TechLetters #89 UK election cyberrisk with zero risk, Swiss bug bounty, businesses destroyed by a breach, Indirect/inferred data are #GDPR protected data

Security

Voting for the new UK prime minister postponed. NCSC/GCHQ warned that the system contains a weakness and potentially someone else could exploit it to cast votes or change the votes casted. The system apparently allowed casting votes multiple times? Oops. Anyway, the impact would be negligible because only two persons, from the same party, are competing.

Switzerland’s government started a bug bounty program. Federal/governmental systems aBre open for testing. Which ones? “as many systems as possible in the federal administration”.

List of confirmed businesses destroyed by cyberattacks. The list is obviously incomplete. But indeed, impacts of cyberattacks/breach may lead to bankruptcy and going out of business. Privacy

UK emergency health service disrupted. Described as a cyberattack. Not clear what was the issue, some software (Adastra) system is affected. This may have caused an influx of physical GP (medical) visits, or the system was preparing for this.

Privacy

Indirect/inferred data are protected by GDPR. The processing of data that may indirectly indicate sensitive data is equivalent to processing of sensitive data and is subject to protection. Very important disambiguation, probably also applies to processing for the purposes of e.g. targeting ads.

Private information on Twitter accounts accessed. Data breach. Data on "5.4 million users" potentially affected. That would make it among the biggest breaches of the kind since #GDPR entered into force.

---

In case you feel it's worth it to forward this content further:

If you’d like to share: