Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web.

The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to examine and verify the authenticity of the data.

The data contained usernames, email addresses, and passwords that appear to be scrambled with the SHA-2 algorithm, making the passwords near impossible to unscramble. The data also contained account sign-up dates and the last-login date. It also included the country from which the user signed up, their internet (IP) address, and links to profile photos.

We verified a portion of the data by validating emails against the site’s sign-up feature.

The exact amount of data stolen isn’t known. The seller said there were 20 million records, but listed 21 million records on the dark web. But the data we sampled suggested there may have been as many as 22 million records.

The data was listed for sale for $ 4,000, or about 0.5 bitcoin. We’re not linking to the dark web listing.

Mixcloud last year secured a $ 11.5 million cash injection from media investment firm WndrCo, led by Hollywood media proprietor Jeffrey Katzenberg.

It’s the latest in a string of high profile data breaches in recent months. The breached data came from the same dark web seller who also alerted TechCrunch to the StockX breach earlier this year. The apparel trading company initially claimed its customer-wide password reset was for “system updates,” but later came clean, admitting it was hacked, exposing more than four million records, after TechCrunch obtained a portion of the breached data.

An email to Mixcloud’s press mailbox bounced, and its last listed public relations agency told TechCrunch it no longer represents the company.

As a London-based company, Mixcloud falls under U.K. and European data protection rules. Companies can be fined up to 4% of their annual turnover for violations of European GDPR rules.

Corrected the fourth paragraph to clarify that emails were validated against the site’s sign-up feature, and not the password reset feature.

Read more:


TechCrunch

Editor’s note: Drew is a geek who first worked at AOL when he was 16 years old and went on to become a senior writer at TechCrunch. He is now the VP of Communications for venture equity fund Scaleworks.

There are a few ways that people use Twitter, but for the most part the ones who have pushed the social platform into the national lexicon are regular users who like to communicate with each other using the thing. They’re the ones who use it a lot. They’re the ones who make Twitter go.

Now, mind you, I’m an extreme case. I share a lot. I’ve shared my cancer diagnoses, my stem cell treatment, new jobs, my wedding. And the loss of my father Barry.

Today, Twitter announced that it will reclaim dormant accounts. That is, if you haven’t logged into yours for a long time, it is considered inactive and will be included in the reclamation process.

At first I thought that was pretty cool. There are a ton of accounts that get squatted on, forcing new users to use crappy AOL-like names, such as Joe583822. No fun at all. And these accounts aren’t even in use! As in not active.

No big deal.

But then I saw this:

My heart sank. And I cried. You see, I didn’t think about this. It is a big deal.

My father’s Twitter account isn’t active. He passed away over four years ago. My Dad was a casual tweeter at best. He mostly used it because I, well, overused it. And it was charming. Once in a while he’d chime in with a zinger of a tweet and I’d share it humbly with the folks who kindly follow me.

He got a kick out of that, and so did I. I still do. I still read his tweets, and from time to time I still share them with you. It’s my way, odd or not, of remembering him. Keeping his spirit alive. His tweets are timestamped moments that he shared with the world.

And Twitter is sweeping them up like crumpled-up paper and junk in a dustbin.

Surely, my father isn’t the only person who has passed away and left a Twitter account unkept — or, as the company puts it, “inactive.” I can think of a few others. And I get even more upset at the thought of their thoughts disappearing. I might not remember everyone we’ve lost, but not being able to recall something they’ve said or shared in the past is depressing.

When people ask me why I use Twitter so much, it’s mostly because I see the platform as a living organism. It’s not perfect. In fact, it’s awful sometimes. Lately, a lot of times.

During events and during holidays it’s almost as if that tiny little app on my phone has a pulse. And a heart. Because of course it does: It’s full of human beings with feelings and real thoughts. That’s what makes Twitter Twitter.

And just because someone’s pulse no longer beats doesn’t mean their thoughts no longer matter.

I sincerely hope that Twitter didn’t think about this first and reverse course. Perhaps they’ll offer a way to memorialize an account. I don’t have my dad’s login. I can’t “wake up” his account to keep it safe. I am truly sad at the thought of losing some of his quirky nerdy tweets.

Especially this one:

My dad thought I was the only person on the damn site and I never corrected him or schooled him on Twitter. He used it the way he wanted to, and that reminds me of the person he was. If you take that away from me, then what is Twitter anyway?

