Sarah Meyer

Marriott has put half a billion guest at risk in one of the largest data breach to date. The scope of the data breach is not only startling due to the numbers of guests that have been affected, it is the sheer amount of time since 2014 that the hackers had had access to the data.

LinkedIn accused of gathering 18 million email addresses of non-users and using those addresses for targeted Facebook advertising. And the Irish Data Protection Commissioner got a bit irate – and rightly so.

Sir Tim Berners-Lee argues that nothing short of a ‘revolution’ will stem abuse of the Internet and a new Internet Charter, a new Magna Carta, is essential to force tech giants to take concrete action to reinvent how the Internet is monetized and regulated.

New vehicle hacking threat exploits Bluetooth connectivity and targets a car’s infotainment system to access stored contacts, call logs, text logs, and in some instances even full text messages without the user being aware.

Almost 18 months since the 2017 massive outbreak, the WannaCry ransomware remains a cyber threat based on recent research from Kaspersky Labs showing 75,000 infections over the last three months.

Data collection and analytics from connected vehicles has troubling implications for the individual's privacy, not least because they simply have no choice. The use of motor vehicles is such a fundamental part of modern life that the invasion of privacy is all but unavoidable if new legislation is not promulgated.

With airline data breaches at Cathay Pacific, British Airways, Delta Airlines and Air Canada this year, is the industry now a soft target for cybercriminals?

While location services are inherently useful, it is how organizations that gather and use the data that may be a cause of concern for location privacy.

Recent PwC survey results indicate that half of respondents were not confident that their organizations would meet the 2020 deadline for CCPA compliance. What are the lessons learnt from the GDPR compliance exercise that can help companies approach CCPA and other upcoming requlations?

Mobile app makers can now use uninstall tracking software to inundate ex-users with advertising designed to win them back. Can app developers continue to use customer data for any purpose which fits their business model – even after users have deleted the mobile app?

Facebook has once again found itself in the unenviable position of having to defend itself against privacy violation claims – this time via Facebook Portal.

Singapore and Malaysia are rolling out national digital ID initiatives to streamline government services and improve efficiency. What are the lessons to be learnt from similar schemes like India's Aadhaar system?

Faced with a deluge of complaints regarding violations in terms of general data protection, regulators are expected to levy the first GDPR fines and other sanctions by year end.

The international community is under no illusion regarding the persistent threat that is posed by Russian hackers as the U.S. Department of Justice indicts 7 Russian GRU members, and other nations including the U.K. and the Netherlands protest hacking activities.

Facebook data breach comes hot on the heels of the Cambridge Analytica scandal, and resulted in 50 million compromised accounts. This is proving to be a tough year for Facebook.

Majority of business travelers have grave reservations about public WiFi security and the safety of their data. Of the 2,000 global business travelers surveyed by Carlson Wagonlit Travel, 65% were less than confident about using public WiFi networks.

SIM swap scams are increasingly profitable for criminals with the growing dependence on phone-based authentication and mobile wallets storing cryptocurrencies. Are mobile carriers doing enough to prevent SIM swap fraud?

According to Tripwire's State of Cyber Hygiene report, many organizations are simply not getting their cyber security basics right. And there is a distinct lack of focus on the proper maintenance and basic protection organizations need to put in place for cyber defense.

Reddit hack shows that the industry standard two-factor authentication approach in certain cases might not offer as much protection of vulnerable data as has long been thought.

Drones that were once used only for military purposes have now entered the private sector. With the surveillance culture that is permeating almost every part of modern society, drone surveillance using not just cameras but facial recognition software, IR technology, and speakers are an unprecedented threat to privacy.

For decades smart cards have been the foundation of access control and security systems. In smart cities, smart cards will play a key multiapplication role across public and private sector services.

California once again takes the lead with new data privacy law. While tech companies are not delighted and will continue to fight, it is still a better alternative to the November ballot which would have been more problematic.

CPO Magazine sat down with Prashant Pai and Scott Stransky at Verisk to understand what companies should consider when shoring their cybersecurity defenses.

Securus data scandal exposes cavalier attitude of location aggregators and mobile carriers towards location data and consumer privacy.

Proposed Secure Data Act wants to forbid government agencies from demanding for encryption backdoors. This is a positive move but will it resolve the security vs. privacy debate?

Seventy percent of security pros want governments to impose social media regulation for the collection of personal data by social media companies. Yet, expectations are hazy and 72% also indicated that they have little to no faith that government officials have an understanding of the threats to digital privacy.

Whether you are a user or not, you have a relationship with Facebook. With the latest revelations of the Cambridge Analytica "breach", it is becoming more and more obvious that whether you like it or not, your data will be harvested – and “sold”. Privacy choice and control is no longer fully in your hands.

Recent data breaches at Under Armour and Panera Bread has been making headlines. But the approach taken to mitigate the threat to consumers could not have been more different. One is a lesson on best practice and the other is a cautionary tale on how not to handle malicious attacks aimed at seizing consumer data.

Latest variant of Fakebank Android malware adds even more functional threats to banking clients – in the form of ‘vishing’ (voice phishing). It can now intercept outgoing and incoming calls which is then redirected to scammers which allows them to pose as legitimate employees of the bank.

When consumers shop online many do not realize that they are not only handing over their hard-earned cash, there’s another transaction that is happening at the same time – online behavioral tracking. Data about you is being gathered, shared and analyzed to determine what you see and to shape your online experience.

