Tag Archive for: GDPR

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches


Fraud Management & Cybercrime
,
Ransomware

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They’ll Pay Massive Fines


September 7, 2023    

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches
Image: Shutterstock

Money is a great inducement to innovation. That includes – maybe especially so – ransomware groups whose attempts to squeeze dollars from data lead to no end of novel technical and business techniques.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

Enter Ransomed, a group that only launched Aug. 15 but which has already made a name for itself by extorting victims with this threat: Pay us a ransom to stay quiet, or we’ll rat you out to your friendly neighborhood European privacy regulator. As a sweetener, the group tells victims that their ransom demand is only a fraction of the fines they’d pay for violating the EU’s General Data Protection Regulation for the data breach.


The group claims it targets large organization, demanding ransoms of between $53,000 to $215,000, which is far below what it says their GDPR penalty is likely to be, threat intelligence firm Flashpoint reported.


Whether or not any victims have chosen to take GDPR compliance or other legal advice from these stress-inducers remains unclear.


The same goes for victims of groups that have previously named-dropped GDPR in their ransom notes. Since 2022, that’s included post-Conti spinoff Alphv/BlackСat, joined this year by newcomers NoEscape and the Cloak extortion group, which has been tied to Good Day ransomware, reported threat intelligence firm Kela.


Like most ransomware groups, Alphv…

Source…

iStorage Podcast | Ep02 | with Bhav Modha | Hardware Encryption in the UK. (Cyber Security)



Cyber security protecting your business with cost effective penetration testing



Let us tell you WhatsApp – we don’t want to pay that €225m GDPR fine • The Register


WhatsApp has been slapped with a fine of €225m [PDF] following a long and drawn out investigation into whether it had provided the necessary data protection information to users under the EU General Data Protection Regulation (GDPR).

The fine – along with a slap on the wrist – has been imposed by the Data Protection Commission (DPC), the national independent authority in Ireland responsible for personal data protection in the EU.

It’s reported to be the heftiest fine ever issued by the DPC and the second-largest handed out under EU data protection laws.

WhatsApp, however, has already said it intends to appeal the decision and believes the fine is “entirely disproportionate.”

In a statement, a spokesperson for the company told The Reg: “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.

“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision.”

In what has proved to be a highly technical ruling dating back to 2018, the DPC said the case examined whether WhatsApp has “discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service. This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.”

As well as the fine, the DPC has also ordered WhatsApp to take “a range of specified remedial actions” which some sources claim could make privacy policies even less user friendly.

If nothing else, WhatsApp is not alone. In July, Amazon said that an EU privacy watchdog had issued an $885m fine for failing to comply with…

Source…