The first month since EU General Data Protection Regulation (GDPR) came into force has seen a new wave of cyber fraud in France. Rogues appear to be taking advantage of common fears of state penalties and are increasingly gouging money out of enterprises.
The regulation, effective since May 25, oversees new rules of the handling and spread of personal data and stipulates staggering fines if the regulation is not observed. This notably plays into hackers’ hands, as by threatening to publish sensitive data, they force companies to pay them directly. The latter are more likely to covertly pay hackers than pay fines to the French regulator, the National Commission for Computer Science and Freedoms (Commission Nationale de l’Informatique et des Libertés.)
“They hack a company’s IT system and threaten with massive data leaks to demonstrate that the company mishandles data,” said Charles Préaux, founder and director of Cyber Protection Engineering School at the Higher National School for Engineers of the University of Southern Brittany (École Nationale Supérieure d’Ingénieurs de Bretagne-Sud – ENSIBS), in an interview with Sputnik.
He went on to note that harmful software, or in simpler terms, new viruses, pop up in the cyberspace every four seconds, adding that taking into account how much time, effort, money and human labor goes in to detecting, analyzing and coming up with counter-measures to the viruses, it stands to reason that “hackers enjoy an incredible advantage over us.”
“To give political promises, saying that France should serve as an example [in battling cybercrimes] – let the prime minister employ all the necessary means to this end – is all very good, but it’s really, really difficult to attain this both in the state and private sector.”
Yannick Harrel, professor and cyber strategy specialist and author of several books on cyberspace, has also chimed in on the debate, noting that hackers are perfectly aware of enterprises, including small, medium and big businesses, being unready to fully apply the new GDP Regulation.
“This is all more likely about blackmailing, as hackers know that this or that company hasn’t taken necessary steps in this direction […] Companies fear leaks, although the stipulated punishment is not that harsh.”
The corporate sector’s fears appear to be quite justified, though. In one of most recent incidents, the French data protection authority CNIL announced a decision to impose a whopping 250,000 euro fine on Optical Center, a French company selling eye and hearing aids, following its failure to secure the data of customers that had ordered products on its website. The fine is the highest penalty, according to HelpNetSecurity website, ever issued by French authorities for a security breach — and it happened before the GDPR came into force. The latter stipulates even higher fines, which are up to 4 percent of a company’s annual global turnover.
CNIL fines housing company 75K euros for failing to protect user data
France’s data protection authority, the CNIL, fined the Association for the Development of Homes 75,000 euros for insufficiently protecting user data. An investigation conducted in June 2017 found a modification of the ADEF’s website URL allowed anyone to view user information, including names, dates of birth, addresses, marital statuses, salaries, tax notices, passports and identity cards. The CNIL informed the ADEF to remedy the leak but found the organization had not addressed the vulnerability after another inspection was conducted a few days later. The agency fined the ADEF for failing to take the proper measures to protect user data under Article 34 of the Computer and Liberties law. (Original article is in French.)
This article is sponsored by:
Show your customers that you care about their privacy! European Center for GDPR Certification is the “Consumer Trust Body” of the General Data Protection Regulation. Visit GDPRcertified.org to read about how to add “GDPR TRUST SEAL”™ to your website in order to gain more business and distance you from the not so serious competitors – It Pays Off!