Safely move on from COVID-19

Cyber and Information Security News: Your Friday Roundup

Welcome to your latest cyber and information security news roundup from around the globe.

MyFitnessPal & Under Armour breach

If you were desperately looking for an excuse to not exercise, here it is.

American fitness brand Under Armour, the company that owns MyFitnessPal, has revealed that the personal data of about 150 million of its app users had been stolen. It is thought that the breach occurred in February but wasn’t discovered until 25th March.

An Under Armour spokesperson said that “the company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.”

The stolen data includes email addresses and encrypted passwords and all users have been instructed to change their login credentials immediately.

Royal Mail gets fined £12,000 by the ICO

The Information Commissioner’s Office found that on 2 days in July 2017, Royal Mail Ltd sent ‘nuisance emails’ to 327,014 people. The recipients had all previously opted out of receiving marketing from the organisation, therefore had not given consent.

Steve Eckersley, Head of Enforcement at the ICO said “Royal Mail did not follow the law on direct marketing when it sent such a huge volume of emails, because the recipients had already clearly expressed they did not want to receive them.

“These rules are there for a reason – to protect people from the irritation and, on occasions, distress nuisance emails cause. I hope this sends the message that we will take action against companies who flout them.”

Royal Mail initially claimed legitimate interest, saying that the emails were a service rather than marketing. However, as the content of the emails were promoting a drop in Royal Mail prices, the ICO found that the organisation had broken the law.

Oh, Facebook…

They just can’t seem to catch a break at the moment.

On Wednesday Facebook revealed that attackers would be able to harvest user’s phone numbers using the platform’s search facility. Before the attack had been made, users were able to search for a friend using their phone number or email. The attackers, in this case, used the search function to link phone numbers and emails to names and locations.

Security experts advise that if you did not change the security settings of your account after adding your phone number, you can assume that this data has most likely been harvested.

Matt Hancock, Secretary of State for Digital, Culture, Media and Sport had this to say:

Want to learn more about cyber security?

Not ready to get started? Subscribe to receive more articles like this.

The information in this blog is for general guidance and does not constitute legal advice.


Phone:   +44 (0)1273 041140