GDPR

Marriott owner facing huge GDPR breach fine

The owner of the Marriott hotel chain is set to face a £99m fine following a data breach that left thousand of customer details exposed.The fine from the UK’s Information Commissioner’s Office (ICO) comes after the personal data of approximately 339 million guest records globally were breachedd following a cyberattack.Amazon Prime Day deals: see all…


The owner of the Marriott hotel chain is set to face a £99m fine following a data breach that left thousand of customer details exposed.

The fine from the UK’s Information Commissioner’s Office (ICO) comes after the personal data of approximately 339 million guest records globally were breachedd following a cyberattack.

Amazon Prime Day deals: see all the best early offers right here.

The breach was referred to the ICO by Marriott in November 2018 as around 30 million of those customers affected were residents of 31 countries in the European Economic Area (EEA) – and seven million related

Read More

Be the first to write a comment.

Leave a Reply

GDPR

SafeVPN

SafeVPN is a VPN brand run by Network Connect, the company behind brands such as PrivacyWeb and UltraVPN.(There are several similarly named providers, but we’re talking about the service based at SafeVPN.com, and not SafeVPN.net or SaferVPN.com.)Windscribe, a positive sign as it’s an excellent VPN.Want to try SafeVPN? Check out the website hereSome descriptions seem…

SafeVPN is a VPN brand run by Network Connect, the company behind brands such as PrivacyWeb and UltraVPN.

(There are several similarly named providers, but we’re talking about the service based at SafeVPN.com, and not SafeVPN.net or SaferVPN.com.)

Windscribe, a positive sign as it’s an excellent VPN.

  • Want to try SafeVPN? Check out the website here

Some descriptions seem misleading, or confused. A claim to ‘load videos and websites fast’ makes it sound like SaferVPN will speed up your connection, rather than slow it down. And while the features page of the website says the service protects up to 5 devices at the same time, the front page says 3 (turns out the smaller figure is correct.)

Headline prices look good, though mostly that’s because there’s an introductory discount. Monthly billing is $6.99 for the first month, $8.99 on renewal; this drops to $4.99 over 6 months, then $9.98 on renewal (yes, really – more expensive than the monthly plan); and although the first term of the annual plan looks cheap, at $2.99 a month, it jumps to $7.50 after that.

What’s more, this only gets you support for connecting up to three devices. You can upgrade to support unlimited devices for a further $2.92 a month over the first year, rising to $5.83 afterwards. By year two that means you might be paying $13.33 a month on the annual plan to cover unlimited devices.

If you sign up direct with Windscribe, instead, you’ll be able to access the same servers from unlimited devices for only $4.08 a month on its annual plan. Or if price is your top priority, Surfshark’s two-year plan is a tiny $1.99 a month. Putting that into perspective, SafeVPN charges $125.87 to protect 3 devices for two years; Windscribe asks $97.92 to protect unlimited devices, and Surfshark just $47.76.

Website

SafeVPN is quite vague about the amount of logs the service keeps on its users (Image credit: Network Connect)

Privacy and logging

Privacy is an issue with every VPN, but the SafeVPN website does its best to reassure you, stating that ‘We promise not to sell your browsing history’ and ‘We won’t keep a log of what you access.’ 

That’s a good start, but the small print often tells a different story, so we headed off to the SafeVPN Privacy Policy to try to find out more. 

The document is lengthy and packed with detailed clauses and GDPR-related jargon, but, unfortunately, it’s mostly about general website and business procedures, with no clear information about the VPN.

The only extra details we could find were in a brief support document, which stated ‘Safe VPN does not monitor your internet searches, or visited websites. We do, however, note the IP of your device and monitor the amount of traffic you put through the Safe VPN servers…’

It seems that there’s some degree of session logging, but how much? At a minimum, the system might be recording a single incoming IP address as it connects, and maintaining a running total of bandwidth used. But it’s also possible that SafeVPN is keeping a record of every session, with incoming and outgoing IP addresses. There’s not enough information here to say for sure.

Windows App

This is the user interface of SafeVPN’s Windows client (Image credit: Network Connect)

Windows client

Setting up SafeVPN was mostly straightforward, though with some odd moments. ‘Your antivirus protection starts here’, a web page said as we were signing up. Antivirus protection?

The Windows client has a familiar interface which, if you’ve ever used another VPN app, you’ll recognize right away. A central console displays your current location and gives you a big Connect button; other locations are available on a simple list, and there are a couple of useful configuration options in a Settings box.

