Category Archives: U.K. Information Commissioner’s Office

UK threatens Clearview AI with nearly $23M fine over its facial recognition tech

Posted on by

British regulators say they intend to fine Clearview AI, a facial recognition company that bills itself as the world’s largest, nearly $23 million for “alleged serious breaches” of the nation’s data protection laws. The fines stem from a joint investigation by the U.K. Information Commissioner’s Office (ICO) and its Australian counterpart. The ICO now awaits a response from Clearview AI before possibly levying the fine in mid-2022. “I have significant concerns that personal data was processed in a way that nobody in the UK will have expected,” U.K. Information Commissioner Elizabeth Denham said on Monday. “Clearview AI Inc’s services are no longer being offered in the UK. However, the evidence we’ve gathered and analysed suggests Clearview AI Inc were and may be continuing to process significant volumes of UK people’s information without their knowledge.” The increased scrutiny from U.K. regulators has something of a parallel in the U.S., where in […]

The post UK threatens Clearview AI with nearly $23M fine over its facial recognition tech appeared first on CyberScoop.

Continue reading UK threatens Clearview AI with nearly $23M fine over its facial recognition tech

UK suit seeks compensation for Marriott data breach victims

Posted on by

Marriott International is the subject of a lawsuit in the United Kingdom brought by millions of former guests seeking compensation for the exposure of their data in a massive breach. The class action-style lawsuit, filed by U.K. resident Martin Bryant, comes in response to a security incident in which hackers accessed information about more than 300 million people between July 2014 and September 2018. The breach, first revealed in 2018, included data such as email addresses, phone numbers and credit card data about people who booked reservations through the Starwood Hotels chain, which Marriott acquired. U.S. officials privately attributed the breach to hackers working on behalf of China’s Ministry of State Security, the New York Times reported. Passport numbers belonging to some 25 million people were also involved. In a statement, Bryant said he filed the lawsuit because the hotel operators had failed to “take adequate steps to ensure the […]

The post UK suit seeks compensation for Marriott data breach victims appeared first on CyberScoop.

Continue reading UK suit seeks compensation for Marriott data breach victims

Lawsuit seeking billions in damages filed against EasyJet

Posted on by

Lawyers always seem to recognize a good data breach when they see one. A British law firm, PGMBM, announced Tuesday it filed a lawsuit against EasyJet, the largest airline in the U.K., in connection with a security incident in which details about 9 million people were exposed. The firm is seeking up to £18 billion ($22 billion), including up to 30% in fees, or roughly £5.4 billion ($6.6 billion), for itself. The suit in London’s High Court follows similar legal action against British Airways, which announced its own data breach in 2018. EasyJet said on May 19 that hackers had accessed travel information about up to 9 million people, and credit card details belonging to more than 2,000 people. While it remains unclear exactly when the breach occurred, the BBC first reported that EasyJet had learned of the attack in January, only to disclose it months later. Some customers have […]

The post Lawsuit seeking billions in damages filed against EasyJet appeared first on CyberScoop.

Continue reading Lawsuit seeking billions in damages filed against EasyJet

EasyJet announces breach impacting 9 million people

Posted on by

Hackers accessed travel details about roughly 9 million people amid a data breach at EasyJet, the largest airline in the United Kingdom. In a statement Tuesday, EasyJet said thieves had walked off with customer emails and travel information in what the company described as a “highly sophisticated cyber-attack,” without providing any details. Credit card information belonging to 2,208 customers also was compromised in the incident, the company said. Exactly when the breach occurred remains unclear, though the airline first learned of the incident in January, according to the BBC. EasyJet alerted the U.K. Information Commissioner’s Office to the incident, as required under European data protection law. The General Data Protection Regulation requires breach victims to alert regulators within 72 hours under some conditions, such as when personal information is involved. “There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the […]

The post EasyJet announces breach impacting 9 million people appeared first on CyberScoop.

Continue reading EasyJet announces breach impacting 9 million people

U.K. regulator dings tech retailer for breach that affected 14 million people

Posted on by

Britain’s data protection authority said Thursday it has fined Dixons Carphone, a massive electronics retailer, the maximum fine allowed under law for a data breach that exposed financial information from millions of customers. Malicious software lurking inside point-of-sale systems at Dixons Carphone stores from July 2017 through April 2018 collected payment card data of 5.6 million people. Attackers accessed personal information including names, email addresses and details about failed credit checks on some 14 million people. The U.K.’s Information Commissioner’s Office fined the company £500,000 ($653,000) for the incident, the highest penalty authorized under the U.K.’s 1988 Data Protection Act. The ICO found that Dixons Carphone, which reported £10.5 billion (equivalent to $13.7 billion in 2020) in revenue in 2018, broke the law “by having poor security arrangements and failing to take adequate steps to protect personal data.” The company is also known as DSG Retail. Security issues included a […]

The post U.K. regulator dings tech retailer for breach that affected 14 million people appeared first on CyberScoop.

Continue reading U.K. regulator dings tech retailer for breach that affected 14 million people

British Airways fined $229 million under GDPR for data breach tied to Magecart

Posted on by

Britain’s data protection watchdog says it will fine British Airways £183.39 million ($229.2 million) for security weaknesses that made it possible for hackers to steal information about roughly 500,000 customers. The U.K. Information Commissioner’s Office said Monday it would fine the airline for violating the European Union’s General Data Protection Regulation. By exploiting weaknesses in British Airways’ site last year, a hacking group known as Magecart was able to collect customer payment card numbers, travel booking details and other sensitive data. The fine would be the largest issued yet under GDPR, surpassing the €50 million levied by French regulators on Google. “When an organization fails to protect [personal data] from loss, damage or theft it is more than an inconvenience,” U.K. Information Commissioner Elizabeth Denham said in a statement. “That’s why the law is clear – if you are entrusted with personal data you must look after it. Those that don’t […]

The post British Airways fined $229 million under GDPR for data breach tied to Magecart appeared first on CyberScoop.

Continue reading British Airways fined $229 million under GDPR for data breach tied to Magecart

U.K. fines company that collected data from new moms, then sold it to Equifax

Posted on by

Bounty UK, a pregnancy and parenting club, has been hit with the equivalent of a $524,000 fine for illegally sharing personal information belonging to more than 14 million people with credit reference and marketing agencies, Britain’s data protection authority announced Friday. The U.K. Information Commissioner’s Office fined Bounty UK £400,000 for collecting personal information “directly from new mothers at hospital bedsides,” through merchandise claim cards, its website and mobile app. The company collected information from new mothers, mothers-to-be, as well as the birth dates and genders of young children, according to the ICO. Bounty UK then would supply that data, some 34.4 million records, to 39 third party services including Equifax and other data brokers that in the past have failed to protect customer information. The fine was enforced for violations of the U.K.’s Data Protection Act, which requires firm to be transparent in their data collection practices, and involves […]

The post U.K. fines company that collected data from new moms, then sold it to Equifax appeared first on CyberScoop.

Continue reading U.K. fines company that collected data from new moms, then sold it to Equifax