Search Results for “Danny Palmer”

July 8, 2019
Mark Sweney / The Guardian

Mark Sweney / The Guardian  
British Airways Slammed With $230 Million Penalty Over June 2018 Data Breach in First Fine Proposed by UK’s ICO Under GDPR

In the first fine proposed by the UK’s data protection watchdog under the EU’s new General Data Protection Regulation (GDPR), British Airways is to be fined more than £183 million (around $230 million) by the Information Commissioner’s Office (ICO) after hackers stole the personal data of half a million of the airline’s customers in a data breach that began in June 2018. The ICO said its investigation found that customer details including login, payment card, name, address and travel booking information being harvested after being diverted to a fraudulent website. Consistent with EU rules adopted last May, the fine represents 1.5% of British Airways annual revenues of £11.6 billion (around $14.53 billion). British Airways plans to make any necessary appeals of the decision before it becomes final.

Related:, ZDNet Security, Techerati,The Hindu – News, Asia One World, Evening Standard, The Hacker News, Fast Company, The Next WebAl Bawaba,, AP Breaking News,, ComputerWeekly: IT security, IT Pro, Security – Computing, THE INQUIRER, Graham Cluley, BBC News – Home, New Scientist, Engadget, South China Morning Post,, The VergeNew York Times – Business, RAPPLER, CNET News, The Register – Security, ComputerWeekly: IT security, Infosecurity Magazine, The Daily SwigTechCrunch, Verdict, iNews, Silicon Republic,, Computer Business Review, Help Net Security, The State of Security, ICO, Politico EU

Tweets:@CarlGottlieb @neil_neilzone @gcluley @allanfriedman @ICONews @dannyjpalmer @WeldPond

\ British Airways Fined $229M for 2018 Data Breach
ZDNet Security: GDPR: British Airways faces record £183m fine for customer data breach
Techerati: BA landed with record £183m fine for data breach
The Hindu – News: British Airways fined £183m over computer theft of passenger data
Asia One World: British Airways fined more than $300 million over computer theft of passenger data
Evening Standard: British Airways data breach: BA set to be fined £183m
The Hacker News: British Airways Fined £183 Million Under GDPR Over 2018 Data Breach
Fast Company: British Airways just got hit with a massive $229 million GDPR fine
The Next Web: British Airways fined $229m over last year’s data breach
Al Bawaba: British Airways Faces $229 Million Fine Over Customer Data Breach ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach
AP Breaking News: BA faces $229 million fine over breach of customers’ data Regulators fine British Airways record $230M for data breach
ComputerWeekly: IT security: IISP gains Royal Charter status
IT Pro: British Airways faces record £183m ICO GDPR fine
Security – Computing: British Airways faces £183m GDPR fine over last year’s security breach
THE INQUIRER: British Airways slapped with £183m GDPR mega-fine over 2018 breach
Graham Cluley: British Airways faces record £183 million GDPR fine after data breach
BBC News – Home: British Airways faces record £183m fine for data breach
New Scientist: British Airways faces largest ever data breach fine for 2018 hack
Engadget: UK regulator to hit British Airways with record fine over 2018 hack
South China Morning Post: British Airways fined US$229 million over massive data breach that saw hackers steal bank details of thousands of passengers British Airways to be fined for GDPR infringements
The Verge: British Airways faces record-breaking GDPR fine after data breach
New York Times – Business: British Airways Faces Record $230 Million Fine for Data Breach
RAPPLER: British Airways fined £183m over computer theft of passenger data
CNET News: British Airways faces record-breaking $230M GDPR fine for 2018 data breach – CNET
The Register – Security: UK data regulator threatens British Airways with 747-sized fine for massive personal data blurt
Infosecurity Magazine: BA’s Magecart Breach Lands it £183m GDPR Fine
The Daily Swig: British Airways faces landmark $229m fine over data breach
TechCrunch: UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users
Verdict: £183m British Airways fine sees airline become GDPR “guinea pig”
iNews: British Airways boss ‘surprised and disappointed’ over record £183m fine for data breach
Silicon Republic: British Airways facing record £183m fine over data breach British Airways Fined £183M After 0.5M Users’ Data Is Compromised
Computer Business Review: BA Facing £183.39M Fine for 2018 Data Breach
Help Net Security: British Airways is facing £183 million fine for 2018 data breach
The State of Security: British Airways faces record £183 million GDPR fine after data breach<
ICO: Intention to fine British Airways £183.39m under GDPR for data breach<
Politico EU: British Airways hit with major fine in data theft case<