The client’s location list doesn’t have a ‘Best’ or ‘Automatic’ selection to access the nearest server, unfortunately, and there’s no Favorites system to speed up re-connecting to your most commonly used locations. The server list does enable choosing either countries or the locations within them, though (useful, as there are nine locations in the eastern US alone). It also highlights servers which specialize in video streaming or support P2P.

Choose a location, click Connect, and desktop notifications make it clear what the client is doing, and when you do get connected, the client interface updates to indicate its status and display your new IP address.

Settings

You can choose your preferred VPN protocol from SafeVPN’s settings panel (Image credit: Network Connect)

The Settings panel gives you options to load the client when Windows starts, to automatically connect to the best or last connection, and to enable a firewall (SafeVPN’s name for its kill switch), which automatically blocks your internet connection if the VPN connection drops.

We tested the client by forcibly closing the VPN connection, and found it coped very well. The interface updated to tell us there was a problem; the kill switch correctly blocked internet access for all other apps; the client automatically tried to reconnect to the VPN, and a desktop notification told us when we were protected again.

Overall, this was a decent performance, but the Windows client was still short on many of the features we see in other top VPN clients. There’s no way to change or reconfigure your protocol, for instance (it’s OpenVPN-only.) There are no DNS options, and no automatic protection whenever you access an insecure or untrusted network. VPN newbies may appreciate SafeVPN’s simplicity, but more demanding or experienced users will be frustrated by its lack of power.

Mobile apps

We wanted to check out the Android app, but, well… 

Google Play Listing

We tried several times but ultimately we were unable to download SafeVPN’s Android app from the Play Store (Image credit: Google)

There’s an Android page on the website with a ‘get it on Google Play’ button, but clicking it got us Google’s ‘we’re sorry, the requested URL was not found on this server’ error message.

We searched Google Play manually and founds lots of VPNs with similar names, but no luck – they were all from different providers.

We opened a live chat window, and a support agent responded within a couple of minutes. But when we explained the problem, he just told us to search on Google Play. What, it was too difficult to post the URL directly into chat?

We tried again, still no result. He paused for a moment, then told us to go to the Android page we’d visited first. 

We explained we had, and pasted the dead link. He said, okay, and told us to enter the URL download.safevpn.com on an Android device.

Switching to an Android device, we entered the URL, and got the same Google Play ‘we’re sorry, the requested URL was not found on this server’ error we’d seen at the beginning. And that’s where we gave up.

SafeVPN advertises an iOS app, too, and when we clicked the website link, it took us to a real product. But unfortunately, it wasn’t a SafeVPN product, but Total AV’s iOS app, a security, cleanup and maintenance suite, where the VPN is one of many functions (and as far as we can tell, not provided by SafeVPN.)

Maybe there’s a perfectly reasonable explanation for this, it’s some temporary issue, and will all be cleared up by the time you read this. But if you’re buying SafeVPN for use on a mobile device, if only occasionally, don’t take the website’s word about the apps on offer. At the very least, find them on your app stores before you buy.

Performance

The SafeVPN website claims the service can ‘unlock restricted content’, ‘from video streaming to social networks’, and provides twelve examples: Amazon, BBC iPlayer, Facebook, Google, HBO, Hulu, Instagram, LinkedIn, Skype, Twitter, WhatsApp and YouTube.

These aren’t just empty words. The SafeVPN Windows client includes specialist unblocking servers for the UK, UK, Canada and Japan. And they worked perfectly in our tests, getting us into BBC iPlayer, US Netflix, Amazon Prime Video and Disney+, a great result.

New Speedtest Image

SafeVPN performed quite well in our speed tests (Image credit: Ookla)

Our performance tests showed above-average speeds from the UK, with our nearest UK server reaching 65-68Mbps on our test 75Mbps line, and UK to US and European locations achieving a solid 40-65Mbps.

Re-running our tests from a European data center with a 350Mbps+ connection gave us a chance to see what the service could do, and an excellent 150-200Mbps was the result.

The review ended with some mixed results in our privacy tests, though, with the Windows client showing a DNS leak when connected via IKEv2, but no problems at all when connected via OpenVPN.

Final verdict

SafeVPN has taken the excellent Windscribe service, made it much worse (3 device limit, no mobile apps, misleading website), and then, after the introductory deal, added a massive and totally unjustified price premium. If you like the speed and great unblocking performance, go direct to Windscribe, you’ll be much better off.

  • We’ve also highlighted the best VPN

Read full review

Read More

Continue Reading
GDPR

This ransomware steals your data and threatens to report you for a GDPR violation

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a…

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.

