data protection
-
Global privacy laws strengthen rights but enforcement and outcomes remain uneven
A 35-year review by researchers at Dakota State University finds that global privacy laws have expanded rights and obligations but enforcement and measurable reductions in harm are uneven; the study highlights uneven fines and compliance rates, growing technology-driven pressures, cross-border uncertainty and the need for metrics to track outcomes.
-
Researchers propose observational audit to detect label leakage in machine learning models
A new observational auditing framework lets testers detect whether machine learning models leak training labels without altering training data, using proxy labels and attacker-based tests; experiments on image and click datasets showed tighter privacy settings reduced leakage.
-
UK regulator declines formal probe into MoD Afghan data leak, commissioner tells MPs
The UK Information Commissioner told MPs his office decided not to open a formal investigation into a Ministry of Defence data breach that exposed details of Afghan resettlement applicants, citing concerns an inquiry might hinder the MoD’s response and noting resource limits for handling classified material.
-
UK regulator fines Capita £14m over 2023 cyberattack that exposed 6.6m people
The UK Information Commissioner’s Office has fined Capita £14 million after a 2023 cyberattack exposed data on about 6.6 million people; the ICO said failures in detection and privileged account controls allowed attackers to exfiltrate roughly 1 TB and deploy ransomware.
-
ECG signals can be linked to individuals, study finds, prompting privacy cautions
A new study shows ECG signals can be linked to identifiable individuals with high accuracy, challenging traditional de-identification methods and prompting calls for stronger privacy protections in health data sharing.
-
LNER confirms customer data accessed in third-party data breach
London North Eastern Railway says customer contact details and some journey information were accessed via a third-party supplier, with no impact on ticketing or services and no storage of bank data. The company urges caution on phishing and emphasizes secure passwords.
-
Croatian Research Institute Confirms Ransomware Attack via ToolShell Vulnerabilities
The Ruđer Bošković Institute in Croatia confirmed it was among thousands of institutions hit by ransomware exploiting SharePoint ToolShell vulnerabilities, encryption of administrative data, a pledge not to pay ransom, and ongoing forensic investigations.
-
U.S. House Bans WhatsApp for Congressional Staff Citing Security Risks
The U.S. House of Representatives has officially banned congressional staff from using WhatsApp on government-issued devices due to security concerns, recommending alternative messaging platforms. Meanwhile, WhatsApp defends its security measures in response.
-
Critical Flaw in Veeam Backup Software Prompt Workforce Update
Veeam Software has issued critical patches for vulnerabilities in its Backup & Replication software, including a major flaw allowing remote code execution. Security experts emphasize the urgency for users to update to safeguard against potential cyber threats.
-
Security Risks Emerge from Popular Chrome Extensions Transmitting User Data in Plaintext
Prominent Chrome extensions are under scrutiny as security experts highlight that several have been found transmitting sensitive data unencrypted over HTTP, raising significant privacy concerns. Users are urged to reconsider using these extensions until developers address security flaws.
