Weekly Threat Report - 12th July 2019
ICO issues notice of major fines for BA and Marriott
British Airways (BA) and US hotel group Marriott are facing significant fines, following high profile data breaches reported in 2018.
The Information Commissioner’s Office (ICO) has issued notices of intent to fine BA a record £183m, whilst Marriott faces a £92.2m penalty. You can read the ICO’s statements on their website.
The data breach which affected British Airways was reported in September 2018. Customers on the BA website were diverted to a fraudulent site, where details of around 500,000 users were stolen. The airline has said that it is “surprised and disappointed” by the fine. The NCSC has previously issued advice for British Airways customers.
Marriott’s breach, which was reported in 2018 but is thought to date back to 2014, saw millions of users affected. Marriott also expressed its disappointment, stating the company will “contest” the ICO penalty. The NCSC has also provided advice for Marriott customers.
The ICO has the power to act against organisations that are deemed to have not taken appropriate care of users’ data and those who infringe the General Data Protection Regulation (GDPR), which came into force last year.
If you are concerned that your details have been affected by a data breach, then there are some steps you can take to help mitigate the risk:
The NCSC has published top tips for staying secure online. You may also want to visit ‘have I been pwned’ (or other similar services), which can tell you whether your details have been previously compromised, and alert you to future leaks so that you can update your password if necessary.
It’s good practice to use two-factor authentication on your sensitive accounts and the NCSC recommends that you have unique passwords for all of your accounts.
You should also remain vigilant to suspicious phone calls or targeted emails. We have guidance which looks at the issue, impact and mitigation of phishing following data breaches.
Members of the public that think they have been a victim of online crime can also report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.
Zoom fixes video-on vulnerability
Following widespread media coverage on what was considered a “low-risk” vulnerability, Zoom has pushed out a patch to fix a zero-day vulnerability for Mac users who have the Zoom app installed.
It was reported that the vulnerability could allow hackers to access Mac webcams, forcing users to launch a video chat.
However, security researcher Jonathan Leitschuh, who discovered the flaw, said not all Macs were vulnerable.
Zoom has addressed the issue on its blog, and you can update the Zoom app from their download centre.
Software and app updates contain vital security updates to help protect your devices from cyber criminals. The NCSC has guidance on patching available.