The new decade is off to a promising start, with only 61 disclosed data breaches or cyber attacks.
It’s not all good news, though, as a handful of massive incidents – including the ongoing leaks of medical files in the US – has helped push the number of breached records to 1.5 billion.
There were also several worrying incidents involving European organisations. Let’s take a look at some of them here.
H&M under investigation after massive data breach
A German privacy watchdog is investigating the clothing retailer H&M after it was accused of spying on customer service representatives.
Hamburg’s data protection commissioner said in a statement that a hard drive containing 60 GB of data revealed that managers at H&M’s Nuremberg site kept “detailed and systematic” records on employees’ health, private lives and holiday experiences.
The database was then leaked to other H&M staff who shouldn’t have had access to sensitive employee data.
The data protection officer overseeing the case, Johannes Caspar, said the records, which were accessible to all company managers, showed that employees were comprehensively spied on “in a way that’s unparalleled in recent years”.
H&M told affected employees about the leak in October last year and reported it to their data protection authority.
It has also apologised for the incident and said that it has since implemented measures to better protect employees’ data privacy.
“The local team has taken a range of action and is in close dialogue with all colleagues”, an H&M spokeswoman said in a statement. “Since the incident is in legal examination […] we cannot further comment on that at the moment.”
University Hospital Limerick staff investigated over ‘derogatory’ comments
Several employees at University Hospital Limerick are being investigated for alleged misconduct concerning patients’ personal data.
The staff in question are accused of leaking private health information and posting derogatory comments on Facebook.
The announcement comes after Colette Cowan, the chief executive of the University of Limerick Hospital Group, said she is gravely concerned about breaches of patient data and confidential hospital information.
She added that employees could face disciplinary action for offensive remarks on social media “made in the name of the HSE” or for misusing social media in a way that could inadvertently lead to a data breach.
Additionally, she noted that there are cases of the media breaching sensitive data, as they often take photographs inside hospital premises that could reveal patient information. Likewise, they are liable to record audio of staff without their consent, which could reveal medical information and violate the privacy of staff and patients.
As a result, she says, the hospital group is unable to ensure compliance with data protection regulation and will have to report this as a data breach.
“Unfortunately any slip of standards by a small number of employees does reputational damage to UL Hospitals but most importantly it hurts the people we serve, our patients and our colleagues.”
Ukrainian government says personal data leaked from jobs portal
Job seekers in the Ukraine have been told that their data was leaked from an internal database.
The National Security and Defence Council didn’t say whether the leak, which occurred on a job portal for public sector vacancies, was the result of a cyber attack or an internal error, or how much data was involved, so it’s hard to say how serious the incident is.
However, Ukraine has repeatedly been the target of cyber attacks in recent years, including the NotPetya virus in 2017.
Meanwhile, the Ukraine government asked the FBI for help investigating a suspected cyber attack by Russian state-sponsored hackers on Burisma, the energy provider at the centre of President Trump’s impeachment.