Site icon Sophos News

News in brief: Kashmir blocks social media; ‘whaling’ victims revealed; TalkTalk GDPR fine ‘would be £59m’

Your daily round-up of some of the other stories in the news

Social media blocked in Kashmir

ISPs in the Indian states of Jammu and Kashmir have been ordered by the government to block access to 22 social networking services including Facebook, Twitter and WhatsApp for a month. Authorities in Indian-administered Kashmir (pictured) said the ban, which also includes YouTube, Skype, Telegram, Snapchat and Reddit, was because they were “being misused by anti-national and anti-social elements” to incite violence.

The Hindustan Times criticised the “utter uselessness” of the ban, which follows a wave of student protests in the disputed region.

Meanwhile, a lawyer for Facebook, which is fighting a court challenge in India to changes to its privacy policy that allow it to share user data between WhatsApp and Facebook, has told the Supreme Court that users who don’t like the changes are free not to use the services.

KK Venugopal, representing Facebook, told the court in New Delhi: “Those who find the new privacy policy irksome or violative of their fundamental rights can quit. We’ve given full freedom to users to withdraw from Facebook and WhatsApp.”

Google and Facebook revealed as ‘whaling’ victims

Back in March we reported on how a Lithuanian man, Evaldas Rimasauskas, had been charged with a “whaling” attack on two big technology companies that had allegedly cost them $100m.

It wasn’t known at the time of the charge which big tech companies had been hit, but yesterday Fortune revealed that Facebook and Google had been the targets of the alleged heist by Rimasauskas. Both Facebook and Google have confirmed that they had been the targets of the alleged attack.

Fortune said it had unravelled the mystery of which companies had been attacked thanks to “interviews with sources close to law enforcement and other figures”.

Rimasauskas, who denies the charges, is facing extradition proceedings in Lithuania.

TalkTalk could have been fined £59m under GDPR

British companies that were penalised for breaches last year could have faced fines totalling £69m under GDPR, the forthcoming EU-wide data protection laws, rather than the £880,500 they collectively had to pay up.

GDPR, which comes into force across the EU – and which also applies to non-EU businesses that handle the data of EU citizens – brings with it much bigger fines. The maximum fine under existing data protection law in the UK is £500,000; under GDPR the most serious breaches could incur fines of up to €20m, or 4% of global turnover, whichever is the greater.

NCC Group came up with a model that extrapolated from the fines actually imposed for breaches by the Information Commissioner’s Office and calculated what they might be under GDPR. TalkTalk, which last year was slapped with the biggest fine ever in the UK for a data breach – of £400,000 – would have faced a bill of £59m, calculated NCC, while Pharmacy2U, which was fined £130,000, would have faced a bill of £4.4m.

Catch up with all of today’s stories on Naked Security


Exit mobile version