|
|
Cyber Daily: EU Decision Frees U.K. to Handle Europeans’ Personal Data | Kroger's Pharmacy, Clinic Data Breached
|
|
|
|
|
|
|
|
Good day. European Union officials granted the U.K. a sweeping arrangement that will allow companies to continue moving personal data between the jurisdictions, pending approval from the union’s 27 member countries and privacy regulators, WSJ Pro's Catherine Stupp reports.
Other news: Supply-chain attacks take a toll at Kroger, city governments in California and Washington; convenience-store chain Wawa agrees to settle lawsuit after 2019 attack; most companies won't require workers get Covid-19 vaccine, in part because of the privacy burden.
And more!
Follow us on Twitter @WSJCyber.
|
|
|
|
|
|
|
|
A draft EU decision, if approved, would let British and European companies easily move personal data between jurisdictions. PHOTO: CHRIS RATCLIFFE/BLOOMBERG NEWS
|
|
|
|
Deemed adequate: U.K. officials sought a so-called data adequacy decision from the EU to enable easy data transfers after the country left the bloc last year. The EU has so far approved only 12 other such arrangements, with countries including Canada, Japan and New Zealand, deeming their privacy laws strong enough to protect Europeans’ data.
Without an adequacy decision, companies must use alternative legal methods to transfer data, such as contracts preapproved by the European Commission, the EU’s executive arm. That route adds time and costs to business decisions, privacy lawyers say.
Adequacy “is a hell of a lot less work,” said Stephen Hunt, chief data protection officer at U.K.-based accounting software firm Sage Group PLC.
Read the full story.
|
|
|
|
|
Another Accellion victim: Grocery chain Kroger Co. said Friday personal information about pharmacy and in-store clinic customers was exposed when a file-transfer tool from one of its tech vendors was hacked in December. Some employee records were also compromised, Kroger said, adding that grocery store data and systems weren't affected.
|
|
|
|
An Accellion spokesman said the vendor is working with outside investigators to assess the original hack and newly discovered vulnerabilities affecting its FTA tool. It has issued patches.
Kroger "discontinued the use of Accellion's services," it said, and continues to investigate to understand the scope of the breach. The company is notifying customers and employees. Other organizations caught up in the Accellion episode include:
-
Reserve Bank of New Zealand
-
Washington State Auditor's Office
-
Jones Day
-
Singapore Telecommunications Ltd.
|
|
|
Ransomware strike: An attack at Automatic Funds Transfer Services, which processes payments and verifies addresses, triggered data breaches in California and Washington. The California Department of Motor Vehicles said the last 20 months of vehicle registration records, but not driver's license data, are at risk. The department stopped using the service and contacted the FBI.
|
|
|
|
Several cities in Washington also revealed breaches related to the incident at Automatic Funds Transfer Services, including Seattle, Redmond, Monroe and Kirkland. (Bleeping Computer)
|
|
|
10
|
|
Number of days it took E & J Gallow Winery to discover a cyberattack in November that exposed the names, Social Security numbers, driver’s license numbers, and financial account numbers of 19,176 employees, former employees and applicants for employment.
|
|
|
|
Settlement: Convenience-store chain Wawa agreed to a to settle a class-action lawsuit after a 2019 cyberattack on its payment systems. If approved by a federal judge, the agreement would have Wawa pay up to $9 million to consumers affected by the attack, which occurred between March 4 and Dec. 12, 2019. The chain would have to make about $35 million worth of improvements to its cybersecurity systems. (Philadelphia Inquirer)
|
|
|
|
|
|
|
|
|
IBM's Watson Health has struggled for market share. PHOTO: SUZANNE KREITER/THE BOSTON GLOBE/GETTY IMAGES
|
|
|
|
Watson Health and privacy: IBM is exploring the sale of Watson Health, an AI unit whose marquee product was supposed to help doctors diagnose and cure cancer. Watson Health has struggled for market share in the U.S. and abroad and currently isn’t profitable. It has also run into privacy concerns over how health data was being collected. IBM wouldn’t comment about the sale, but said Watson Health has had successes over the years. (WSJ)
|
|
|
Cruz control: United Airlines is looking into who leaked data about the flight plans of Sen. Ted Cruz (R., Texas) last week, revealing that he rebooked his ticket to return earlier than planned. Mr. Cruz acknowledged the change on Fox News. (Politico)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