EFF and Lookout traced Dark Caracal to Lebanon and has infected Android users in more than 20 countries and stolen hundreds of gigabbytes of dat. Cyber espionage using fake apps with Android malware is the new trend as nation states and cybercriminals move towards using mobile as the target platform.

The Unique Identification Authority of India (UIDAI) has denied reports that the Aadhaar data breach has made masses of biometric data available to external players for a miniscule sum. Has big government in India simply overreached itself as far as its vision for this database is concerned?

Consumer privacy took a body blow in 2017 when U.S. President Donald Trump signed a repeal of the broadband privacy rules. Increasingly, the complex nature of privacy in the age of the internet is putting the fraught relationship between government, big business and the man on the street to the test.

Recent study by Imperva gets under the skin of what can now be characterized as an increasingly complex and rapidly maturing phishing industry. The study examined more than 1,000 free phishing kits that allow for the development of phishing web sites in what has been called an ‘easy to deploy’ format.

AIG releases new cyber risk benchmarking model to quantify and score cyber maturity of clients, boosting cyber insurance and promoting metrics useful for the industry to evaluate the risks that organizations face in terms of cyber security.

The U.S. Federal Government is a behemoth that touches every aspect of American life – and today the services and information needed by U.S. citizens are increasingly found online. However, the latest report on the state of U.S. federal websites indicates that they fail on some key indicators regarding web security.

Identity theft is a frighteningly real concern during the holiday season as consumers shop more and cyber criminals get busy. Companies that proactively offer identity protection to cushion the full impact of a data breach on customers that are victimized will reap benefits of trust and loyalty from their customers.

Misconfigured AWS buckets containing dozens of terabytes worth of social media messages were exposed to the public. The data found in Pentagon's leaked database was gathered by the U.S. military as part of their ongoing efforts to identify so called ‘persons of interest’, revealing the extent of internet surveillance.

The U.S. government reveals the Vulnerabilities Equities Process which decides if vulnerability data is released or gets stockpiled as cyber weapons.

Rock bottom prices on the dark web for remote access into corporate PCs a boon for cyber criminals to steal data, distribute malware and ransomware attacks.

Consumer trust has taken a hit over the past year. Retailers now need to offer identity protection services to regain confidence of holiday shoppers.

Amazon Key is still in the early stages yet there are so many questions of hacking, insurance risks and liability if problems were to occur during delivery.

Use of facial recognition technology is growing in both public and private sectors amid increasing concerns over data privacy and mass surveillance.

As the GDPR deadline draws nearer, issues surrounding privacy in the workplace have taken the fore yet again, raising the stakes for employee monitoring.

Tripwire's latest survey highlights that shortage of cyber security skills is exposing an organization's vulnerabilities, leading to increased outsourcing.

With the GDPR coming into full effect in May 2018, organizations are ramping up demand for GDPR jobs including DPOs, business analysts and project managers.

Spokeo privacy lawsuit is a wakeup call for background checking service companies to pay more attention to what they pass off as individuals’ actual data.

With six million Instagram accounts hacked, are passwords now a liability and is it time to turn on that Instagram two-factor authentication?

Last week, Google announced the removal of around 300 Android apps found with malware that secretly hijacks your phone to participate in massive distributed denial of service (DDoS) attacks. The takedown was a result of collaborative investigation by several security and technology companies who discovered the WireX…

Imperva reversed the phishing hook to hack the hackers, proving that these 'professionals' are just as susceptible – and in the process reveals some very important anti-hacker lessons.

How many privacy policy and terms of use agreements have you just clicked 'Accept' without giving a second thought? Sadly, you gave up plenty by doing so.

Ransomware attacks are the frightening new hacking phenomenon that is hitting businesses all over the world. Here are five ways to stop ransomware attacks.

Ransomware attacks are potentially very damaging But there are far more serious threats according to FBI’s Cybercrime Report. It’s your email that’s the issue.

The 21st of June 2017 saw UK’s Queen Elizabeth give what is generally known as ‘The Queen’s Speech’ in which Her Majesty gave some insights into just how seriously the UK government is taking issues of online privacy and data protection.

Telefónica in Germany has announced a partnership with U.K. firm People.io to power an app through which the telco giant's customers can control some of their data.

Smart devices are now a fact of life – they touch almost every part of our existence. Yet smart home devices have now further eroded our right to privacy. In this article we take a look at just how these devices have reduced our ability to resist an invasion of privacy - and just why we need to be aware of how that…

In this second part of a two part series we will be taking a look at how online retailers are taking steps to mitigate against the almost inevitable threat to data from hackers that seems part and parcel of the holiday buying season.

The holiday season in 2016 will see many of these large enterprises up their game in terms of protecting customer data. It’s not as if they have much choice, data breaches in the past have reduced public trust in online retailers – but the latest approaches to ensuring data security go some way to restoring that trust.

In the first part we examined whether a balance can be struck between business imperatives and employee privacy. In this second and final part of the article we delve into just how privacy issues have been treated under the law and delve further into the rights and responsibilities of both employer and employee.

It's not quite the world of George Orwell's 1984, but employers and employees are still searching for a meeting of minds when it comes to privacy. Can a balance be struck between business imperatives and employee privacy? In part one of a two-part article we examine just how technology is contributing to a steady…

The question of data privacy has become one that is shaping the business world of the 21st century. With many technologies advancing in leaps and bounds – as well as the increasing importance of ‘The Internet of Things’ the appointment of a professional Data Protection Officer to ensure legal and mandatory compliance…