As has been widely reported, a magistrate judge in the Eastern District of Virginia recently ordered Capital One to produce a forensic report prepared by the cybersecurity firm Mandiant, holding that the report was not protected as attorney work product despite having been prepared at the direction of outside counsel. On June 9, 2020, Capital
Virgin Media is reportedly one of the latest UK companies to suffer a data security breach. On 5 March 2020, it published a statement on its website explaining that one of its databases had been accessed without Virgin Media’s authorisation, due to a configuration issue. It is reported that the database had been left unsecured since April 2019 and that it contained information about (approximately) 900,000 existing and potential customers. Virgin Media states that the compromised information was mostly limited to contact and product data and importantly, did not contain financial information or passwords.
The statement sets out a number of frequently asked questions, with easy to understand responses. The ICO and affected data subjects have been notified and the statement provides customers with information about possible scams and phishing attacks aimed at helping them to better protect themselves and be aware of the risks in a heightened risk environment, in light of the incident.
Continue Reading Virgin Media suffers Data Security Breach
An unhappy new year for Currys PC World and Dixons Travel stores, as the ICO has issued owners DSG Retail Limited with a Monetary Penalty Notice of £500,000 for serious security failings involving Point of Sale (“POS”) terminals in stores. Although the incident was investigated and addressed under the pre-GDPR legislation, the fine represents the maximum available to the Commissioner, under the Data Protection Act 1998, who in her findings observed that “but for the statutory limitation on the amount, it would have been reasonable and proportionate to impose a higher penalty”. This decision is important for retailers, particularly on payment information. It is also helpful to understand the factors involved in the breach of security, and offers some insight as to the ICO’s assessment of “appropriate technical and organisational measures” which of course remain crucial requirements for the security of personal data under the GDPR.
Continue Reading ICO Issues Fine Against National Retailer for Security Failings