The European Parliament’s headache over a major human resources data breach earlier this year just won’t fade. Austria-based digital rights group noyb on Thursday said it had filed two complaints against the European Union institution for infringing the bloc’s flagship privacy law, the General Data Protection Regulation (GDPR), over a data breach discovered before the summer.
In June, Parliament notified up to 9,000 staffers that it had suffered a data breach of its recruitment application PEOPLE, which contained staffers’ ID details, birth certificates, employment history, medical records, marriage certificates — which revealed sexual orientation — and proof of work dating back 10 years.
Read more…
Source: Politico Europe
Related:
- Hackers threaten to release ‘huge volume’ of stolen NHS Scotland data
March 27, 2024
A cybercrime group has claimed it will release a large volume of NHS Scotland data stolen during a sustained hacking attack. INC Ransom, an extortion operation, has posted a message on its dark web blog, threatening to release three terabytes – which equates to 3,000 gigabytes – of stolen health service patient and staff data. NHS ...
- Chinese hackers targeted UK’s Electoral Commission and politicians, say security services
March 25, 2024
Chinese state-backed hackers were responsible for two “malicious” digital campaigns targeting the UK’s democratic institutions and politicians, the security services have found. The UK holds China responsible for a prolonged cyber-attack on the Electoral Commission during which Beijing allegedly accessed the personal details of about 40 million voters. Two individuals and a front company linked to ...
- High Court order will deliver ‘swift management’ of compensation claims by those affected by PSNI data breach
March 24, 2024
Claims by officers and civilian staff following a major PSNI data breach will be managed in a “swift” manner following a High Court order being granted, it has been suggested. Following the granting of a Group Litigation Order (GLO), thousands of claims by those impacted by last year’s data breach can now be dealt with, the ...
- APT29 Uses WINELOADER to Target German Political Parties
March 22, 2024
In late February 2024, Mandiant identified APT29 — a Russian Federation backed threat group linked by multiple governments to Russia’s Foreign Intelligence Service (SVR) — conducting a phishing campaign targeting German political parties. Consistent with APT29 operations extending back to 2021, this operation leveraged APT29’s mainstay first-stage payload ROOTSAW (aka EnvyScout) to deliver a new backdoor ...
- Air Europa says customer data may have been compromised in October breach
March 22, 2024
Spanish airline Air Europa said on Friday personal data of its customers may have been compromised in a security incident that was detected in October last year. The company’s investigation showed that name, ID card or passport details, date of birth, telephone number, email address and nationality details could have been leaked, Air Europa told its ...
- UK: ‘Mass surveillance’ fears over law change plans
March 22, 2024
The UK tech industry has deep concerns over government plans to amend a law dubbed a “snooper’s charter”. Ministers insist their changes to the Investigatory Powers Act is intended to keep UK citizens safe. But, in a statement, trade body techUK said the changes were neither balanced nor proportionate. It warns that citizens’ privacy, security and safety ...