Spanish DPA fines company due to lack of information about compromised personal data after Brute Force Attack / inadequate Risk Assessment --> € 360'000 The Spanish #data protection authority investigated a report of a #security incident at 4FINANCE SPAIN FINANCIAL SERVICES (VIVUS). In the incident, personal data of the company's customers had been compromised by means of a Bruce Force attack. The #dataprotection officer of VIVUS considered the potential #risk to be too low to have to inform those affected. The AEPD instructed 4FINANCE SPAIN FINANCIAL SERVICES to do so. In addition, there were several complaints from private individuals indicating that there had been cases of identity theft in connection with the incident. The AEPD's investigation revealed that the risk assessment carried out by 4FINANCE SPAIN FINANCIAL SERVICES on its #web portal considered the risk to be significantly too low. There was no assessment of the risk for those affected by the specific security incident. The original fine of EUR 600,000, consisting of two penalties of EUR 200,000 (Art. 5 i f GDPR) and EUR 400,000 (Art 32 GDPR) respectively, was reduced to EUR 360,000 due to voluntary payment and admission of guilt. #gdpr #compliance
Jimmy Orucevic’s Post
More Relevant Posts
-
The consequences of delayed data breach notification can be severe and far-reaching. Not only can it cause financial damages for the victims, but it can also result in larger fines and penalties for the organization. Slow responses can lead to a loss of customer trust and reputational damage. Moreover, it can disrupt business operations, taking time and resources away from normal activities. Prompt and transparent communication is essential to mitigate these risks. Regulatory bodies like the GDPR and NYDFS impose strict deadlines for breach notification, often within 72 hours. Failing to meet these deadlines can result in significant fines, sometimes up to 4% of global annual revenue. Data breaches that result in identity theft can cause over $1,000 in financial damages per victim on average, and the longer the notification is delayed, the more time criminals have to exploit the stolen data. Delayed notification leaves individuals vulnerable for a longer period, making it important to mitigate risks promptly. In summary, timely and transparent communication is crucial to minimize the financial, legal, reputational, and operational consequences of a data breach. #databreach #privacy #personaldata #gdpr #notifications #ccpa #pipeda
To view or add a comment, sign in
-
-
Did you know that Gov.UK has passed new laws to fight corruption, money laundering and #fraud with heavy penalties for professional services firms that do not comply? Lord Chancellor, Alex Chalk comments "Verification checks will assess the identities of people setting up and managing companies, stopping criminals hiding behind false names or registering companies with fictional characters. This will help prevent fraudulent appointments and avoid people involved in money laundering hiding behind false names." So knowing who's behind the signature and detecting fraud has become a priority for many organisations who rely upon signing and exchanging important and time critical documents, contracts and forms online. Here's a checklist to ensure that your legal firm is using an electronic signature creation and detection software that can be trusted: Is your tech provider certified to meet the requirements of the UK Digital Identity and Attributes Trust Framework (UK-IDSP)? Does your document signing and & eWitnessing platform include the following?: *Contract Finalisation Controls *Dashboard with Case Review *Digitally Signed PDF Delivery *Compliant Audit Reports Plus – Access to Additional KYC Services: *Qualified Electronic Signature Certificates *Automated Address & Credentials Checks *AML Fraud and PEP's & Sanctions Reports *eWitnessing & Deed Stamping *Bank and Proof of Funds Check *Payments on Account If you want to know who really is behind the signature, get in touch with us today. #legal #legalsector #idverification
To view or add a comment, sign in
-
-
A recent report by global analytics company SAS found that fraud costs the UK government up to £53 billion (US$ 64.5 billion), amounting to around 6.4% of public money per year. And as government transactions become more digitalised, malicious actors are finding ever more innovative ways to exploit digital services and defraud governments in the process. #sas #riskmanagement #fraud #analytics #realtime #discovery https://lnkd.in/gQSkqd8c
To view or add a comment, sign in
-
The Nigerian Data Protection Commission (NDPC) is actively investigating nine organizations for potential data regulation breaches, as reported by The Guardian. The probe comes as part of the commission's efforts to enforce data protection laws and ensure businesses comply with the necessary regulations. With the increasing use of personal data in various industries, the NDPC's scrutiny aims to protect individuals' privacy and maintain data security standards. This investigation sends a strong message to organizations operating in Nigeria about the importance of safeguarding customer data and adhering to data protection guidelines. https://lnkd.in/gcgM22cy #NDPC #DataProtection #DataRegulation #DataBreaches #Privacy #DataSecurity #Nigeria #DataCompliance #DataPrivacy #TheGuardian #UnderstandingEnterpriseTech #EnterpriseTechnologyNow #EnterpriseTechnologyToday
NDPC probes nine organisations for data regulation breaches | The Guardian Nigeria News - Nigeria and World News
guardian.ng
To view or add a comment, sign in
-
data breach under IT Act 2000. dpdp is not effective as of now but section 43A of IT Act shall apply if breach causes due to failure of security measures. Section 43A of the Information Technology Act, 2000, pertains to the **compensation for failure to protect data**. It applies to 'body corporates' that handle sensitive personal data or information in a computer resource they own, control, or operate. If such a body corporate is negligent in implementing and maintaining reasonable security practices and procedures, and this negligence causes wrongful loss or wrongful gain to any person, then the body corporate is liable to pay damages by way of compensation to the person so affected. **Example**: Imagine a financial services company that stores customers' personal and financial information. If the company fails to secure its database and a security breach occurs leading to unauthorized access and theft of personal data, the company would be responsible for the breach. If the affected individuals suffer financial losses due to identity theft or fraud as a result of this breach, the company would be liable to compensate them for the monetary loss incurred. *Monetary loss* in this context refers to the quantifiable financial damage suffered by individuals due to the body corporate's failure to protect their sensitive personal data. This could include direct financial losses from theft or fraud, as well as costs incurred in rectifying the damage, such as legal fees or expenses related to credit monitoring services. #itact #databreach #boatdataleak #boat #Data #gdpr #dpdp #dataprotectionofficer #dpo
