Data breaches (UK)

 data breaches, incidents, Misc  No Responses »
May 292016
 

I’ve collected some sites/links on data breaches. Some are listed under ‘DataHub’ on the menus on the right columns of this site.

On my ToDo lists is an item to ‘somehow create/use visualisation tools’ to extract and represent the data breaches in the UK that have been reported in the press or elsewhere.

Here’re more links on data breaches (in no particular ordering) in the UK, including other notable data incidents (some requiring registration/account login):

All of UK’s major banks and lenders have reported data breaches in the past two years – FOI request finds that 791 incidents reported to the ICO by financial services firms since 2013

Ecuadorian bank cyber thieves used HSBC accounts in Hong Kong

London NHS trust fined for HIV newsletter data breach

UK charity CALM hacked in ‘senseless’ attack

UK charity gets hacked twice in ‘motiveless’ attack

Scottish charity reports data loss due to unencrypted USB sticks

Data losses on USB sticks – it’s raining again

Third ICO fine in a week after sensitive information widely distributed by webmail

ICO fines Scottish council

Nationwide fined £1m over laptop theft security breach

More than 170 law firms investigated by ICO over data breaches in 2014

The UK’s 11 most infamous data breaches 2015:

Nationwide Building Society (2006) -
Nationwide fine for stolen laptop

HM Revenue & Customs (2007) –
Another bad day for the database guys

HM Revenue & Customs Child Benefit Office (2008) -

Child benefit data loss: timeline of scandal

IPCC publishes report into missing HMRC data CDs (full version)

Sony PlayStation Network (2011) -
Sony admits huge PlayStation Network data breach

NHS Trust in Brighton (2012) –
NHS Trust receives largest ever data breach fine

Morrison’s supermarket (2014) -
Morrisons supermarket suffers major pay-roll data breach after insider attack

Staffordshire University (2014) -
Staffordshire University stolen laptop had student contacts details

Mumsnet (2014) -
Mumsnet falls to Heartbleed hackers as 1.5 million users reset passwords

Think W3 Limited (2014) -
Online travel services company exposes more than a million customer records to malicious hacker

Moonpig (2015) -
Moonpig Android app flaw puts THREE MILLION accounts at risk

TalkTalk (2014/2015) – various news:
TalkTalk hack: What to do if hackers have your data

TalkTalk: Hacked telecoms giant refusing to let customers leave without paying fees

TalkTalk profits halve after cyber attack

TalkTalk lost more than 100,000 customers after cyber attack

TalkTalk chief signals change after cyber attack

 Posted by on May 29, 2016 at 1:08 pm

‘Non-fiction’ privacy books

 Misc  No Responses »
May 242016
 

Interesting listing of books with titles on privacy, security, secrecy, surveillance, and more on this privacyandsecurityforum websites.
Wondering whether the books are indeed ‘non-fiction’.

I am looking for books written by non-US authors or written by US authors but from non-US ‘non-fiction’ accounts/compilations.

 Posted by on May 24, 2016 at 3:04 am  Tagged with:

incident response

 Misc  No Responses »
Apr 022016
 

Latest report from ENISA on incident response and cyber crisis cooperation:
Strategies for incident response and cyber crisis cooperation

cyber crisis cooperation – ccc – a new acronym?

On processes and procedures:
Another aspect that is strongly connected to the human factor in the course of incident response is the
available processes and procedures. A clear, concise, well-documented incident response plan must be in
place that complies with the existing policy framework at organisational level as well as national level.
Overcomplicated response plans will delay the effectiveness of incident response and escalation
procedures. If policies are loose, the incident response team may lack autonomy to act responsibly. It is
vital that the personnel are available for the processes and procedures related to incident response. It is
just as vital that the constituents of the national and governmental CSIRTs are also aware of their parts in
the process of managing an incident.

 Posted by on April 2, 2016 at 1:37 am

Information security & ethics

 2016, Misc  No Responses »
Mar 032016
 

an epic collection of articles on ‘information security & ethics’ upto 2008

Having scanned the titles in all 6 volumes, it’s reassuring to know that my research theme is still researchable.

Really goes to show that in this so-called age of ‘digitalisation’, folks still print large volumes of books. One can only guess that this is to avoid articles to be freely released ‘digitally’.
Makes economic sense for publishers but not for researchers.

Have to come up with an imaginative title for my Thesis – in due course.

 Posted by on March 3, 2016 at 5:46 pm

Data Privacy Day 28th January 2016 celebration

 2016, Misc, Month-by-month, Update  No Responses »
Jan 262016
 

My 2016 started off with issues dealing with my personal electronics gadgets – iPhone 4s and my MacBook Pro. iPhone 4s issues still unresolved as Three Mobile is unable and unwilling to sort my ‘blocked’ iPhone 4s.

Two good news…

Just sorted out my MacBook Pro yesterday, and luckily my research ‘data’ was recovered intact from my external hard disk and also from Dropbox.

