Infosec Round-Up Jan 7th
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
28TB Backup Error
Japan’s Kyoto University has lost an estimated 28TB of research data following a devastating backup error involving its Hewlett-Packard supercomputer.
Occurring sometime in mid-December, an investigation into the issue found that 25 million files from 14 different research groups had been wipe from the system and backup storage, much of which could not be restored.
Initially estimated to be 77TB of lost data, the details of the information have not been made public, though the university has stated in an announcement that 68 users were affected.
With Hewlett-Packard Enterprise (HPE) stating that it takes “100% responsibility” for the error, the company explained that a software update intended to improve file visibility was the source of the problem, adding (translated) “We deeply apologize for causing a great deal of inconvenience due to the serious failure of the file loss.”
New UK Information Commissioner
John Edwards, the former New Zealand Privacy Commissioner, this week begins his new role as the UK’s Information Commissioner, succeeding his predecessor Elizabeth Denham CBE.
Having previously worked as a solicitor and barrister for over 14 years, as well as time advising the NZ government, Edwards takes his new position at a time when the privacy watchdog will see significant changes, to not only its governance model, but also in “actively engaging with the government over the proposed reforms to the Data Protection Act.”
In an official announcement, Edwards stated “Privacy is a right not a privilege. In a world where our personal data can drive everything from the healthcare we receive to the job opportunities we see, we all deserve to have our data treated with respect.
“My role is to work with those to whom we entrust our data, so they are able to respect our privacy with ease whilst still reaping the benefits of data-driven innovation. I also want to empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong.”
Payment Service Fined
The Paris-based payment services company SlimPay has been fined €180,000 by the French data privacy regulator following the discovery that it had exposed sensitive customer data on a publicly accessible server for several years.
Having undertaken a research project into anti-fraud technology in 2015, SlimPay used personal data contained in its customer databases, though following the end of the project in 2016 the data was left on a publicly accessible server.
Affecting approximately 12 million people, the breach was discovered by a customer of SlimPay in February 2020, who in turn notified the company.
Having been found to have failed to comply with several GDPR requirements, including the notification of data subjects, SlimPay has stated: “we are committed to implementing measures which meet the expectations of the GDPR, and have been doing so since its enforcement began in 2018.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.