So you have the option to report to the ICO and look like a good boy or not report and line yourself up for the top tier of fines for not doing so if the ICO disagrees with your risk assessment of the breach. Deciding whether to report or not is also a risk assessment, of course. Does the quality of assessment on whether to report indicate anything about the quality of assessment of the breach?
Thomas Cook website spills personal info – and it's fine with that
Holidaymakers who used Thomas Cook Airlines had their personal information spilled onto the internet no thanks to basic coding cockups. Norwegian programmer Roy Solberg came across an enumeration bug that leaked the full name of all travelers on a booking, the email addresses used, and flight details from Thomas Cook Airlines …
COMMENTS
-
This post has been deleted by its author
-
-
Tuesday 10th July 2018 23:12 GMT Anonymous Coward
GDPR requires reporting of data leak except when it doesn't :]
"the controller shall .. notify the personal data breach to the supervisory authority .. unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons."
So, no sanctions for such leaks and no requirement to report such leaks to the leaked-on. The only practical effect I've seen is multiple click-boxes on websites and some US websites blocking access in Europe.
-
Wednesday 11th July 2018 12:40 GMT Aodhhan
What a bunch of $$$7
In good faith, I believe the company should publish the names and PERSONAL emails of all company board members and those holding the position of VP and above.
If they will do this, then I'll go along with them saying this is a LOW vulnerability... but you know they will never do this.
-
Thursday 12th July 2018 13:25 GMT Crisp
"After being alerted to this unauthorised access"
Except it wasn't an unauthorised access. The system was doing exactly what it was designed to do.
What they have there is an unauthorised disclosure. They had a duty of care regarding that data and they left it on a window sill where anyone could take a gander.