Facebook allows you to memorialize someone’s page and that’s pretty great. Unfortunately, my father’s page was deactivated and deleted without my having been consulted. By the time I realized it was gone, Facebook told me there was nothing it could do. It was really traumatizing for me and my other family members. So many interactions there, thoughts, smiles. A timeline. No, a time capsule.

Just gone. Like my dad.

Big tech companies are good at a lot of things, but what they seem to lack is collective empathy and heart. When humans use the things you build and you stop treating them like humans, but rather like bits and bytes and revenue dollars, you’ve given your soul away. And maybe it’s just me getting older, but I’ve had about enough of it.

To quote the late great Barry Olanoff:

Think about it, Twitter. Do better. Because every time you make me question your humanity, I’m one step closer to not being that whale of a user that helped get you here in the first place.


TechCrunch

Over 30 civil rights organizations have penned an open letter that calls on government officials to investigate Amazon Ring’s business practices and end the company’s numerous police partnerships. The letter follows a report by The Washington Post in August that detailed how over 400 police forces across the U.S. have partnered with Ring to gain access to homeowners’ camera footage.

These partnerships have already raised concerns with privacy advocates and civil liberties organizations, who claim the agreements turn neighbors into informants and subject innocent people to greater risk and surveillance.

Had the government itself installed a video network of this size and scope, it would have drawn greater scrutiny. But by quietly working with Ring behind the scenes, law enforcement gets to tap into a massive surveillance network without being directly involved in its creation.

The new letter from the civil rights groups demand that government officials put an end to these behind-the-scenes deals between Amazon and the police.

“With no oversight and accountability, Amazon’s technology creates a seamless and easily automated experience for police to request and access footage without a warrant, and then store it indefinitely,” the letter reads. “In the absence of clear civil liberties and rights-protective policies to govern the technologies and the use of their data, once collected, stored footage can be used by law enforcement to conduct facial recognition searches, target protesters exercising their First Amendment rights, teenagers for minor drug possession, or shared with other agencies like ICE or the FBI,” it says.

Additionally, the letter points out these police deals involve Amazon coaching cops on how to obtain surveillance footage without a warrant. It also notes that Ring allowed employees to share unencrypted customer videos with each other, including in offices based in Ukraine. And it raises concerns about Amazon’s potential plans to integrate facial recognition features into Ring cameras, based on patents it filed.

The groups also point to the map released by Amazon Ring, which now shows over 500 cities with Amazon-police partnerships across the U.S.

The groups’ letter is not the first to demand action.

Senator Edward J. Markey (D-Mass.) also last month wrote to Amazon to get more information about Ring and its relationships with law enforcement agencies.

But unlike Sen. Markey’s investigative letter to Amazon’s Ring, today’s letter has specific demands for action. The groups are asking mayors and city council members to require their local police departments to cancel their Ring partnerships. The groups also want local government officials to pass new surveillance oversight ordinances that will ensure police departments can’t enter into any such partnerships in the future.

And they want Congress to investigate Ring’s dealings with police more closely.

The letter itself was published online and signed by the following organizations:

Fight for the Future, Media Justice, Color of Change, Secure Justice, Demand Progress, Defending Rights & Dissent, Muslim Justice League, X-Lab, Media Mobilizing Project, Restore The Fourth, Inc., Media Alliance, Youth Art & Self Empowerment Project, Center for Human Rights and Privacy, Oakland Privacy, Justice For Muslims Collective, The Black Alliance for Just Immigration (BAJI), Nation Digital Inclusion Alliance, Project On Government Oversight, OpenMedia, Council on American-Islamic Relations-SFBA, Million Hoodies Movement for Justice, Wellstone Democratic Renewal Club, MPower Change, Mijente, Access Humboldt, RAICES, National Immigration Law Center, The Tor Project, United Church of Christ, Office of Communication Inc., the Constitutional Alliance, RootsAction.org, CREDO Action, Presente.org, American-Arab Anti-Discrimination Committee, and United We Dream.

According to Evan Greer, Deputy Director at Fight for the Future, the letter has not yet been mailed. But the plan, going forward, is to use it in local organizing when groups on the ground make deliveries to local officials in cities where the partnerships are live.

