50% of Small Businesses Still Unsure of GDPR – Research conducted by Collyer Bristow has revealed that 18% of surveyed businesses have said they would go bankrupt if they were to pay the new, higher premium fines as a result of being in breach of the new GDPR laws. With 50% of small businesses displaying little knowledge of GDPR, many believe the new legislation will not affect them as much as larger businesses. Although larger businesses have a great understanding of the new legislation, nearly 30% of their executives of companies of over 1000 employees, stated they too are not familiar with GDPR.
The worst performing sectors were found to be in real estate and construction, with 35% of senior decision makers admitting they are not familiar at all with GDPR. Finally, 2/3 of the businesses said their senior management had little or no direct involvement in data protection, 23% have no data contingency plan, 34% stating they were not planning on conducting a data risk assessment this year and that 1/3 had taken no steps to prepare for GDPR at all. It seems when 25 May comes around next year the regulators of GDPR are going to be busy.
From 1 billion to now All Users – The estimation of affected Yahoo users has been just ‘slightly’ upgraded from 1 billion to now everyone who used the service. This equates to around 3 billion compromised accounts! Now rebranded as Oath, the announcement refers to the security breach that occurred in 2013 and came to light in December 2016. Included in the breach was user account information, names, email addresses, telephone numbers, date of births, hashed passwords and security questions and answers (encrypted and unencrypted). The attack was attributed to state sponsored attackers and some hackers did manage to obtain bank account details or credit card information tied to Yahoo accounts. So in other words if you had a Yahoo account you were affected. The best thing to do now is change your password and security questions to the account, enable 2-factor authentication and leave the account well alone.
Fake Order Confirmation that Contains all Recipients Real Details – In the never ending world of malware, an email with the subject of “Miss ‘Recipient name’, Your package has been collected from store” has been making the rounds but what’s different is that the recipient’s full and correct name, address and phone numbers are included within the message body. There are no details on how the hackers have obtained the information and searching the website “haveibeenpwned.com” for the compromised email addresses reveals no trace. This indicates it is not a known breach and with the personalisation of the emails, the hackers are trying to create trust with the victim to entice them to click on the malicious link contained within the email. If you receive any emails from “email@example.com” probably best to delete that one straight away.