Cyber Bytes banner RPC law

Cyber_Bytes - Issue 24

21 October 2020. Published by Richard Breavington, Partner and Rachel Ford, Associate and Ridvan Canbilen, Associate

Welcome to Cyber_Bytes, our bi-weekly round up of key developments in cyber, tech and evolving risks.

ICO issues regulatory guidance

The ICO has issued guidance on data protection obligations and details on how it will exercise its regulatory functions when taking enforcement action. The guidance refers to a risk-based approach and provides numerous examples as to when the ICO will issue a penalty notice. The examples include breaches where (i) many individuals have been affected, (ii) there has been a degree of damage including distress or embarrassment and (iii) there has been a repeated breach or a failure to rectify a previously identified problem.  

To read more, please click here

12% drop in UK hacking prosecutions in 2019 

Analysis conducted by RPC has shown a 12% decrease in UK hacking prosecutions in 2019, compared to the previous year, despite there being a significant growth in cyber-attacks. Of the 17,600 cases reported for computer hacking in 2019, only 57 led to prosecution. With the task of tracking down cyber criminals being very resource-intensive and with a low success rate, the decline in hacking prosecutions comes as no surprise.  

To read more, please click here.

British Airways - ICO fine 


The ICO has fined British Airways £20m for failing to protect the personal and financial details of more than 400,000 customers, following a data breach that it suffered back in 2018. The fine is the largest issued by the ICO to date, albeit it is a significant reduction to the original £183m fine that was issued against BA in 2019. 

To read more, please click here.

H&M fined for illegal surveillance of employees   

The global fashion chain H&M has been fined a total of €35.3m for the illegal surveillance of several hundred employees. Investigation from the German data protection watchdog found housed within the fashion company's Nuremberg service facility were extensive records of employee information including families, religions and illnesses.    

To read more, please click here.

Cyber Security Victory - Trickbot forced offline 


A US court order obtained by Microsoft has resulted in the take down of the Trickbot botnet's back-end server infrastructure. Infamous for being one of the primary sources of ransomware distribution worldwide, in a coordinated effort with telecoms operators around the world, the botnet can no longer be used.   

To read more, please click here.

ICO investigation into Klarna

An ICO investigation has been opened after marketing emails were inadvertently sent by payments firm Klarna. Individuals are said to have received the marketing emails from Klarna despite never having dealt with the company before. 

To read more, please click here.

Employees' IoT devices increase cyber security risk

A new report into the financial services industry has highlighted a risk of firms being at risk via smart devices connected to business networks. The devices include connected coffee machines, personal medical devices, gym equipment, games consoles and smart toys and connected cars.

To read more, please click here.

Cyber-attack - Norway & Russia 

The Norwegian parliament has suffered a cyber-attack resulting in a compromise of the email accounts of several MPs and employees. Norway have publicly announced that they believe the incident was the result Russian State hackers. Russia has denied any involvement. 

To read more, please click here.