@CarlGottlieb: I can't overstate the significance of this #GDPR British Airways fine (1.5% of worldwide turnover / £183m) for anyone in security, privacy or senior management. You've got to get security right, with appropriate levels for your organisation, else the fines can be career changing.
@neil_neilzone: The ICO intends to fine BA *£183 million* for personal data breach leading to the compromise of half a million people’s data: … Note: this is an *intent* to fine, not the fine itself.
@gcluley: Ouch! British Airways faces record £183m fine for data breach …
@allanfriedman: Initial details of the GDPR enforcement that will be talked about in decks for the next year or two: BA fined 1.5% of global revenue for mage attack last year—£183 MILLION! (link:… For me, the interesting story is what other boards start to do to avoid this.
@ICONews: The ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).
@dannyjpalmer: The proposed fine could be reduced after British Airways make their appeal - but even if that happens, it will be hard for other organisations to ignore today's £183m figure. Who would want to risk the dubious title of the next record fine holder? ?
@WeldPond: BA data breach facilitated by poor website security. 1.5% of global turnover or £185M GDPR fine levied.

October 30, 2019
Alex Hern / Guardian

Alex Hern / Guardian  
Facebook Agrees to Pay UK Privacy Commissioner’s Fine of Around $643,000 Over Cambridge Analytica Scandal

Facebook has agreed to pay a £500,000 fine, around $643,000, the highest possible, to the Information Commissioner’s Office (ICO) over the Cambridge Analytica scandal, ending more than a year of litigation between the regulator and social network. The ICO announced its intention to fine Facebook back in July and issued the official penalty notice this month, while Facebook filed an appeal. Under the settlement, Facebook has made no admission of liability and has been allowed to retain the documents discovered by the ICO for its investigation purposes. Had Facebook’s privacy violations occurred after May 2018, the potential total fine could have amounted to 4% of the company’s revenues.

Related: ZDNet Security,,, BBC News – Home, Verdict, City A.M. – Technology, Infosecurity Magazine, NS Tech, Z6 Mag


October 8, 2019
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Twitter Says It Unintentionally Used Some Users’ Email Addresses, Phone Numbers Supplied for Two-Factor Authentication for Advertising Purposes

Twitter said that it unintentionally used some users’ email addresses and phone numbers they provided for security purposes, such as two-factor authentication, for advertising purposes. Twitter’s Tailored Audiences and Partner Audiences advertising system, which matches email addresses and phone numbers with those already obtained by advertisers, used the data. Twitter can’t say how many people were affected by the issue but did say that the company fixed the problem as of September 17.

Related: Twitter, Axios, The Verge, TechCrunch, ZDNet Security, SecurityWeek, AP Breaking News, GeekWire, iTnews – Security, BBC News, Trusted Reviews, fossBytes,, TechNadu, Silicon Republic, Ars Technica,, Daily Dot,  The Hacker News

Tweets:@MikeIsaac @kateconger @kurtwagner8 @bafeldman @BrendanBordelon @MsHannahMurphy @dannyjpalmer @arischulman @shanvav @jeffstone500 @caseynewton @runasand @matthew_d_green

Twitter: Personal information and ads on Twitter
Axios: Twitter says it unintentionally misused user data for advertising
The Verge: Twitter used phone numbers provided for security to target ads
TechCrunch: Twitter admits it used two-factor phone numbers and emails for serving targeted ads
ZDNet Security: Twitter used 2FA phone numbers for ad targeting
SecurityWeek: Twitter Admits Phone Numbers Meant for Security Used for Ads
AP Breaking News: Twitter says it mistakenly used phone numbers for ads
GeekWire: Too big to fail? FTC commissioner sees parallels between Big Tech and bank crisis
iTnews – Security: Twitter recycled 2FA phone numbers to tailor ads
BBC News: Twitter ‘inadvertently’ used email addresses for ads
Trusted Reviews: Twitter was using phone numbers and email addresses for targeted advertising
fossBytes: Twitter Accepts It Used Users’ 2FA Phone Numbers For Ad Targeting Twitter ‘Very Sorry’ It Misused Security Data For Ads
TechNadu: Twitter has Shared User Emails and Phone Numbers With Advertisers
Silicon Republic: Twitter used user phone numbers and emails to serve targeted ads
Ars Technica: Twitter transgression proves why its flawed 2FA system is such a privacy trap Twitter May Have Mistakenly Used Users’ Data For Advertising
Daily Dot: Twitter used two-factor authentication details to serve targeted ads
The Hacker News: You Gave Your Phone Number to Twitter for Security and Twitter Used it for Ads

