Privacy Protection Authority handled 146 serious cyber incidents in the past year


by Ifi Reporter Category:Law Jul 24, 2019

The Ministry of Justice's Privacy Protection Authority revealed that it had handled 146 serious cyber incidents in the past year that violated Israel's information protection regulations, while only 103 of them were reported by hacker victims as required. The rest of the cases were revealed following external complaints and interrogations.
Of all the cases, 13% of the cases were in violation of the provisions of the law and regulations, which may expose the organizations to sanctions. In 66% of the cases, the bodies were required to make corrections of defects, but it was determined that there was no violation. According to the Authority's assessment, there are other incidents that were not reported as required by the regulations, the extent of which is not known.
The sector in which most cases were found was insurance and finance (23%), followed by the technology sector (10%), health (10%), communications (8%), education (8%) and the Internet (7%).
The ISA carried out an analysis of the security incidents and found that these were of various types: in 15% of the cases hackers exploited a security breach in a database, theft of passwords and user names in 7% of cases, human engineering, malware and human errors, And inadvertent delivery of unauthorized information or media loss in 8% of cases.
Until now, the PA has tried to deal more with pedagogy and information, but from now on it will begin to use the means of punishment that the regulations provide. The Authority is informed that it is authorized to impose fines - although the scope of the fines is not disclosed.
In addition, the Authority may cancel or temporarily block the database license. It is authorized to publish the violation for the purpose of self-regulation of the information subjects affected by the violation, in other words, it is a type of poisoning.
The Privacy Authority deals solely with the regulation of databases - customer records, commercial information with the names of users or for example private information that is harvested by third parties for publication. This is in contrast to the cyber network, whose function is to supervise information security policy per se. It is still unclear how the work is divided between the two bodies that operate separately from an administrative perspective, and the national cyber law, which they have been waiting for in the industry for a long time, may change the powers.



No comments have been left here yet. Be the first who will do it.

captchaPlease input letters you see on the image.
Click on image to redraw.


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum


No testimonials. Click here to add your testimonials.