Skip to content

Latest commit

 

History

History
465 lines (294 loc) · 16.9 KB

README.md

File metadata and controls

465 lines (294 loc) · 16.9 KB

Notes on how organisations have responded to cyber security incidents

2020

118118Money
Microsoft

2019

Travelex
Capital One
Hydro

2018

Cathay Pacific
Marriott
British Airways
Singapore Health Services
Dixons Carphone

2017

Equifax
Mersk
Bupa
Life at Parliament View Limited

2016

The Bible Society
Uber
Tescos bank

2015

2014

University of Greenwich
Yahoo

118118Money

March 2020

Customer Email

Screenshot of customer email
7 April

Microsoft

January 2020

Blog

Access Misconfiguration for Customer Support Database
22 January 2020

Travelex

December 2019 - January 2020

Website

CUSTOMER INFORMATION HUB
20 January 2020

We're sorry but our online travel money service isn't available right now.
20 January 2020

Travelex continues to make good progress with its technology recovery
12 January 2020

Updated Travelex Statement on Cyber Incident
8 January 2020

Planned Maintenance
6 January 2020

Twitter

Staying focused on partners and customers remains at the forefront of Travelex’s priorities
1:47PM 13 January 2020

We are making good progress with our technology recovery and are able to start restoring functionality in our partner and customer services
1:46PM 13 January 2020

We have already completed a considerable amount in the background and are now at the point where we are able to start restoring functionality in our partner and customer services
1:45PM 13 January 2020

Statement on IT issues affecting Travelex Services
4:31PM 8 January 2020

Statement on IT issues affecting Travelex Services
8:56PM 2 January 2020

RNS Notifications

Finablr PLC - FIN
Statement regarding share price
18:03 24 January 2020

Finablr PLC - FIN
Statement re Travelex update on cyber incident
7:00AM 8 January 2020

Finablr PLC - FIN
Statement regarding Travelex IT issues
6:14PM 2 January 2020

Capital One

July 2019

Website

Website Banner

Information on the Capital One Cyber Incident
29 July 2019

Holding page
28 July 2019

SEC Notifiations

Capital One Announces Data Security Incident Perpetrator Arrested by Federal Law Enforcement
29 July 2019

Hydro

March 2019

Website

Cyber-attack on Hydro

YouTube

Why Hydro chose to be transparent during cyber-attack
28 October 2019.

The cyber attack rescue operation in Hydro Toulouse
16 Apr 2019.

Cyber attack on Hydro Magnor
2 Apr 2019

Press statements

Hydro subject to cyber attack
19 March 2019

Other press statements relating to the cyber attack

Cathay Pacific

Regulator Response

ICO

Statement: International airline fined £500,000 for failing to secure its customers’ personal data
4 March 2020

Website

Cathay Pacific announces data security event affecting passenger data
24 October 2018

Data security event
24 October 2018

Twitter

We have discovered unauthorised access to some of our passenger data
24 October 2018

The official Twitter account of Cathay Pacific Data Security Event support.
24 October 2018

Marriott

November 2018

Regulator Response

ICO

Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
9 July 2019

Website

Marriott International Update on Starwood Reservation Database Security Incident
9 July 2019

Marriott Provides Update on Starwood Database Security Incident
4 January 2019

Starwood Guest Reservation Database Security Incident
30 November 2018

Marriott Announces Starwood Guest Reservation Database Security Incident
30 November 2018

Twitter

Security Incident
30 November 2018

SEC Notifiations

Marriott International, Inc. (NASDAQ: MAR)
Marriott Announces Starwood Guest Reservation Database Security Incident
Form 8-K
30 November 2018

British Airways

July 2018

Regulator Response

ICO

ICO: Intention to fine British Airways £183.39m under GDPR for data breach
8 July 2019

Website

Customer data theft
6 September 2018

RNS Notifications

International Cons Airlines Group - IAG
UPDATE ON BRITISH AIRWAYS CYBER ATTACK
7:01AM 25 October 2018

International Cons Airlines Group - IAG
Theft of customer data at British Airways - Update
7:01AM 8 July 2019

International Cons Airlines Group - IAG
Theft of Customer Data at British Airways
6:24PM 6 September 2018

Singapore Health Services

June 2018

Public Reports (Committee of Inquiry)