@MikeIsaac: come on
@kateconger: taking people's security info and using it to sell ads is a huge bummer and erodes trust. FB did this a while back too and it's the worst
@kurtwagner8: Not great: Twitter says it "inadvertently" used the phone numbers and emails that some people handed over for security reasons, like two-factor authentication, to target people with ads
@bafeldman: every platform should be wiped and start again from scratch
@BrendanBordelon: Twitter "may have" inadvertently provided the phone number/email address you provided for safety or security purposes to advertisers.
@MsHannahMurphy: Twitter reveals it 'unintentionally' used personal info (phone numbers/emails) that users handed over for security reasons (eg. 2FA) for targeted advertising. And only 2 months after it admitted it gave other user data to advertisers without permission:
@dannyjpalmer: "We recently discovered that when you provided an email address or phone number for safety or security purposes... this data may have inadvertently been used for advertising purposes" ? "We’re very sorry this happened" ? Twitter remains terrible.
@arischulman: How does one "inadvertently" make 2FA emails/phones numbers available for advertisers to match to marketing lists? Did Twitter engineers trip and fall onto their keyboards over and over for months until they accidentally wrote functional code?
@shanvav: Another day another tech giant taking user data (provided for security like 2FA mind you) and using it in the wrong way...Twitter says it used email addresses or phone numbers for “advertising purposes.”
@jeffstone500: Twitter collected phone numbers to improve account security then used those for advertising purposes. It's an example of an incredibly wealthy company prioritizing their bottom line over protecting users. (They say this was inadvertant, FWIW.)
@caseynewton: Well the joke’s on Twitter because I’ve still never seen a relevant ad here
@runasand: People should not have to pay for security features, such as two-factor authentication. Not with money and not with their personal information.
@matthew_d_green: No problem, @twitter! These things happen. Even if it wasn’t unintentional, let’s be honest: your company selling us advertising is a lot more important than the trust and safety of your user base.

October 17, 2019
Kevin Poulsen / Daily Beast

Kevin Poulsen / Daily Beast  
Russia’s Cozy Bear Didn’t Actually Vanish After 2016 Presidential Election But Retooled With New Malware, Communicated Secretly in Plain Sight on Twitter, Dropbox, Reddit

A Russian state cyber-espionage ring known as the Dukes, but better known as “Cozy Bear” and “APT29,” or the “other” hackers who broke into the DNC’s network, is still active despite seemingly vanishing without a trace nearly three years ago, researchers at ESET report. Following the 2016 U. S. presidential election, which raised fears over Russia’s state-sponsored hacking, the group seemed to cease operations, but ESET now says the hackers just retooled, developing new harder-to-spot versions of their custom malware. The ring used coded messages broadcast on Twitter or dropped on Dropbox to communicate with their hacked machines secretly in plain sight, even posting steganographically-coded photos on public image boards. ESET said they also created Reddit accounts for the sole purpose of posting coded messages on subreddits, including the r/funny humor board.

Related: We Live Security, ZDNet, Axios, Cyberscoop, Z6 Mag,, Wired,

Tweets:@ESETresearch @dannyjpalmer @joeuchill

July 30, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Real Video Feeds in Smart Building Surveillance Systems Can Be Replaced With Arbitrary Footage Due to IoT Device Vulnerabilities

Security researchers at Forescout examined the security flaws in IoT devices used in smart buildings and were able to replace the real, unencrypted video feeds with arbitrary footage. The researchers set up a test environment that mimics a smart building’s integration of video surveillance (IP cameras), smart lighting (Philips Hue), and an IoT system designed to integrate components in other subsystems intended for services such as monitoring energy consumption and space utilization or predicting infrastructure maintenance needs. They used two types of attacks (denial of service and footage replay) that led to rendering an arbitrary stream to the video surveillance system (VSS). The researchers also tested how a threat actor could abuse the Philips Hue smart lighting system and were able to disable it via DoS as well as reconfigure the platform.

July 4, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Researchers Attribute a Slew of Malicious Malware Campaigns to TA505 Hacking Group, Downloaders and Backdoors Distributed All Over the World

Several malicious malware campaigns are being distributed by the TA505 hacking group that was behind the Dridex banking trojan and Locky ransomware, with the Gelup downloader and the FlowerPippi backdoor being used to attack targets from the Middle East, Japan, India, the Philippines, and Argentina, according to researchers at Trend Micro. Two spam campaigns also attributed to TA505 are distributing the malware downloader dubbed AndroMut aimed at recipients from U.S, Singapore, UAE, and South Korea, researchers at Proofpoint also discovered. In addition, Microsoft Security Intelligence also issued an alert about two weeks ago about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments, a campaign that has also been attributed to the TA505 hacking group.

Related: Cyberscoop, Dark Reading: Attacks/Breaches, ProofpointTechNadu, CyberSecurity Help s.r.o, SC Magazine, Trend Micro, IT Wire,, ZDNet