“Amazon has created the perfect end-run around our democratic process by entering into for-profit surveillance partnerships with local police departments. Police departments have easy access to surveillance networks without oversight or accountability,” said Greer. “Amazon Ring’s customers provide the company with the footage needed to build their privately owned, nationwide surveillance dragnet. We’re the ones who pay the cost – as they violate our privacy rights and civil liberties. Our elected officials are supposed to protect us, both from abusive policing practices and corporate overreach. These partnerships are a clear case of both,” Greer added.


TechCrunch

Internet providers are real bastards: they have captive audiences whom they squeeze for every last penny while they fight against regulation like net neutrality and donate immense amounts of money to keep on lawmakers’ good sides. So why not turn the tables? Here are 13 ways to make sure your ISP has a hard time taking advantage of you (and may even put it on the defensive).

Disclosure: Verizon, an internet provider guilty of all these infractions, owns TechCrunch, and I don’t care.

1. Buy a modem and router instead of renting

The practice of renting a device to users rather than selling it or providing it as part of the service is one of the telecommunications industry’s oldest and worst. People pay hundreds or even thousands of dollars over years for equipment worth $ 40 or $ 50. ISPs do this with various items, but the most common item is probably the modem.

This is the gadget that connects to the cable coming out of your wall, and then connects in turn (or may also function as) your wireless and wired router. ISPs often provide this equipment at the time of install, and then charge you $ 5 to $ 10 per month forever. What they don’t tell you is you can probably buy the exact same item for somewhere between $ 30 and $ 100.

The exact model you need will depend on your service, but it will be listed somewhere, and they should tell you what they’d provide if you ask. Look online, buy a new or lightly used one, and it will have paid for itself before the year is out. Not only that, but you can do stuff like upgrade or change the software on it all you want, because it’s yours. Bonus: The ISP is limited in what it can do to the router (like letting other people connect — yes, it’s a thing).

2. Avoid service calls, or if you can’t, insist they’re free

I had an issue with my Comcast internet a while back that took them several visits from a service tech to resolve. It wasn’t an issue on my end, which was why I was surprised to find they’d charged me $ 30 or so every time the person came.

If your ISP wants to send someone out, ask whether it’s free, and if it isn’t, tell them to make it free or ask if you can do it yourself (sometimes it’s for really simple stuff like swapping a cable). If they charge you for a visit, call them and ask them to take it off your bill. Say you weren’t informed and you’ll inform the Better Business Bureau about it, or take your business elsewhere, or something. They’ll fold.

When someone does come…

3. Get deals from the installer

If you do end up having someone come out, talk to them to see whether there are any off the record deals they can offer you. I don’t mean anything shady like splitting cables with the neighbor, just offers they know about that aren’t publicized because they’re too good to advertise.

A lot of these service techs are semi-independent contractors paid by the call, and their pay has nothing to do with which service you have or choose. They have no reason to upsell you and every reason to make you happy and get a good review. Sometimes that means giving you the special desperation rates ISPs withhold until you say you’re going to leave.

And as long as you’re asking…

4. Complain, complain, complain

This sounds bad, but it’s just a consequence of how these companies work: The squeaky wheels get the grease. There’s plenty of grease to go around, so get squeaking.

Usually this means calling up and doing one of several things. You can complain that service has been bad — outages and such — and ask that they compensate you for that. You can say that a competing ISP started offering service at your location and it costs $ 20 less, so can they match that. Or you can say your friend just got a promotional rate and you’d like to take advantage of it… otherwise you’ll leave to that phantom competitor. (After all, we know there’s often little or no real competition.)

What ISPs, and, more importantly, what their customer service representatives care about is keeping you on as a customer. They can always raise rates or upsell you later, but having you as a subscriber is the important thing.

Note that some reps are more game than others. Some will give you the runaround, while others will bend over backwards to help you out. Feel free to call a few times and do a bit of window shopping. (By the way, if you get someone nice, give them a good review if you get the chance, usually right after the call or chat. It helps them out a lot.) Obviously you can’t call every week with new demands, so wait until you think you can actually save some money.

Which reminds me…

5. Choose your service level wisely

ISPs offer a ton of choices, and make it confusing on purpose so you end up picking an expensive one just to be sure you have what you need. The truth is most people can probably do pretty much everything they need on the lowest tier they offer.

A 1080p Netflix stream will work fine on a 25 Mbps connection, which is what I have. I also work entirely online, stream high-def videos at a dozen sites all day, play games, download movies and do lots of other stuff, sometimes all at the same time. I think I pay $ 45 a month. But rates like mine might not be advertised prominently or at all. I only found out when I literally asked what the cheapest possible option was.

