Category Archives: Data and computer security

Price comparison site data may have been used by Leave.EU

Former Cambridge Analytica director told MPs Brexit campaign group may have used data from Moneysupermarket

Personal information gathered from price comparison websites may have been used without people’s knowledge or consent by pro-Brexit campaigners in the European referendum.

An ex-director of Cambridge Analytica told parliament last week that she believed the Leave.EU campaign, headed by Nigel Farage and bankrolled by Arron Banks, may have breached data protection laws by using people’s private information without consent. She said she had seen with her “own eyes” how Leave.EU had apparently targeted customers of Eldon Insurance – owned by Banks – using their private data to promote anti-Europe messaging.

Continue reading…
Source: gad

Arron Banks, the insurers and my strange data trail

Carole Cadwalladr just wanted to insure her car. Six months later, she found a mass of personal details held by a firm she had never contacted that is run by Leave.EU’s biggest donor, Arron Banks. How did it get there?

If a 29-year-old Peugeot 309 is the answer, it’s fair to wonder: what on earth is the question? In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. Or that my car – a vehicle that dates from the last millennium – could hold any sort of clue to anything. If there’s one thing I’ve learned, however, in pursuing the Cambridge Analytica scandal, it’s that however weird things look, they can always get weirder.

Because I was simply seeking information, as I have for the last 16-plus months, about what the Leave campaigns did during the referendum – specifically, what they did with data. And the subject access request – a legal mechanism I’d learned about from Paul-Olivier Dehaye, a Swiss mathematician and data expert – was a shot in the dark.

Continue reading…
Source: gadt

You can buy anything on the black market – including Twitter handles

The perfect @ identity is a must-have accessory for big companies and brand-conscious celebrities – at any cost

Everything has a price, even the top Twitter handles, and if somebody does not want to sell then they may be forced to relinquish their account.

“We have a marketplace which allows the sale of Twitter handles,” says Philly, a subversive marketer who founded ForumKorner, an online gaming forum. “Unlike some websites, however, we do not allow the sales of stolen accounts that some people phish, or hack, to obtain before reselling them.”

Continue reading…
Source: gadt

How can I store my digital photos for ever?

Arunima wonders if one external hard drive will keep cherished pictures safely available for decades, but it’s not that simple

I read your article from June 2016 on What’s the best way to organise and store my digital photos? Is it not sufficient to save my pictures on one external hard drive? Must I save them on two? Also, for how many years will an external hard drive keep the pictures safe?

I have an Apple iMac and until now all my pictures were stored in Photos. Yesterday, I transferred them to an external hard drive and emptied Photos. Is this not enough to ensure the safety and availability of my pics for ever? Arunima

Nothing lasts for ever, and digital images can disappear in seconds. People lose their most important photos every day when hard drives fail, when smartphones and laptops are stolen, when online services shut down, and when natural disasters strike. Fires, floods and earthquakes can also destroy digital records.

Continue reading…
Source: gadt

Five things we learned from Mark Zuckerberg's Facebook hearing

The CEO’s privacy is as vulnerable as ours, and the social network faces a regulation battle

His data was sold to a malicious third party as well, he confirmed, in an answer to a question from the Democratic representative Anna Eshoo.

Continue reading…
Source: gadt

GDPR: how can I email data securely to comply with the new regulations?

Robert is often required to email sensitive data. Is there a secure way of doing so in view of the new data protection laws?

As a freelance media professional, I am often asked by my various employers to send copies of my passport, completed visa forms and other sensitive data in the form of email attachments. I have recently questioned this and have not really got a satisfactory response. I have tried uploading these documents to my Google Drive account and giving them a link, though I don’t really know whether this method is any safer. However, I am at a loss to see how companies should acquire such sensitive data in light of the new GDPR rules coming into force in May. Robert

The European Union’s General Data Protection Regulation (GDPR), which comes into force on May 25, will govern the storage and processing of data rather than its collection. It also includes some very important consumer rights. The most important are the right to be informed, the right of access, the right to correct errors, the right to erase data, the right to restrict processing, and the right take it elsewhere (data portability). How useful these will be in practice remains to be seen.

Continue reading…
Source: gadt

Government websites hit by cryptocurrency mining malware

Thousands of sites, including NHS services and the ICO, hijacked by rogue code

Thousands of websites, including those belonging to NHS services, the Student Loans Company and several English councils, have been infected by malware that forces visitors’ computers to mine cryptocurrency while using the site.

Late on Sunday, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware.

Continue reading…
Source: gadt

EU data protection law may end up protecting scammers, experts warn

WHOIS, one of oldest tools on internet for verifying real identities, at risk of being killed due to tough new GDPR regulations

Sweeping new European data protection regulations may have the accidental effect of protecting scammers and spammers by killing the WHOIS system used to link misdeeds online to real identities offline, security experts have warned.

The General Data Protection Regulation (GDPR), which comes into effect in May, contains a raft of measures intended to strengthen data protection for Europeans.But some of the new rights and responsibilities will conflict with decades-old technologies that have provided much-needed transparency on the internet, says Raj Samani, the chief scientist at cybersecurity firm McAfee.

Continue reading…
Source: gadt

Every NHS trust tested for cybersecurity has failed, officials admit

Assessments after WannaCry attack reveal vulnerabilities across whole of health system

Every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required, civil servants have said for the first time.

In a parliamentary hearing on the WannaCry attack which disrupted parts of the NHS last year, Department of Health (DoH) officials said all 200 trusts had failed, despite increases in security provision.

Continue reading…
Source: gadt

What can I do to protect my PC from the Meltdown and Spectre flaws?

John has an old Sony Vaio PC that seems unlikely to receive a firmware update. Should he replace it?

My Microsoft Surface Book is protected against the Meltdown and Spectre security flaws, but my Sony Vaio Pro remains vulnerable to Spectre. Both laptops run Windows 10 and have been updated via Windows Update. The Surface Book’s BIOS has also been updated by Microsoft, but there is no BIOS update for the Vaio – and, I suspect, for millions of other machines.

What is the risk of continuing to run the Vaio with this known critical vulnerability? Is there another way to mitigate it? Or, in the end, do thousands of people have to dump otherwise good machines and buy new ones? John Piatt

It’s too soon to say. Bear in mind that, so far, there are no known exploits for these vulnerabilities, so the current level of risk is low. Companies will try to defend against threats as and when they appear. In the short term, we’ll just have to see how well that goes.

Continue reading…
Source: gadt