Commonwealth Bank’s potential breach

The sensitive medical information of customers has been left potentially exposed by the Commonwealth Bank. The bank is currently investigating the issue, which centres around the sale of its insurance arm CommInsure to AIA group. It is believed the medical information of an unknown number of customers was made available to other arms of the bank. The Office of the Australian Information Commissioner, the Australian Security and Investment Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) have all been informed.

500 million guest records stolen in hotel breach

The details of around 500 million customers have been stolen following a breach of the Starwood Hotels database. In a statement, the hotel giant said, which is a subsidiary of Marriott, said: “Marriott learned during the investigation that there had been unauthorised access to the Starwood network since 2014. The company recently discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.” The data stolen included payment card numbers and expiration dates, as well as date of birth, gender and reservation dates. Marriott has started sending emails to customers affected.

Google in GDPR trouble

Google has been accused of breaching GDPR requirements by ‘tricking’ users into sharing their data. The GDPR privacy laws, implemented by the EU in May of this year, requires that “the data subject has consented to processing of his or her personal data”. The Norwegian Consumer Council has come out and filed a complaint against Google, alleging that by tracking its users through ‘Location History’ and ‘Web & App Activity’, the tech giant is in breach of GDPR regulations. “In our opinion, the scale in which Google tracks the location of its users breaches the GDPR. Users have not given free, specific, informed and unambiguous consent to the collection and use of location data, particularly considering the scale of tracking going on,” said Gro Mette Moen, acting head of unit, digital services in the Norwegian Consumer Council. The formal complaint has been supported by seven other European consumer organisations.

Amazon decides on ‘HQ2’

After months of deliberation, Amazon has finally come to a decision on where to base their second US headquarters. ‘HQ2’ will be split between Arlington, Virginia and New York City. The new locations will join Seattle as Amazon’s base. An ‘Operations Center of Excellence’ will also be opened in Nashville. The new headquarters are expected to create 50,000 jobs, while the Nashville location will create another 5,000.