That said, if you have three kids who like to watch videos simultaneously, or you have a 4K streaming setup that you use a lot, you’ll want to bump that up a bit. But you’d be surprised how seldom the speed limit actually comes into play.

To be clear, it’s still important that higher tiers are available, and that internet providers upgrade their infrastructure, because competition and reliability need to go up and prices need to come down. The full promise of broadband should be accessible to everyone for a reasonable fee, and that’s still not the case.

6. Stream everything because broadcast TV is a joke

Cord-cutting is fun. Broadcast TV is annoying, and getting around ads and air times using a DVR is very 2005. Most shows are available on streaming services of some kind or another, and while those services are multiplying, you could probably join all of them for well under what you’re paying for the 150 cable channels you never watch.

Unless you really need to watch certain games or news shows as they’re broadcast, you can get by streaming everything. This has the side effect of starving networks of viewers and accelerating the demise of these 20th-century relics. Good ones will survive as producers and distributors of quality programming, and you can support them individually on their own merits. It’s a weird transitional time for TV, but we need to drop-kick them into the future so they’ll stop charging us for a media structure established 50 years ago.

Something isn’t available on a streaming service? 100 percent chance it’s because of some dumb exclusivity deal or licensing SNAFU. Go pirate it for now, then happily pay for it as soon as it’s made available. This method is simple for you and instructive for media companies. (They always see piracy rates drop when they make things easy to find and purchase.)

This also lets you avoid certain fees ISPs love tacking onto your bill. I had a “broadcast TV fee” on my bill despite not having any kind of broadcast service, and I managed to get it taken off and retroactively paid back.

On that note…

7. Watch your bill like a hawk

Telecoms just love putting things on your bill with no warning. It’s amazing how much a bill can swell from the quoted amount once they’ve added all the little fees, taxes and service charges. What are they, anyway? Why not call and ask?

You might find out, as I did, that your ISP had “mistakenly” been charging you for something — like equipment — that you never had nor asked for. Amazing how these lucrative little fees tend to fall through the cracks!

Small charges often increase and new ones get added as well, so download your bill when you get it and keep it somewhere (or just keep the paper copies). These are really handy to have when you’re on the phone with a rep. “Why wasn’t I informed my bill would increase this month by $ 50?” “Why is this fee more now than it was in July?” “Why do I pay a broadcast fee if I don’t pay for TV?” These are the types of questions that get you discounts.

Staying on top of these fees also means you’ll be more aware when there are things like mass refunds or class action lawsuits about them. Usually these have to be opted into — your ISP isn’t going to call you, apologize and send a check.

As long as you’re looking closely at your bill…

8. Go to your account and opt out of everything

When you sign up for broadband service, you’re going to get opted into a whole heap of things. They don’t tell you about these, like the ads they can inject, the way they’re selling this or that data or that your router might be used as a public Wi-Fi hotspot.

You’ll only find this out if you go to your account page at your ISP’s website and look at everything. Beyond the usual settings like your address and choice of whether to receive a paper bill, you’ll probably find a few categories like “privacy” and “communications preferences.”

Click through all of these and look for any options to opt out of stuff. You may find that your ISP has reserved the right to let partners email you, use your data in ways you wouldn’t expect and so on. It only takes a few minutes to get out of all this, and it deprives the ISP of a source of income while also providing a data point that subscribers don’t like these practices.

9. Share your passwords

Your friend’s internet provider gets him streaming services A, B and C, while yours gives you X, Y and Z. Again, this is not about creators struggling to get their content online, but rather all about big media and internet corporations striking deals that make them money and harm consumers.

Share your (unique, not reused!) passwords widely and with a clean conscience. No company objects when you invite your friends over to watch “Fleabag” at your house. This just saves everyone a drive!

10. Encrypt everything and block trackers

One of the internet companies’ many dirty little deals is collecting and selling information on their customers’ watching and browsing habits. Encrypting your internet traffic puts the kibosh on this creepy practice — as well as being good security.

This isn’t really something you can do too much to accomplish, since over the last few years encryption has become the rule rather than the exception, even at sites where you don’t log in or buy anything. If you want to be sure, download a browser plug-in like HTTPS everywhere, which opts you into a secure connection anywhere it’s available. You can tell it’s secure because the URL says “https://” instead of “http://” — and most browsers have other indicators or warnings as well.

