The Risk Report - Nov. 12

You'd think that, by now, companies that handle highly sensitive financial and national security information for their customers would have it figured out to keep it all safe. This week's breaches tell a different story...

‍

BREACHES OF THE WEEK

📉 Flash Crash

Robinhood, the popular trading app, suffered a data breach this week that has Jim Cramer declaring that the company is just "not ready" for prime time. In its official statement, the company acknowledged that the breach, which was a result of social engineering, affected roughly 7 million people, and that the situation has since been contained. Fortunately, most of the PII gathered was limited to just names and email addresses, though a small number of individuals did have more sensitive data compromised. Robinhood is continuing to work with law enforcement and outside security firms on further investigations.

Read the full story

💣 Countermeasures

A Virginia-based US government defense contractor reported a data breach this week that was caused by an email phishing incident. Electronic Warfare Associates ("EWA") reported in its official statement that the breach took place on August 2, 2021, and that Social Security Numbers and driver's license numbers were among the information stolen by the attackers. EWA is a provider of a number of defense products including training simulators, radar systems, and counterintelligence technology.

Read the full story

NOTEWORTHY THIS WEEK

🛍️ Cost of Doing Business

The European Union's General Court in Luxembourg ruled against Google this week in its appeal of an antitrust case dating back to 2017. Google filed the appeal in response to the original ruling that found them to be guilty of unfairly pushing its own comparison shopping service in search results. Google now faces a $2.8 billion fine, the largest in EU history, but can appeal the case yet again in the EU's European Court of Justice.

Read the full story

🇸🇦 Privacy Kingdom

New, comprehensive, data privacy laws are coming to the Kingdom of Saudi Arabia this spring with the Personal Data Protection Law (PDPL) going into effect March 22, 2022, a first for the Middle Eastern country. The PDPL will impose strict restrictions on such issues as targeted marketing, extraterritorial data transfers, and even the photocopying of an individual's official documents.

Read the full story

‍

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.