To view or add a comment, sign in
-
The data subject, who is a customer of a data controller providing telecommunications services, received e-mails from two different banks regarding attempts to access his accounts and suspicious transactions. When the data subject contacted the controller, he was informed that a copy of his SIM card had been made and that such messages may have been received as a result of fraudulent activity using that copy. The data subject then lodged a complaint with the Spanish Data Protection Authority ("Authority"). The data controller stated that the copying occurs at the data processors responsible for the distribution of its products and services and that the copying could only be made by the line owner. The Authority emphasized that the controller has a network of agents acting as data processors for the provision of other services, including the duplication of SIM cards, but it remains as the controller and is responsible for the breaches as it determines the means and purposes of the processing. In this context, the Authority assessed that the controller failed to take adequate technical and organizational measures and, as a result, allowed a third party to gain access to the data subject's personal data through identity theft and imposed a fine of EUR 70,000 on the controller for breach of the GDPR. https://lnkd.in/dyRZigZY #gdpr #spanishdpa #thirdparty #personaldata #SIMcard
AEPD (Spain) - 00636-2022
gdprhub.eu
To view or add a comment, sign in
-
The recent news of the Central Bureau of Investigation (CBI) busting a major module of cyber-enabled crimes targeting foreign nationals is a wake-up call for all of us. These criminal activities involved coercing payments from unsuspecting victims through impersonation of entities such as the US Federal Grant Department, IRS, SSA, CRA, and ATO using VOIP calls. The modus operandi included robo/audio calls impersonating officials from these agencies, leading to victims being coerced into paying fake fees, fines, or penalties. This incident raises serious concerns about the impact of such criminal activities on the reputation of our country. It's disheartening to see that the actions of a few have the potential to tarnish the image of the entire nation. As professionals and citizens, we cannot turn a blind eye to the repercussions of such actions, especially when they affect our fellow countrymen working and studying abroad. It's appalling that these fraudsters not only harm the victims but also put the reputation and safety of our people at risk. It is crucial that the legal authorities, including the courts and the CBI, treat this case as an example for all other like-minded criminals. We must stand together to condemn such behavior and work towards safeguarding the integrity of our nation and its people. Let's use this incident as a catalyst to foster greater awareness and vigilance against cyber-enabled crimes. Our collective efforts can help prevent such shameful acts and uphold the values of honesty and integrity that define us as a nation. #CyberCrime #CBI #FraudPrevention #EthicalConduct #NationalIntegrity #SecurityAwareness #professionalethics
CBI busts major cybercrime module, seizes over Rs 2 cr during raids
business-standard.com
To view or add a comment, sign in
-
New legislation to tackle fraud and money laundering – and that hands greater authority to Companies House to identify people faking their identity – is to come into force in the UK, having gained Royal Assent. The Economic Crime and Corporate Transparency Bill became the Economic Crime and Corporate Transparency Act on 26 October, heralding greater powers at Companies House – an executive agency of the #government that operates under the authority of the Department for Business and Trade – described as the ‘biggest shake-up to the service in its 180-year history’. The National Crime Agency (NCA) is among the further agencies standing to benefit: it receives greater powers to compel businesses to hand over information suspected to be used for money laundering or terrorist financing, with the act introducing provisions for crime-fighting authorities to seize #cryptoassets more easily. https://lnkd.in/esWGGEJR Louise Smyth Serious Fraud Office (UK) Nicholas Ephgrave QPM Euan Slack Transparency International UK Business Information Providers Association (BIPA) Gareth Jones OBE ACRA Association of Company Registration Agents Robert Mudge INSTITUTE OF CHARTERED ACCOUNTANTS OF SCOTLAND (THE) Dr Henry Balani Encompass Corporation #identityverification #IDverification
UK anti-fraud legislation aims to tackle fake identities
https://www.globalgovernmentfintech.com
To view or add a comment, sign in
-
Supporting Organizations to identify & fight Financial Crime I Empower with Leading Data & Software Solutions I Enable Business Growth I Consultative Sales Practitioner
Europol's European Money Mule Action (EMMA 9) involved global collaboration, yet the numbers reveal a startling reality. Over 10,000 money mules identified, a thousand arrested, and nearly 500 recruiters caught in the web of illicit financial activities. These mules play a crucial role in laundering money obtained through diverse online scams: investment fraud, phishing, messenger app fraud, and more. Their unwitting involvement not only enables criminals to launder money but also fuels a dangerous cycle of financial crime that extends its reach across borders. Money mule scams are not just about financial transactions; they are the lifeblood of criminal networks. They fund activities that breed more dangerous consequences—fueling drug trafficking, human exploitation, and even terrorism. By unwittingly participating, individuals become unwitting cogs in this vast, destructive machine. The stark reality is clear: money mule scams are not victimless crimes. They fund criminal enterprises that wreak havoc on society, leading to dire consequences far beyond the financial realm. It's a call to action to stay vigilant, educate ourselves, and stand against these scams, safeguarding not just our finances but also our global community from the far-reaching repercussions of organized crime.
Police Arrests 1000 Suspected Money Mules
infosecurity-magazine.com
To view or add a comment, sign in