Another Privacy Law is Online!
Hello all, and happy Thursday!
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: August 11, 2022
In this edition of Privacy Insider, I wanted to draw attention to one of our stories in particular — the recent cyberattacks launched against Cloudflare and Twilio.
In both cases, the attackers contacted employees and their family members on their work and home phone numbers, sending text messages disguised as company communications. The messages persuaded employees to log in to a fake site, claiming that their account info or schedule had changed. Once the employees logged in, the site would download and install remote desktop software and harvest their login credentials.
Both Twilio and Cloudflare employees fell for the phishing attack, but Cloudflare managed to avoid having the attackers gain access to their systems. That’s because Cloudflare security requires employees to use physical hardware keys to log into their systems — which some undoubtedly thought was a little paranoid until now.
These attacks are particularly noteworthy considering the security-conscious nature of both companies. Twilio provides communication and authentication solutions, while security lies at the heart of all of Cloudflare’s products and services. If they’re vulnerable to cyberattacks, then what company isn’t?
That’s just it — nobody is impervious to cyberattacks. Companies can and should invest in their cybersecurity, but so long as they’re staffed by imperfect, fallible human beings, hackers will always be able to socially engineer their way into internal systems. The best we can do is reduce the odds of their success (such as by requiring the use of physical hardware keys and other security measures) and mitigate the damage they can do once inside (such as by employing healthy data privacy practices).
Breaches are a common way for businesses' poor data privacy practices to come to light. Just keep your eye on this newsletter — you’ll see plenty of headlines where companies get hit by penalties after exposing customer data to cybercriminals.
Best,
Arlo
Cloudflare and Twilio targeted by similar phishing attacks
Twilio, which provides two-factor authentication and communication services, was recently targeted by a phishing attack in which hackers acquired employees’ credentials and gained access to sensitive internal systems, according to a statement released by the company. Two days later, Cloudflare, a content delivery network and DDoS mitigation company, was attacked in a similar manner, leading security experts to believe the same group was behind the attacks. Cloudflare ultimately avoided a compromise due to their use of hardware-based multi-factor authentication keys.
Read more
Amazon acquires iRobot, gaining access to maps of consumers’ home interiors
Amazon and iRobot recently released a joint statement declaring Amazon’s acquisition of iRobot for $1.7 billion. Should the deal go through, Amazon will gain access to interior maps of consumers’ homes gathered by iRobot’s Roomba product. The acquisition will complement other Amazon products centered on gathering household data and the internet of things, such as Ring.
Read more
Adtech giant Criteo faces $65M fine in France for GDPR consent breaches
Criteo, a major French adtech company, has been fined €60 million (~$65 million) by French data protection authorities. After receiving complaints from Privacy International and noyb (also known as none of your business, Max Schrems’ privacy advocacy group), the Commission nationale de l'informatique et des libertés (CNIL) found that Criteo lacked sufficient legal bases for using a suite of tracking techniques and data processing practices designed to profile web users.
Read more
Facebook catches lucky break in Europe
After Irish data protection authorities released a draft decision that would block Meta’s data transfers from the EU to the US, the social media company indicated that such a block might force them to shut down Facebook and Instagram in Europe. However, other European data protection authorities have issued technical objections against the draft order, which are anticipated to take several months to resolve.
Read more
Data privacy (non)compliance: How enforcement works
Ever wanted to know more about how businesses become noncompliant in the first place? Our most recent blog article breaks down what noncompliance looks like and how data privacy enforcement works.
Read more
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.