The great ICO sweepstakes starts here ...
can I take
1) derisory fine
2) nothing really bad
Personal data linked to 1,000 Customer Delivery Services staff at HP was accidentally emailed to an external third party yesterday. Insiders told us that HP CDS sent the entire employee payroll's info – which contained National Insurance numbers, addresses and salaries – to an unknown party yesterday by accident. An HP …
Try a stunt like that where I work, and it would have been spiked by the outgoing mail filter, which has some very clever rules.
Of course if HP aren't using an outbound mail filter, it does question their competence in the area of advising other people about IT security.
"It is understood that the incident was caused by human error, but HP has processes in place to prevent these types of outcomes, and it is not known why the person did not follow them."
Which is why you take precautions to prevent human error from causing major problems. Like Data Leakage Protection between your internal and external connections. Something that detects things like National Insurance Numbers and PAN details in an email and blocks it from being sent outside the company without additional authorisation.
FFS Exchange 2013 has some of this built in already, its not hard you know!!!
HP were never the greatest in terms of process or reliable technical interaction. However, of late they appear to be in complete meltdown. Systems are a shambles. They've just allocated dedicated account managers for 2 men and a dog SMBs trying to compete with their channel partners. Had some HP chap begging me last week to let him bid for two desktops in one of my accounts. Basically copying their nemesis channel rip-off strategy.
Agree that the ICO is completely toothless. HP will wave their "look at how many people we employ in the UK" knickers at the Department for Business Innovation and Skills and they'll tell them what fine / warning will be acceptable to them.
HP Inc is piloting a paper delivery service for Instant Ink subscribers as it looks to increase the amount of profit it can wring from customers.
The world is going to print fewer and fewer pages now that employees work from both the office and home, so achieving a greater "share of wallet", as it is often referred to by tech execs, is top of mind for print vendors.
According to IDC, some 2.8 trillion pages were printed in 2020, down 14 percent year-on-year (or 450 million fewer sheets) but it may recover to some degree.
Orders for PCs are forecast to shrink in 2022 as consumers confront rising inflation, the war in Ukraine, and lockdowns in parts of the world critical to the supply chain, all of which continue.
So says IDC, which forecast shipments to decline 8.2 percent year-on-year to 321.2 million units during this calendar year. This follows three straight years of growth, the last of which saw units shipped rise to 348.8 million.
Things might be taking a turn for the worse but they are far from disastrous for an industry revived by the pandemic when PCs became the center of many people's universe. Shipments are still forecast to come in well above the pre-pandemic norms; 267 million units were shipped in 2019.
PC and printer giant HP Inc. is boldly but belatedly turning its back on Russia and Belarus due to the continued conflict in Ukraine.
HP was among the first wave of tech companies to suspend shipments to the countries soon after Russia invaded its neighbor on February 24, but now the company's president and CEO Enrique Lores is making the move more permanent.
"Considering the COVID environment and long-term outlook for Russia, we have decided to stop our Russia activity and have begun the process of fully winding down our operations," he said on a Q2 earnings call with analysts.
HP's cybersecurity folks have uncovered an email campaign that ticks all the boxes: messages with a PDF attached that embeds a Word document that upon opening infects the victim's Windows PC with malware by exploiting a four-year-old code-execution vulnerability in Microsoft Office.
Booby-trapping a PDF with a malicious Word document goes against the norm of the past 10 years, according to the HP Wolf Security researchers. For a decade, miscreants have preferred Office file formats, such as Word and Excel, to deliver malicious code rather than PDFs, as users are more used to getting and opening .docx and .xlsx files. About 45 percent of malware stopped by HP's threat intelligence team in the first quarter of the year leveraged Office formats.
"The reasons are clear: users are familiar with these file types, the applications used to open them are ubiquitous, and they are suited to social engineering lures," Patrick Schläpfer, malware analyst at HP, explained in a write-up, adding that in this latest campaign, "the malware arrived in a PDF document – a format attackers less commonly use to infect PCs."
Microsoft has advised its reseller community it needs to pay attention to the debut of improved security tooling aimed at making it harder for attackers to worm their way into your systems through partners.
That service providers can be used to attack their customers is not in dispute: recent exploits targeting ConnectWise, SolarWinds, and Kaseya made that plain. If you need extra proof, recall that just last week the Five Eyes nations’ intelligence agencies urged managed services providers to harden up in the face of increased attacks.
Microsoft currently lets its resellers gain “delegated administration privileges” (DAP) that let them manage a customer's services, software, or subscriptions.
UK watchdogs under the banner of the Digital Regulation Cooperation Forum (DRCF) have called for views on the benefits and risks of how sites and apps use algorithms.
While "algorithm" can be defined as a strict set of rules to be followed by a computer in calculations, the term has become a boogeyman as lawmakers grapple with the revelation that they are involved in every digital service we use today.
Whether that's which video to watch next on YouTube, which film you might enjoy on Netflix, who turns up in your Twitter feed, search autosuggestions, and what you might like to buy on Amazon – the algorithm governs them all and much more.
Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country’s Cyber Security Agency (CSA) on Monday.
The new licensing framework requires vendors that offer penetration testing, and/or managed security operations centers (SOC) to get a licenses, in recognition that they access customers' systems and therefore pose a risk. The measures are effective immediately, although existing vendors have until October 11, 2022 to apply for the required licenses.
Those that fail to acquire the necessary licenses will face a fine up to SG$50,000 (US$36,600) and up to two years in jail.
Warren Buffett's Berkshire Hathaway has taken up a double-digit stake in PC and print biz HP Inc's stock worth about $4.2 billion, a move that sent the company's share price up by 10 percent.
The purchase, confirmed in a SEC filing by the investment vehicle on 6 April, saw roughly 121 million HP shares shift over to the new owner in what can be seen as a vote of confidence in the residual value of HP. This equates to a circa 11.4 percent ownership of the company.
"Berkshire Hathaway is one of the world's most respected investors and we welcome them as an investor in HP," the world's largest printer and second largest PC brand said.
Britain's data watchdog has issued an £80,000 penalty to a financial advisor that dispatched hundreds of thousands of unsolicited text messages during lockdown.
H&L Business Consulting, based in Penrith, Cumbria, was found by the Information Commissioner's Office (ICO) to have sent 378,553 texts between January and June 2020, resulting in more than 300 complaints [PDF].
The spam promoted the debt management scheme devised by UK government as the outbreak of the novel coronavirus morphed into a pandemic. This is despite the fact that H&L Business Consulting was unauthorized by the Financial Conduct Authority to sell regulated financial products or services.
Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018*.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
Biting the hand that feeds IT © 1998–2022