You should also use an ad blocker, not necessarily to block ads that keep outlets like TechCrunch alive (please), but to block trackers seeded across the web by companies that use sophisticated techniques to record everything you do. ISPs are among these and/or do business with them, so everything you can do to hinder them is a little mud in their eye.

Incidentally there are lots of ways you can protect your privacy from those who would invade it — we’ve got a pretty thorough guide here.

11. Use a different DNS

Bryce Durbin / TechCrunch

On a similar note, most ISPs will usually be set up by default with their own “Domain Name Service,” which is the thing that your browser pings to convert a text web URL (like “techcrunch.com”) to its numerical IP address.

There are lots of these to choose from, and they all work, but if you use your ISP’s, it makes it much easier for them to track your internet activity. They also can block certain websites by refusing to provide the IP for content they don’t like.

TechCrunch doesn’t officially endorse one, but lots of companies offer free, fast DNS that’s easy to switch to. Here’s a good list; there are big ones (Google, Cloudflare), “open” ones (OpenDNS, OpenNIC) and others with some niche features. All you need to do is slot those two numbers into your internet configuration, following the instructions they provide. You can change it back at any time.

Setting up a VPN is another option for very privacy-conscious individuals, but it can be complicated. And speaking of complicated…

12. Run a home server

This is a bit advanced, but it’s definitely something ISPs hate. Setting up your home computer or a dedicated device to host a website, script or service seems like a natural use of an always-on internet connection, but just about everyone in the world would rather you sign up for their service, hosted on their hardware and their connection.

Well, you don’t have to! You can do it on your own. Of course, you’ll have to learn how to run and install a probably Unix-based server, handle registry stuff, install various packages and keep up to date so you don’t get owned by some worm or bot… but you’ll have defied the will of the ISP. That’s the important thing.

13. Talk to your local government

ISPs hate all the things above, but what they hate the most by far is regulation. And you, as a valued citizen of your state and municipality, are in a position to demand it. Senators, representatives, governors, mayors, city councils and everyone else actually love to hear from their constituency, not because they desire conversation but because they can use it to justify policy.

During the net neutrality fight, a constant refrain I heard from government officials was how much they’d heard from voters about the issue and how unanimous it was (in support, naturally). A call or email from you won’t sway national politics, but a few thousand calls or emails from people in your city just might sway a local law or election. These things add up, and they do matter. State net neutrality policies are now the subject of national attention, and local privacy laws like those in Illinois are the bane of many a shady company.

Tell your local government about your experience with ISPs — outages, fees, sneaky practices or even good stuff — and they’ll file it away for when that data is needed, such as renegotiating the contracts national companies sign with those governments in order to operate in their territories.

Internet providers only do what they do because they are permitted to, and even then they often step outside the bounds of what’s acceptable — which is why rules like net neutrality are needed. But first people have to speak out.


TechCrunch

Flying cars, or at least their functional equivalent, edge closer to reality every day – and startup Kitty Hawk wants you to know it’s putting in the flying time to make it happen. The company, led by former Google self-driving car visionary Sebastian Thrun, has now flown its first aircraft, the one-person Flyer, over 25,000 times. That includes both its excursions as a prototype that resembled a flying motorcycle or ATV, and in its current, more refined, mostly enclosed cockpit design.

Flyer is now one of two aircraft that Kitty Hawk is working on bringing to market, alongside its Cora two-person, autonomous taxi built in collaboration with Boeing. Flyer is a one-person, human piloted aircraft designed primarily for recreational use, and Kitty Hawk has said it’s refined the vehicle to the point where someone with no experience can learn to fly it in 15 minutes. The company is currently looking for applications for potential partners who want to deploy it in their communities, and it does seem like the type of thing that might do well as an organized excursion activity at a travel destination or resort.

There’s no info on pricing or actual availability yet, but there was a limited Founder Series pre-order for individual purchasers with deep pockets. The aircraft features pontoons and is designed for use over water, and it can fly between three and 10 ft above the surface with vertical take-off and landing capabilities.

Personally, I’d probably opt for the flying jet-ski over paragliding if it was on offer at a vacation spot, so here’s hoping this actually finds a path to commercialization somewhat soon.


TechCrunch

Adam Neumann, the co-founder and chief executive of the international real estate co-working startup, WeWork, has reportedly cashed out of more than $ 700 million from his company ahead of its initial public offering.

