Cyber Security News Update July 12, 2019
Spam Call Protection
A recent Federal Communications Commission (FCC) law gives cellular data service providers the ability to block spam and robocalls at their network level. The FCC voted unanimously to pass the measure. Phone scam blocking service YouMail reported that an estimated 48 billion robocalls were placed in the United States last year and the number is on the rise.
Carriers like AT&T and Verizon can now block spam calls, scam calls, and robocalls automatically. Previously a customer had to opt in to their provider’s call blocking services. AT&T is the first cell provider to announce that the company will go ahead and enable their call blocking service, Call Protect, by default.
Two Massive GDPR Fines Announced
Two global corporation have been fined for data privacy violations. British Airways and Marriot Corporation were both find for their respective massive data breaches under the General Data Protection Regulation (GDPR) administered by Europe’s Information Commissioner’s Office (ICO)
British Airways GDPR Fine
British Airways was fined by Europe’s Information Commissioner’s Office (ICO) for its colossal data breach that was discovered in October last year. The fine is the first levied under GDPR which went into effect in late May 2018. British Airways was fined 183.4 million Euros which is 1.5% of the airline’s revenue from last year.
Hackers compromised the airline’s website and stole personal data from over 500,000 customers. Customer data including login credentials, payment information, full name, address, and travel information was stolen when the hackers diverted travelers to a spoof website.
British Airways plans on disputing the fine as they have found no evidence of fraudulent activity on the hacked accounts or data for sale on the dark web.
Marriot Hotels GDPR Fine
A day after the British Airways fine was announced, Marriott International was also fined 99.2 million Euros a GDPR violation. The fine was imposed by the ICO for a massive data breach on the hotel chain’s booking system. The records of 500 million hotel guests were hacked. Customers from 31 countries from the European Economic Area were involved, including seven million UK residents.
Hackers compromised the hotel reservation system of Starwood Hotels Group back in 2014. At that time Marriot did not own Starwood but acquired the hotel chain in 2016. The data breach was not discovered until 2018. Personal data of an incredible 500 million hotel guests was hacked including credit card payment information, passport numbers, and birthdates. Starwood brands include Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W Hotels, St. Regis, Le Méridien, Aloft, Element, Tribute Portfolio and Design Hotels.
What is GDPR?
General Data Protection Regulation, commonly referred to as GDPR, is a new regulation that went into effect in late May 2018. The new regulation is intended to modernize data laws to protect the personal data of private citizens and ensure they can control who has their sensitive data and for how long. GDPR comes with some massive fines to make sure companies take it seriously. The Europe’s Information Commissioner’s Office is responsible for enforcing GDPR and can fine violators up to 20 million Euros , or 4% of annual global revenue.