Data Transfers in the Dock as Yahoo Admits New Data Breach Affecting a Billion Users

Yahoo Offices

In the latest damaging data breach to afflict Yahoo, the company has admitted that personal data belonging to an estimated 1 billion users was stolen in a 2013 cyber-attack, following an earlier admission that 500m accounts had been targeted in 2014.

 

The new hack, labelled by some analysts as “the biggest in history”, brings further reputational damage to Yahoo and has led to speculation that the forthcoming $4.8bn takeover of Yahoo by US corporation Verizon could be at risk.

 

Yahoo’s EMEA headquarters is based in Ireland, and the Irish Data Protection Commissioner immediately released a statement (15.12.16) on the ODPC website expressing its concerns, and its intention to investigate Yahoo further.

 

Noting that they would be taking steps to conclude whether European Data Protection laws had been breached, the Irish DPC highlighted Yahoo’s “obligations … to ensure any processor to which it transfers personal data (in this case to Yahoo Inc) provides sufficient guarantees in respect of the technical security measures governing the processing”.

 

Previously in November 2016, and responding to an earlier data breach affecting Yahoo, the Irish Data Commissioner Helen Dixon told a Dublin audience of data protection professionals that her office was already investigating whether Yahoo’s Irish operation “was complicit” regarding its role in transferring data to the US.

 

Furthermore Commissioner Dixon stressed that “Irish entities of US operations must understand there will be consequences” in case of breaches involving cross-border data transfers.

 

Sources :

https://www.ft.com/content/e86e92f8-c2bd-11e6-9bca-2b93a6856354

https://www.dataprotection.ie/docs/15-12-2016-DPC-statement-on-Yahoo-data-breach/1607.htm

 

the challenge - wizuda case studies

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be  considered:

  • Geographically dispersed stakeholders
  • Highly commercially sensitive documentation
  • No internal IT involvement
  • Multiple stakeholders required to collaborate on
    single documents
the solution- wizuda case studies

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish 

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly

Quick Contact