The Week in Cyber Security and Data Privacy in Europe: 19 – 25 February 2024

1,762,845 known records breached in 19 newly disclosed incidents

Welcome to this week’s round-up of the biggest and most interesting news stories in Europe.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.


Publicly disclosed data breaches and cyber attacks: in the spotlight

Ransomware gang Hunters International targets Grand Paris Aménagement

The ransomware group Hunters International has listed Grand Paris Aménagement, a French land use development planning agency, as a victim. The group claims to have exfiltrated 653.8 GB of data.

Data breached: 653.8 GB.

Birchall Foodservice allegedly breached by BlackBasta

UK-based Birchall Foodservice, a wholesale food supplier, has been listed on the BlackBasta ransomware gang website. The exfiltrated data allegedly includes company data, account data, HR data, payroll information, and folders and files from staff. BlackBasta has leaked a sample of the data as proof.

Data breached: 405 GB.


Publicly disclosed data breaches and cyber attacks in Europe: full list

This week, we found 1,762,845 records known to be compromised in Europe, and 19 European organisations suffering a newly disclosed incident. 18 of them are known to have had data exfiltrated, exposed or otherwise breached. None definitely haven’t had data breached.

Organisation(s)SectorLocationData breached?Known data breached
Grand Paris Aménagement
Source
ConstructionFranceYes653.8 GB
Birchall Foodservice
Source
HospitalityUKYes405 GB
Remkes Poultry
Source
ManufacturingNetherlandsYes190 GB
Farmacia al Shefa
Source
HealthcareRomaniaYes150 GB
Bucher and Strauss
Source
FinanceSwitzerlandYes140 GB
Apex Internationale Spedition
Source
TransportGermanyYes100 GB
Delia Cosmetics
Source
ManufacturingPolandYes64 GB
Rapid Granulator
Source
ManufacturingSwedenYes60 GB
torchbyte
Source
TelecomsRomaniaYes45
PSI Software
Source
SoftwareGermanyYesUnknown
Acies SRL
Source
HealthcareItalyYesUnknown
Axel Johnson
Source
ManufacturingSwedenYesUnknown
dasteam ag
Source
Professional servicesSwitzerlandYesUnknown
Acorn Property Group
Source
ConstructionUKYesUnknown
Multiple universities using the Janet Network, including Cambridge and Manchester
Source
EducationUKYesUnknown
Helical Technology
Source
ManufacturingUKYesUnknown
Andfla
Source
AgricultureRomaniaUnknownUnknown

Note: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.


Enforcement

ICO orders leisure centre to stop using facial recognition technology to monitor staff

The UK ICO (Information Commissioner’s Office) has ordered Serco Leisure and several associated community leisure trusts to stop using facial recognition technology to monitor employee attendance as this is “neither fair nor proportionate under data protection law”, according to the UK Information Commissioner.

On the same day the ICO issued this enforcement notice, it published new guidance for using biometric data.


Other news

LockBit ransomware group recovers from law enforcement disruption

Last week, we reported that law enforcers disrupted the LockBit ransomware group. Four days later, the group recovered. Its blog has now reappeared, as well as a leak page containing folders for “dozens” of victims.


Key date

31 March 2024 – PCI DSS v4.0 transitioning deadline 

Version 3.2.1 of the PCI DSS (Payment Card Industry Data Security Standard) is being retired on 31 March, to be replaced by version 4.0 of the Standard. There are more than 50 new requirements in PCI DSS v4.0. You can find out more about them on the PCI Security Standards Council’s website.


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including this weekly round-up;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.