The size and timing of the payouts, made through a mix of stock sales and loans secured by his equity in the company, is unusual considering that founders typically wait until after a company holds its public offering to liquidate their holdings.

Despite the loans and sales of stock, first reported by The Wall Street Journal, Neumann remains the single largest shareholder in the company.

According to the Journal’s reporting, Neumann has already set up a family office to invest the proceeds and begun to hire financial professionals to run it.

He’s also made significant investments in real estate in New York and San Francisco, including four homes in the greater New York metropolitan area, and a $ 21 million 13,000 square-foot house in the Bay Area complete with a guitar shaped room (I guess a fiddle would be too on the nose). In all, Neumann reportedly spent $ 80 million on real estate.

Neumann has also invested in commercial real estate (the kind that WeWork leases to provide workspace with more flexible leases for companies and entrepreneurs), including properties in San Joes, Calif. and New York. Indeed four of Neumann’s properties are leased to WeWork — to the tune of several million dollars in rent. According to the Journal, Neumann will transfer those property holdings to a WeWork-controlled fund.

The WeWork chief executive has also invested in startups in recent years. He’s got an equity stake in seven companies including: Hometalk, Intercure, EquityBee, Selina, Tunity, Feature.fm, and Pins, according to CrunchBase.

The rewards that Neumann is reaping from the loans and stock sales are among the highest recorded by a private company executive. In recent years, Evan Spiegel sold $ 8 million in stock and borrowed $ 20 million from Snap before its 2017 public offering and Slack Technologies chief executive Stewart Butterfieldsold $ 3.2 million of stock before Slack’s public offering in June.

The only liquidation of stock and other payouts that have been disclosed which come close to Neumann’s payouts are the $ 300 million that GroupOn co-founder Eric Lefkofksy’s sold before his company’s IPO and the over $ 100 million that Mark Pincus took off the table ahead of Zynga’s offering.

WeWork declined to comment for this article.

 


TechCrunch

The UK’s Information Commissioner is starting off the week with a GDPR bang: this morning, it announced that it has fined British Airways and its parent International Airlines Group (IAG) £183.39 million ($ 230 million) in connection with a data breach that took place last year that affected a whopping 500,000 customers browsing and booking tickets online. In an investigation, the ICO said that it found “that a variety of information was compromised by poor security arrangements at [BA], including log in, payment card, and travel booking details as well name and address information.”

The fine — 1.5% of BA’s total revenues for the year that ended December 31, 2018 — is the highest-ever that the ICO has levelled at a company over a data breach (previous “record holder” Facebook was fined a mere £500,000 last year by comparison).

And it is significant for another reason: it shows that data breaches can be not just just a public relations liability, destroying consumer trust in the organization, but a financial liability, too. IAG is currently seeing volatile trading in London, with shares down 1.5% at the moment.

In a statement to the market, the two leaders of IAG defended the company and said that its own investigations found that no evidence of fraudulent activity was found on accounts linked to the theft (although as you may know, data from breaches may not always be used in the place where it’s been stolen).

“We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, British Airways chairman and chief executive. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”

Willie Walsh, International Airlines Group chief executive, added in his own comment that “British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

The degree to which companies are going to be held accountable for these kinds of breaches is going to be a lot more transparent going forward: the ICO’s announcement is part of a new directive to disclose the details of its fines and investigations to the public.

“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham in a statement. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The ICO said in a statement this morning that the fine is related to infringements of the General Data Protection Regulation (GDPR), which went into effect last year prior to the breach. More specifically, the incident involved malware on BA.com that diverted user traffic to a fraudulent site, where customer details were subsequently harvested by the malicious hackers.

BA notified the ICO of the incident in September, but the breach was believed to have first started in June. Since then, the ICO said that British Airways “has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light.” But it should be pointed out that even before this breach, there were other examples of the company treating data protection lightly. (Now, it seems BA has learned its lesson the hard way.)

From the statement issued by IAG today, it sounds like BA will choose to try to appeal the fine and overall ruling.

While there are a lot of question marks over how the UK will interface with the rest of Europe over regulatory cases such as this one after it leaves the EU, for now it’s working in concert with the bigger group.

The ICO says it has been “lead supervisory authority on behalf of other EU Member State data protection authorities” in this case, liaising with other regulators in the process. This also means that these authorities where its residents were also affected by the breach will also have a chance to provide input on the ruling before it is completely final.


TechCrunch

Created by R the Company. Powered by SiteMuze.