>

Equifax slapped with UK’s maximum penalty over 2017 data breach

Equifax slapped with UK’s maximum penalty over 2017 data breach

Credit rating giant Equifax has been issued with the maximum possible penalty by the UK’s data protection agency for last year’s massive data breach.

Albeit, the fine is only £500,000 because the loss of customer data occurred when the UK’s prior privacy regime was in force — rather than the tough new data protection law, brought in via the EU’s GDPR, which allows for maximum penalties of as much as 4% of a company’s global turnover for the most serious data failures.

So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months — thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers.

Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.

The UK data protection regulator is involved because up to 15 million UK citizens’ data was also breached in the attack. And while the hack compromised Equifax’s US systems, the UK citizens’ data was being processed in the US.

The UK’s Information Commissioner’s Office (ICO) said today that the UK arm of Equifax failed to take adequate steps to ensure its US parents was protecting this data.

Reporting the result of its investigation, the ICO said Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 — including, failure to secure personal data; poor retention practices; and lack of legal basis for international transfers of UK citizens’ data.

“Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law,” said information commissioner Elizabeth Denham in a statement. “We are determined to look after UK citizens’ information wherever it is held.”

“The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce. This is compounded when the company is a global firm whose business relies on personal data,” she added.

The regulator’s investigation, carried out in parallel with the UK’s financial regulator, the Financial Conduct Authority, revealed multiple failures at the credit reference agency.

The ICO says it found that measures that should have been in place to manage personal information were “inadequate and ineffective”, and there were also “significant problems” with data retention, IT system patching, and audit procedures.

It flags the fact that the US Department of Homeland Security had warned Equifax Inc about a critical vulnerability as far back as March 2017, noting that “sufficient steps to address the vulnerability were not taken meaning a consumer facing portal was not appropriately patched”.

“Many of the people affected would not have been aware the company held their data; learning about the cyber attack would have been unexpected and is likely to have caused particular distress,” added Denham, emphasizing the reasons for the ICO to issue the maximum possible penalty for the breach.

The ICO also recently issued Facebook with the same level of fine for allowing user data on up to 87 million Facebook users to be scraped by a third party app which used it to try to build voter targeting models, selling this as a service to a political consultancy involved in US elections.

“Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it,” she continued. “Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine.”

Equifax has responded with disappointment to the ICO’s decision. In a statement responding to the ICO’s ruling, a company spokesperson said: “We have received the Monetary Penalty Notice from the Information Commissioner’s Office (ICO) on Wednesday afternoon and are considering the detailed points made. Equifax has cooperated fully with the ICO throughout its investigation, and we are disappointed in the findings and the penalty.

“As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect. The criminal cyberattack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.

“Data security and combatting criminal digital activity is an ongoing battle for all organisations that requires continued innovation and attention. We have acted and continue to act to make things right for consumers. They will always be our priority.”

The company points to a number of changes it says it has made in response to the incident to strengthen its policies and processes, and also highlights ongoing investments in infrastructure and corporate governance procedures, including hiring additional IT staff, which are intended to improve the resilience of its systems to hack attacks.

However it does concede that the breach itself was the result of internal process failings, given that a file containing historical consumer information which should have been deleted was not.

And the key point here is that the ICO’s decision is based on scrutinising exactly what happened that led to the breach occurring.

How a company has acted since a security crisis will be taken into consideration, as part of the overall picture, but having shut the barn door after the horse has bolted is only going to get so much credit vs the reasons for the barn door not being properly secured in the first place. And that’s as it should be given the point of data protection legislation is to encourage companies to prioritize security, not overlook it.

In the Equifax decision the ICO writes: “The Commissioner has also taken into account her underlying objective in imposing a monetary penalty notice, namely to promote compliance with the DPA [data protection act]. She considers that, given the nature, seriousness and potential consequences of the contravention arising in this case, that objective would not be adequately served by an unduly lenient penalty.”

Equifax slapped with UK’s maximum penalty over 2017 data breach
Source: TechCrunch

Twitter’s former Head of People EMEA joins VC firm Atomico as Partner

Twitter’s former Head of People EMEA joins VC firm Atomico as Partner

Atomico, the European venture capital firm founded by Skype’s Niklas Zennström, is announcing a number of new hires to its investment team, including new Partner Caroline Chayot, who previously led the EMEA HR team at Twitter.

I’m told she’ll be working alongside existing Atomico Partner Dan Hynes, who was formerly the Director of Global Staffing at Skype, with the pair helping meet increased demand from Atomico’s portfolio companies for talent support.

