joint investigation this week by the Guardian and El País has revealed that Roger Torrent, the speaker of the Catalan parliament, and former regional foreign minister Ernest Maragall are among at least four pro-independence activists who have been targeted using Israeli spyware that its makers said is sold only to governments.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/2OtSwov
via IFTTT

Australian students who have raised privacy concerns describe the incident involving a Canadian student as ‘freakishly disrespectful’

The chief executive of an exam monitoring software firm that has raised privacy concerns in Australia has apologised for publicly posting a student’s chat logs during an argument on the website Reddit.

Mike Olsen, who is the CEO of the US-based Proctorio, has since deleted the posts and apologised, saying that he and Proctorio “take privacy very seriously”.

Related: Coalition’s university fee overhaul accused of being an ‘attack on women’

Related: Dan Tehan’s threat to police university enrolments can’t plug the holes in the Coalition’s logic

Continue reading…

from Data and computer security | The Guardian https://ift.tt/38kM5NY
via IFTTT

The airline has said the personal information of 9 million customers has been compromised
• EasyJet reveals cyber-attack exposed 9m customers’ details

EasyJet revealed on Tuesday it had suffered a “highly sophisticated” cyber-attack. It comes at a time of heightened concern about a surge in online and phone scams linked to the coronavirus pandemic.

Related: EasyJet reveals cyber-attack exposed 9m customers’ details

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3bNej3T
via IFTTT

Airline apologises after credit card details of about 2,200 passengers were stolen

EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.

The company on Tuesday disclosed that email addresses and travel details were accessed and said it will contact all of the customers affected.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/36deLXT
via IFTTT

‘Sophisticated’ identity theft attack leads to Australian Tax Office stopping early super withdrawals until Monday

• Sign up for Guardian Australia’s daily coronavirus email
• Download the free Guardian app to get the most important news notifications

Allegations of identity theft involving 150 Australians have forced the government to pause the early release of superannuation, after police froze $120,000 believed to have been ripped off from retirement savings.

On Friday the assistant treasurer, Michael Sukkar, announced the Australian Tax Office would pause requests for early access of superannuation until Monday “out of an abundance of caution” to consider further anti-fraud protection.

Related: Under-40s twice as likely to access their super early under coronavirus scheme, survey finds

Related: Should I access my super early during the coronavirus? Here’s how it will impact your money

Continue reading…

from Data and computer security | The Guardian https://ift.tt/2WzwJ2E
via IFTTT

Smartphones can be used to digitally trace Covid-19. But not if the public don’t download an app over privacy fears – or find it won’t work on their device

The idea of the NHS tracing app is to enable smartphones to track users and tell them whether they interacted with someone who had Covid-19. Yet this will work only if large proportions of the population download the app. No matter how smart a solution may appear, mass consent is required. That will not be easy. Ministers and officials have failed to address the trade-offs between health and privacy by being ambiguous about the app’s safeguards.

Instead of offering cast-iron guarantees about the length of time for which data would be held; who can access it; and the level of anonymity afforded, we have had opacity and obfuscation. It is true that we are dealing with uncertainties. But without absolute clarity about privacy the public is unlikely to take up the app with the appropriate gusto.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/35GMXLh
via IFTTT