Public report of the committee of inquiry into the cyber attack on Singapore Health Services Private Limited’s patient database on or around 27 June 2018
10 January 2019

Dixons Carphone

June 2018

Regulator Response

ICO

National retailer fined half a million pounds for failing to secure information of at least 14 million people
9 January 2020

DSG Retail Ltd monetary penalty notice
9 January 2020

Website

Important message from dixons carphone
31 July 2018

RNS Notifications

Dixons Carphone PLC - DC
ICO Issues Monetary Penalty Notice under DPR 1998
4:00PM 9 January 2020

Dixons Carphone PLC - DC
Statement re Update on Unauthorised Data Access
7:00AM 31 July 2018

Dixons Carphone PLC - DC
Investigation Into Unauthorised Data Access
7:30AM 13 June 2018

Equifax

September 2017

Public Reports (House Oversight Comittee)

The Equifax Data Breach
December 2018

Regulator Response

ICO

Credit reference agency Equifax fined for security breach
20 September 2018

Equifax Ltd monetary penalty notice
19 September 2018

Website

2017 Cybersecurity Incident & Important Consumer Information

Cybersecurity incident - information for UK consumers
18 August 2018

Press Release

ICO Response
19 September 2018

Equifax Releases Updated Information on 2017 Cybersecurity Incident
1 March 2018

Equifax Announces Cybersecurity Firm Has Concluded Forensic Investigation Of Cybersecurity Incident
2 October 2017

Equifax Releases Details on Cybersecurity Incident, Announces Personnel Changes.
15 September 2017

Equifax Announces Cybersecurity Incident Involving Consumer Information
7 September 2017

Mersk

June 2017 (Not-Petya)

News Articles

The Untold Story of NotPetya, the Most Devastating Cyberattack in History - Wired
22 August 2018

Boomerang Video

Regulator Response

ICO

Warning to SMEs as firm hit by cyber attack fined £60,000 27 June 2017

Bupa

June 2017

Regulator Response

ICO

Bupa fined £175,000 for systemic data protection failures 28 September 2018

Bupa monetary penalty notice
26 September 2018

Life at Parliament View Limited

February 2017

Regulator Response

Estate agency fined £80,000 for failing to keep tenants’ data safe
19 July 2019

Life at Parliament View Limited monetary penalty notice
17 July 2019

The Bible Society

November - December 2016

Regulator Response

Bible Society fined £100,000 after security failings put supporters’ personal data at risk
8 June 2018

The Bible Society monetary penalty notice
31 May 2018

Uber

November 2016

Regulator Response

ICO fines Uber £385,000 over data protection failings 27 November 2018

Uber monetary penalty notice
26 November 2018

Tescos bank

November 2016

Regulator Response

FCA Final Notice
1 October 2018

University of Greenwich

January 2016

Regulator Response

The University of Greenwich fined £120,000 by Information Commissioner for “serious” security breach
21 May 2018

University of Greenwich monetary penalty notice
16 May 2018

Yahoo

November - December 2014

Regulator Response

Yahoo! fined £250,000 after systemic failures put customer data at risk
12 June 2018

Yahoo! UK Services Ltd monetary penalty notice
21 May 2018

U.S. Office of Personnel Management

March 2014

Public Reports (House Oversight Comittee)

The OPM Data Breach How the Government Jeopardized Our National Security for More than a Generation Web Archive
7 September 2016

Other RNS Notifiations

Tissue Regenix Group PLC - TRX
Resolution of Cyber Security Incident
04 February 2020

Tissue Regenix Group PLC - TRX
Notice of cyber security incident
28 January 2020

Fisher (James) & Sons plc - FSJ
Notice of cyber security incident
1:29PM 5 November 2019

Tribal Group PLC - TRB
Statement re data breach
7:00AM 12 August 2019

Urban Exposure PLC - UEX
Urban Exposure plc: Information Security Breach
7:00AM 9 August 2019

Clarkson PLC - CKN
Notice of cyber security incident
29 November 2017

Todo

  • RNS Notifications
  • ICO MPNs
  • Make use of dates consistent
  • Add table of contents

This list is by no means completed. There may be errors, please let me know. I'll be working on updating this over the first few months of 2020. Contributions welcome.