At Twitter, Chayot is said to have supported the leadership team in scaling the social media behemoth from two to six markets, growing the team from 80 based in London to 500 across the region. Prior to that she worked at Google in HR for 9 years.

In addition, Irina Haivas has joined Atomico as Principal. The former surgeon and former surgical fellow at Harvard Medical School (yes, you read that correctly) previously worked at healthcare investor GHO Capital Partners. She’ll focus on sourcing investment opportunities in machine intelligence-enabled businesses, synthetic biology, robotics and other “frontier technologies”.

The other new members of the 30-strong Atomico investment team are:

  • Senior Associate Annalise Dragic, a recent Stanford MBA graduate and who was a member of LinkedIn’s Strategy & Analytics Leadership Program’s inaugural class. She’ll be focusing on the U.K.
  • Associate Luca Eisenstecken, a German native who spent the last two years in San Francisco with Vector Capital. He’ll be covering Germany, Austria and Switzerland.
  • Associate Christina Fa, who grew up in Australia and New Zealand and joins Atomico from Google’s Corporate Finance team in Mountain View. She’ll be focusing on the Nordics and Baltic regions.
  • IR Associate Gunita Bhasin, who joins Atomico from Deutsche Bank and has lived and studied in India, Singapore, Turkey, and the U.K. She’ll support long-time Head of IR Camilla Richards in managing Atomico’s relationships with its global investor base.

Finally, it would be remiss of me not to mention Atomico’s new addition to its communications team. Eleanor Warnock, formerly with the Wall Street Journal, has joined the VC firm as Communications Manager. The hack-turned-flack will work alongside Atomico’s Head of Communications Bryce Keane to help raise the profile of the firm’s portfolio companies internationally.

Meanwhile, it’s that time of year again. Atomico has launched its latest State of European Tech survey, where it seeks your help in capturing a data-driven snapshot of the current European tech ecosystem and to confront a number of myths along the way. You can read TC’s analysis of the 2017 report here, and if you’d like to contribute, this year’s survey can be found here.

Twitter’s former Head of People EMEA joins VC firm Atomico as Partner
Source: TechCrunch

How to play music on HomePod

How to play music on HomePod

Here’s everything you need to know about playing music on HomePod, including: How to play music on HomePod without subscribing to Apple Music, how to play music from Spotify/YouTube/Amazon, or simply play tunes from your iTunes Music Library. We also run through the questions you can ask Siri to play the tracks you want on HomePod.
How to play music on HomePod
Source: Mac World How To

Withings returns from the dead with Steel HR Sport watch

Withings returns from the dead with Steel HR Sport watch

Withings returns from the dead with Steel HR Sport watch

Any time a smaller company is gobbled up by a larger one, you assume the worse. In the case of Nokia buying Withings, that’s more or less what happened. First Nokia launched a handful of products under its own name and ultimately dropped the French health hardware company altogether.

Four months ago, one of Withings’ co-founders bought the brand back from Nokia. And today, the innovative French hardware company returns with a new take on an old product. The Steel HR Sport. It’s a welcome return for what had become one of my favorite fitness trackers, prior to the brand’s untimely demise, back in May.

The Steel line’s simplicity has always been among its most appealing features. The original, launched in 2014, was one of the early hybrid smartwatches — a fairly standard analog timepiece that hides some smart features below the surface. The devices feature a small monochrome display up top for notifications and menus, along with a small secondary gauge embedded in the face that displays the percentage toward a daily fitness goal.

The Steel HR Sport brings some key updates to the line, including the ability to track 30 different activities, including yoga, volleyball, rowing, boxing, skiing and ice hockey. The watch also provides “Fitness Level Assessments,” which gauge things like VO2 max to provide a better overall picture of health. And while there’s no GPS built in, the watch uses the phone to track distance, elevation and pace and map runs.

Aside from the aesthetic appeal, battery life has always been one of the biggest upsides of these hybrid devices, and the new watch certainly fits the profile with 25 days on a charge, plus an additional 20 days in standby mode. That means that, unlike much of the competition, the watch actually can track daytime and nighttime activity, without needing to recharge.

Unlike the Steel HR, which came in both 36 and 40mm sizes, the HR Sport is only available in the latter — though that’s still quite a bit more compact than a number of smartwatches on the market. It’s available today for $200.

Withings returns from the dead with Steel HR Sport watch
Source: TechCrunch