fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Twitter Fined By EU Data Protection Watchdog For GDPR Breach

Twitter Fined By EU Data Protection Watchdog For GDPR Breach

Ireland’s Data Protection Commission fined Twitter €450,000 (~$550,000) for failing to notify the DPC of a breach within the 72-hour timeframe imposed by European Union’s General Data Protection Regulation (GDPR) and to adequately document it.

The GDPR is a user and data privacy regulation that came into effect in the EU on May 25, 2018, and was quickly put to use following four separate complaints against Google, Facebook, Instagram, and WhatsApp on the same day over their use of “forced consent.”

Based on GDPR rules, EU data regulators can impose maximum fines of up to €20 million (about $24.3 million) or 4% of the infringing company’s annual global turnover – whichever is greater – for violations.

“The DPC’s investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach,” the Irish DPC said.

“The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate, and dissuasive measure.”

Also Read: 10 Principles On How To Build A Good Governance Model

Breach caused by an Android app bug

The breach that led to Twitter getting fined today was caused by a four-year-old bug in the Twitter Android app responsible for the inadvertent exposure of protected accounts’ private tweets.

“On 26 December 2018, we received a bug report through our bug bounty program that if a Twitter user with a protected account, using Twitter for Android, changed their email address the bug would result in their account being unprotected,” the breach notification sent to the DPC on January 2019 said.

“This would render their previously protected Tweets (Tweets viewable by only approved followers of the account) public and viewable to anyone. The bug in the code was traced back to a code change made on 4 November 2014.”

Twitter said that it didn’t realize the severity of the issue and the breach until January 3, 2019, which is when the incident response process was activated.

However, as the EU watchdog underlined, even after this, Twitter failed to report the breach on time — within the 72-hour timeframe — given that it was only sent to the Commission on January 8.

The final decision, including details on Article 65 (dispute resolution) process leading to consultations with “all EU supervisory authorities were consulted as Concerned Supervisory Authorities” (the first time since the GDPR was introduced), was published by the European Data Protection Board on its website [PDF].

Twitter fully supported the investigation

Twitter said today that it closely collaborated with the Irish DPC during the investigation which is probably one of the reasons behind why the data watchdog considered the €450,000 fine as “effective, proportionate and dissuasive.”

“Twitter worked closely with the Irish Data Protection Commission to support their investigation,” the company said today. “We have a shared commitment to online security and privacy, and we respect their decision, which relates to a failure in our incident response process.”

“We appreciate the clarity this decision brings for companies and the public around the GDPR’s breach notification requirements. As always, our approach to these incidents will remain one of committed transparency and openness.”

In contrast with today’s decision, Google was fined €100 million last week by the French data protection authority (CNIL) for “advertising cookies on the computers of users of the search engine google.fr, without obtaining prior consent and without providing adequate information.”

Also Read: The Importance Of DPIA And Its 3 Types Of Processing

Google was also fined €50 million in January 2019 for “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us