Data Privacy Day event at City! Together with a City colleague, Dr David Haynes, we got our planned event into the City news page;

http://www.city.ac.uk/news/2016/jan/data-privacy-day-discussion

Headlines and content extracted and posted here;

City experts to discuss data privacy

The European Union (EU) General Data Protection Regulation (GDPR) and the recent European Court of Human Rights (ECHR) judgement are among several issues to be addressed by data privacy researchers.
The latest European Union (EU) General Data Protection Regulation (GDPR) and the recent European Court of Human Rights (ECHR) judgement are among several issues which will be discussed by City University London researchers on Data Privacy Day, 28th January 2016. The event will take place in Room AG07a from Noon to 1pm.

The wording of the General Data Protection Regulation (GDPR) was agreed in December 2015.

The new Regulation began life as a draft document in 2012 and after being debated in the European Parliament and a trilogue between the three EU institutions (the European Council, the European Commission and the European Parliament) the final wording has been agreed. The GDPR will take effect from 2018 and strengthens the protection offered to individuals within the EU.

Among its new provisions are:

1. Better control of personal data by individuals.

2. Better access by individuals to their own data.

3. Data portability.

4. The right to be forgotten.

5. The right to know about serious data breaches.

Following active lobbying the new Regulation also aims to be more business-friendly by cutting out the red tape. SMEs that handle personal data (such as employee records) will no longer be required to register with the data protection authorities, so long as processing personal data is not their main business. Unlike the current Data Protection Directive, the new Regulation will automatically apply across all EU states – it does not have to be passed into national law, such as the UK’s Data Protection Act 1998. Businesses working across Europe will only have to deal with one authority, rather than the regulatory body in each state that it operates in.

A recent judgement by the European Court of Human Rights (ECHR) has highlighted some of these issues by ruling that employers are entitled to monitor employee communications when they are using the Internet during work hours. A Romanian worker sacked in 2007 for use of personal e-mail during work hours had appealed against a ruling by the Romanian courts that upheld his dismissal.

However the ECHR upheld a ruling by the Romanian Court, stating that it was not ‘unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours’. This raises important issues for employees throughout the EU.

Definition Data Privacy Day
Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the 28th January 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on 28th January.

Systematic Literature Review

 How To, Misc, Month-by-month  No Responses »
Nov 202015
 

I only seriously took an interest in the Systematic Literature Review (SLR) method this summer – yup! only this summer. I was too busy reading and exploring interesting Chinese wuxing stuff with the view to do research on this subject matter.

As highlighted in my October post, I had to change my topic.

Now, I’m following the suggested steps outlined in the SLR to get to the TRUTH of whatever I’m conducting for my research, and off course to define/describe that ever elusive research question.

I’m following the normal route of conducting a piece of ‘academic’ PhD research, instead of following my heart to embark on digging deep into something as ancient and profound as in the Chinese wuxing. Perhaps one day I will get to do this topic.

I realised after my presentation (yesterday) to my supervisors on my new topic and motivation, that I’ve lost my motivation in coming up with a new topic to continue with my research.

I’m in deep trouble – as posted under reflection day – not on my research question, really…the trouble is my motivation behind doing a PhD. I just need to motivate myself, and come up with something the general public, researchers and my supervisors will also be motivated or interested in the chosen topic. This is what I now realised is what constitutes ‘academic’ ( unlike ‘professional’) PhD research, i.e. a research path not following one’s dream or one’s own madness into the deep unknown, just do what researchers have done but add a bit more or extend it somehow, and most importantly it is a ‘safe’ topic.

I was approached yesterday by my University Library staff to join a case study project, and one question is around advice for other researchers. My answer : ‘Have good supervisors and have perseverance’.

Perhaps I should also add – have luck in finding and working with supervisors who are kind, supportive and open minded to stretch boundaries with you on your dream PhD journey.

Reflection Day

 Misc  1 Response »
Nov 202015
 

Today is my day for deep reflection on things and events that have happened since I started on my PhD journey on 1st October 2013. Time has stood still in many ways for me…

If anyone do browse this supposedly private blog, did you notice the word ‘deep’?

I’ve heard of the expression; ‘you’re/I’m in deep trouble’. Lately, I noticed the word ‘deep’ has been used in the context of research and also in industry as in: ‘deep AI’, ‘deep analytics’, and also the ‘dark deep web’. I’m sure ‘deep’ (noun, adj) can be used in many ways in various context as well.

How does one reflect in mind-body-spirit the deep and rich tapestry of living in the now, in the concept of space and time?

That sure will be an unsolvable PhD research question, ‘sure’ as in mathematically 100% surely unsolvable.

My deep reflection takes me back to my current situation – I’m in deep trouble with my PhD research question :-) .

I also realised that I work best or deliver optimally or creatively when I’m left alone (into deep space and time) to get on with it – so to speak.

Well…when I do emerge out from the deep, things or events have stood still. When I’m in the ‘deep’ nothing else matters, just finding the way into the deep is the first challenging step.

Shifting in and out from the deep and back into the wider world of chaos, and joining a webinar soon…
Perhaps I should say ‘deepinar’ ?!

 Older Entries  Newer Entries