Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK’s Information Commissioner’s Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU’s General Data Protection Regulation through the incident. Marriott didn’t conduct “sufficient due diligence” when it bought Starwood, according to the regulator, and “should also have done more” to improve security.
By the time it was clear the fallout from the Equifax breach reached roughly three-fourths of adult Americans, Washington lawmakers were already tripping over themselves to churn out a law that they hoped would, in some future, analogous disaster, hold accountable the negligent hoarders of Americans’ personal, private data. By the time Facebook’s Cambridge Analytica scandal reared its head six months later, however, nearly every effort to pass a comprehensive bill that might punish corporate data malfeasance had stalled. Today, only a handful of 2018 campaign websites even mention the issue at all. Continue reading Wyden Unveils New Plan to Protect Private Data, Restore ‘Do Not Track,’ and Jail Reckless CEOs
Hackers stole $80 million from a bank, but it could have been a lot worse if they had just Googled the name of a company, according to Reuters. Thieves got inside servers of the Bangladesh Bank, stealing the credentials used to make online transfers. They then bombarded the Federal Reserve Bank in New York with up to 13 money transfer requests to organizations in the Philippines and Sri Lanka. The Fed allowed four to go through totaling $81 million, but the next one was flagged by a routing bank in Germany because the hackers misspelled “foundation” as “fandation.”