As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a password. They are using an automated script to scan for misconfigured MongoDB databases, wiping them and then demanding that a ransom of 0.015 bitcoin or around $140 be paid.

Victor Gevers at the Dutch Institute for Vulnerability Disclosure back in April.

  • EU report says GDPR still isn’t really working fully
  • Major data breach exposes database of 200 million users
  • MongoDB Cloud b

Read More

Continue Reading
GDPR

Sync.com review

Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.In a lot of respects, Sync.com is similar to Dropbox, though…

Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.

In a lot of respects, Sync.com is similar to Dropbox, though it doesn’t have quite as many features (such as the ability to sync files outside the main folder). What it does offer that Dropbox doesn’t have, however, is end-to-end encryption for maximum file security.

  • You can sign up for Sync.com here

Sync.com features

The core functionality of Sync.com is to keep a folder on your system in sync with the cloud and any other computers where you’ve got the client software installed. It’s all very simple to set up and use, though you could reasonably point out that Sync.com isn’t really offering anything you can’t get elsewhere from better-known services – ones that come with office apps, better mobile integration, and so on.

The platform supports versioning, so you can go back to older versions of files if you need to – and in a generous move from Sync.com, these older versions don’t count against your storage quota. Once you’re a paying customer, these older versions can be kept indefinitely, otherwise they’ll automatically be wiped after 30 days.

Basic file and folder sharing is supported on the Sync.com platform too, and there’s also support for advanced sharing controls with password protection and expiry dates on links. Mobile apps are available – with automatic photo and video uploading, should you need it – and if you sign up for a team account then you get provision for keeping your data compliant with standards like HIPAA, GDPR and PIPEDA.

Actually, one of Sync.com’s features is its lack of features: a focus on the core functionality that matters, keeping your data secure, private and well-managed between multiple computers (and multiple users, if needed). If that appeals, and you want several terabytes of space for not much money per month, it’s worth checking out.

Sync.com

(Image credit: Future)

Sync.com interface

Installing Sync.com on Windows or macOS is a relatively painless exercise, and the application places a folder on your hard drive – anything dropped in here then syncs to the cloud and to any other computers where you’ve got the software installed. Network drives and external drives can’t be included, nor can files and folders outside of your main Sync.com folder, so the software is a little bit limited in that way.

The web interface is slick and easy to use, and offers another way of getting your files up to the cloud. If you prefer, you

Read More

Continue Reading
GDPR

New DIFC Law expected to bring enhanced governance and transparency obligations

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving…

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.

Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving organisations just a few months to make necessary changes required to bring compliance frameworks into line with the new law.

The new Data Protection Law replaces Data Protection Law DIFC Law No 1 of 2007, which was already one of the most advanced in the region, places Dubai and DIFC at the forefront of data protection in the region and enabling the financial hub to enhance the Centre’s data protection practices related to global data, security and privacy best practice.

It is now more important than ever for companies to have a data management strategy to ensure data compliance is taking place within an organisation – both from an operational and cultural perspective.

By encouraging data responsibility and implementing the latest data management tools, businesses can do their bit in preparing themselves for DPL 2020.

The new DPL 2020 law will actively benefit companies in a range of ways. Not only will it manage data effectively and ensure data compliance, but it will also increase companywide efficiency; provide a competitive advantage and protection against malware attacks.

The new DIFC Law reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR) seen by many as the ‘gold standard’ for data protection compliance.

“From our previous experience in preparing for the GDPR coming into force, we recommend that organisations should start planning now. In particular, organisations should prioritise fact gathering and other time-intensive tasks such as contract remediation,” Kellie Blyth, head of Data and Technology at Baker McKenzie, said.

However, she said that there are some key differences between the GDPR and new DIFC Law, which organisations should be aware of.

“The new DIFC Law requires Controllers and Processors to appoint a DPO [data protection officer] if they carry out high-risk processing activities on a systematic or regular basis or if required to do so by the Commissioner.

“If a Controller or Processor is not required to appoint a DPO, the organisation must allocate responsibility within its organisation for oversight and compliance with its data protection obligations under the new DIFC Law (or any other applicable data protection law),” she said.

Time to act

The DPO must reside in the UAE, Blyth said unless the DPO is employed within the organisation’s group and performs a similar function for the group on an international basis.

Blyth urged organisations in the DIFC to move swiftly to review their current data processing practices and to identify where their existing data protection policies and procedures will need to be updated to reflect the requirements of the new law.

 “An important difference between the new DIFC Law and the GDPR is that DPOs are required to conduct an annual assessme

Read More

Continue Reading