Infosec Round-Up Jan 7th

Play Video

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

28TB Backup Error

Japan’s Kyoto University has lost an estimated 28TB of research data following a devastating backup error involving its Hewlett-Packard supercomputer.

Occurring sometime in mid-December, an investigation into the issue found that 25 million files from 14 different research groups had been wipe from the system and backup storage, much of which could not be restored.

Initially estimated to be 77TB of lost data, the details of the information have not been made public, though the university has stated in an announcement that 68 users were affected.

With Hewlett-Packard Enterprise (HPE) stating that it takes “100% responsibility” for the error, the company explained that a software update intended to improve file visibility was the source of the problem, adding (translated) “We deeply apologize for causing a great deal of inconvenience due to the serious failure of the file loss.”

New UK Information Commissioner

John Edwards, the former New Zealand Privacy Commissioner, this week begins his new role as the UK’s Information Commissioner, succeeding his predecessor Elizabeth Denham CBE.

Having previously worked as a solicitor and barrister for over 14 years, as well as time advising the NZ government, Edwards takes his new position at a time when the privacy watchdog will see significant changes, to not only its governance model, but also in “actively engaging with the government over the proposed reforms to the Data Protection Act.”

In an official announcement, Edwards stated “Privacy is a right not a privilege. In a world where our personal data can drive everything from the healthcare we receive to the job opportunities we see, we all deserve to have our data treated with respect.

“My role is to work with those to whom we entrust our data, so they are able to respect our privacy with ease whilst still reaping the benefits of data-driven innovation. I also want to empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong.”

Payment Service Fined

The Paris-based payment services company SlimPay has been fined €180,000 by the French data privacy regulator following the discovery that it had exposed sensitive customer data on a publicly accessible server for several years.

Having undertaken a research project into anti-fraud technology in 2015, SlimPay used personal data contained in its customer databases, though following the end of the project in 2016 the data was left on a publicly accessible server.

Affecting approximately 12 million people, the breach was discovered by a customer of SlimPay in February 2020, who in turn notified the company.

Having been found to have failed to comply with several GDPR requirements, including the notification of data subjects, SlimPay has stated: “we are committed to implementing measures which meet the expectations of the GDPR, and have been doing so since its enforcement began in 2018.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

InfoSec Round-Up Dec 3rd

Infosec Round-Up Dec 3rd - Hut Six

Clearview AI faces UK GDPR fine. Hacker charged for extortion attack. Cabinet Office hit with £500k fine.

Infosec Round-Up Nov 26th

Infosec Round-Up Nov 26th - Hut Six

1.2 million passwords breached in GoDaddy hack. 'Easy-to-guess' default passwords banned in UK. NSO Spyware company sued by Apple.

Infosec Round-Up Nov 19th - Hut Six

Infosec Round-Up Nov 19th - Hut Six

National Cyber Security Centre publishes annual review. US compensated fraud victims. State-sponsored hacker warning.

Infosec Round-Up Nov 12th

Infosec Round-Up Nov 12th - Hut Six

UK court throws out mass-action lawsuit against Google. US offers $10 million for the identity of REvil cyber criminals. Stor-a-File storage company suffers data breach.

Infosec Round-Up Nov 5th

Infosec Round-Up Nov 5th - Hut Six

UK Labour party data leaked by data handler. Facebook announces end to the use of facial recognition. US Commerce Department sanctions Israel's NSO Group.

Infosec Round-Up Oct 29th

Infosec Round-Up Oct 29th - Hut Six

GCHQ chief warns double in ransomware attacks. “Unprecedented” VOIP cyber-attack. Teen scammer has £2 million in crypto seized.

Infosec Round-Up Oct 22nd

Infosec Round-Up Oct 22nd - Hut Six

Computer maker Acer hacked twice in a single week. Ofcom reports almost 45 million people targeted by scammers. US restricts the sale of hacking tools.

Infosec Round-Up Oct 8th

Infosec Round-Up Oct 8th - Hut Six

125GB of Twitch data leaked. School IT tech charged in insider threat case. EU parliament votes against A.I surveillance.

Infosec Round-Up Oct 1st

Infosec Round-Up Oct 1st - Hut Six

iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.

InfoSec Round-Up Sep 24th

InfoSec Round-Up Sep 24th - Hut Six

REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.