There have been countless cyberbreaches over the past few years in which personal data, such as user IDs and passwords, have been compromised. These range from attacks against government agencies, such as two recent incidents affecting the national identity systems in Spain and Estonia, to corporate breaches exposing data belonging to millions of customers. In…

Nissan Canada revealed on Thursday that the personal information of some customers may have been compromised as a result of a data breach discovered by the company on December 11. The incident affects individuals who have financed their vehicles through Nissan Canada Finance (NCF) and INFINITI Financial Services Canada. The exact number of impacted customers…

The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows. Like the old saying about an ounce of prevention being better than a pound of cure, complying with data protection requirements can be expensive, but the financial consequences of non-compliance can hurt a…

A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world’s top websites. Last month, F5 Networks informed customers that some of its BIG-IP products include a vulnerability that can be exploited by a remote attacker for recovering encrypted data…

A researcher has discovered that a touchpad driver present on hundreds of HP laptops includes functionality that can be abused for logging keystrokes. The vendor has released patches for a vast majority of affected devices. Michael Myng was looking for ways to control the keyboard backlight functionality on HP laptops when he noticed that the…

Technical (protection) measures, means, technologies, rules and resources are mentioned multiple times throughout the GDPR text. The Regulation does not, however, specify any security technology implementation as obligatory (a few methods are suggested as optional solutions for the specific usage). Choice and evaluation of adequacy is the sole responsibility of the data controller and processor.