The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

Uber Investigating Wide-Reaching Security Breach

Uber is currently responding to what could be one of the worst breaches in the company’s history.

The worst part is that it could all be down to a few text messages.

A hacker first gained access to Uber's systems on Thursday after sending a text message to an employee claiming to be an IT person and asking for their login credentials, according to the New York Times, which first reported the breach.

Why should we care as DPOs?

Well, employee phishing attacks are becoming more and more popular.

These are attacks that target employee credentials in order to access internal systems and data.

This can very quickly become a full-on nightmare as often employee devices are shared between work and personal purposes.

Targeting employees through phone-based phishing campaigns suggests hackers have found a good way to breach large organizations with layered and sophisticated cybersecurity practices.

So it’s important to defend as well as possible against these kinds of attacks. A good place to start is this post.

UK Data Protection and Digital Information Bill faces delay

Reforms to UK data protection law face delay after a scheduled parliamentary debate on the legislative proposals was postponed.

A second reading of the UK Data Protection and Digital Information Bill was withdrawn from the day’s House of Commons business “to allow ministers to consider the legislation further”, Commons leader Mark Spencer told MPs.

The move followed the announcement of the election of Liz Truss to the leadership of the governing Conservative party at lunchtime yesterday. No new date has yet been set for the second reading of the Bill to take place.

It seems with major political changes in the UK we will have to wait to see what amendments will be made to the bill.

Especially with the bill set to potentially change how personal data will flow between the UK and the EU.

Other data privacy news

Parsing Samsung’s Data Breach Notice (Tech Crunch)

Samsung’s data breach is why you shouldn’t have to sign in to smart TVs (Techradar)

Uber’s ex-security chief faces landmark trial over data breach that hit 57m users

Post of the week

Plausible Analytics @PlausibleHQ

Is Google Analytics illegal? Yes, said Austrian, French and Italian Data Protection Authorities and today the Danish DPA agreed! 🇩🇰 Exciting times to be a European, privacy-first web analytics project 🇪🇺

4:11 PM ∙ Sep 21, 2022

---

416Likes46Retweets

Poll of the week