Luckily it’s the German data protection commissioner investigating this time.
But on the plus side the built in monitoring can be handy.
1 Like
Not the first time, not will it be the last I suspect that long term airport valet parking deals have been found to be suspect.
3 Likes
Indeed. Or mechanics. I remember this story being on the local news a few years back where the dash cam footage showed the car being driven at speed around Cribbs Causeway (which is impressive cause the traffic jams there are usually horrendous)… Although there was an unexpected twist in the tale!
So rather than do anything about the errant mechanic the dealership banned the customer? - hmmm… 
1 Like
I know right… They’re a funny lot in Bristol 
All in favour of it, I think our last Tiguan had geofencing though we never used it. I want as much data from a car as possible, I just don’t want some spotty youths in Tesla trawling through it and putting it up on the web 
Only the US military seems to encourage that 
@Gareth As for the Mercedes dealership, their arrogance doesn’t surprise me. The last time I dealt with a UK one , a couple of years ago, they were pretty useless. On the other hand our local one has a service manager from the old school. In December '21 we left our hybrid in for a service just prior to driving up the ferry and they discovered rongeurs has chewed through the high voltage batter lead (amazing because it’s sealed into the boot) and he moved heaven and earth to get a battery (I guess you can’t just replace the lead) from Germany in time for us to leave. Didn’t work out in the end but 100% for customer service
4 Likes
A Mercedes garage in a posh location in Berkshire swopped out my original heavy duty battery from my newish company Merc that was in for a routine service, for a smaller lower capacity one.
Not noticed till several months later when the battery started having trouble starting it in much colder weather. The new garage had no trouble spotting it but by then we couldn’t prove it.
1 Like
Crikey, that’s shocking (no pun intended). Like you, I’d undoubtedly not notice the battery being swapped until it was too late.
1 Like
Not exactly a data breach but I’m still waiting for a police certificate after haackers corrupted criminal records service
I’m very harsh on any company or government site or system which is hacked. There is no reason they should be vulnerable except sloppy security. All too easy for senior management to not take threats seriously and/or not allocate sufficient resources to prevent them.
1 Like
Isnt that the truth and not just with data.
1 Like
Unilever handed over its pension management to Capita. Or Crapita as Private Eye calls it (and has done so for years).
As a Unilever pensioner I have recently received a grovelling letter from their Head of Trustee Services saying Capita recently experienced a “cyber security incident”. OH would say this was an accident waiting to happen.
The letter goes on to say “we will continue to do everything we can to work with Capita”. Really???
Yes, I heard about that and immediately thought of Private Eye
2 Likes
The friends who visited last week brought the last month’s Private Eyes with them. A nice treat, especially the “man in hat sits on chair” issue.
3 Likes
The OH has had a similar email from USS pension, who also use Crapita.
1 Like
That may be being too harsh. My former employer, one of the Big 4 global accountancy firms, reckoned on average it faced up to 80,000 cyber attacks A DAY in the UK alone! One successful phishing attack, cleverly disguised - and they’re in…Data security was taken incredibly seriously, and dummy phishing attacks were regularly mounted. Many of us, definitely including me, were at various times completely fooled…I would defy anyone to say (and I know you’re not saying that) they will always spot one, and react accordingly…It would be an astonishingly ‘brave’ company that could guarantee total security at all times…
I completely agree with your OH. I too received a letter from my employers trustees today reporting the same incident. Their take on it was that “only” (!) people actually receiving a pension (ie not me yet) potentially had their data compromised.
2 Likes
Interesting, although I’m curious to know how they defined a cyber attack. Someone testing a firewall by port scanning it could be classed a cyber attack by some, but it’s the online equivalent of checking if a car door is locked… and is about as sophisticated too!
Although saying that… Back in the early '00s when I was working in finance, before submitting our budgets we used to invite a Board member down to the basement where the IT and us infosec people worked. During the guided tour we’d walk them past a PC showing firewall logs whizzing frantically across the screen… without fail they’d ask what this was.
My boss at the time was very good at explaining in non-technical terms how it was hackers probing our network trying to find a way in, and how they only had to get lucky once whereas we needed the right tools to block every attempt. Scaring the Board members by exaggerating on the sophistication of attacks did wonders in getting our budgets approved 
Agree 100%. Hence best practice is to aim for “defence-in-depth” by having multiple controls so that when one fails, the attacker is delayed and has to defeat another control… and when that fails there is another control… and when that fails there is another control. Much like peeling back layers of an onion.
The aim isn’t to have a completely infallible system, it’s to slow an attack down so that you have time to identify it and respond accordingly. If an alert is triggered on your perimeter defence then it requires investigation. If subsequently an alert is triggered on the next line of defence, then that investigation suddenly gets a lot more priority. And so on, and so on.
That reminds me of the judge who when giving a burglar a particulary harsh sentence as a deterrent to others said "there’s too much of the sort of thing going on ". Which, of course, begged the question as to what is the acceptable level of burglary🤭 I think the acceptable level of IT security is 100%. If that means over investing, sobeit.
It’s not the volume of attacks that counts really, is it? If all your 80,000 attacks a day are of the same type then that’s no different from one attack a day. Plus phishing shouldn’t put a corporate infrastructure at risk at all, should it? Malware loaded onto one desktop or laptop or mobile device shouldn’t be a threat to well protected corporate networks or systems IMHO. BTW, I presume no personal emails were allowed either, so phishing should be quite difficult. I would be more concerned about breaking in through a vulnerability in some systems software rather than phishing or the sort of stuff that targets the unwary end user.
In terms of total security guarantee, I do expect the financial institutions I use (for example) to guarantee 100% security 100% of the time, and with the appropriate investment of resources it is achievable. The price of failure for any organisations that falls short and exposes their clients (as Capita has done) should be eye watering.
I guess your Firm probably had a practice that made its living from consulting on IT security matters (A PwC partner I know well has been working on IT security since 1985 when I first met him. It wasn’t really a thing then, but he certainly shrewdly chose a growing line of business. ) so from a marketing perspective there was also an incentive in your Firm for excellence and in-house expertise to provide it. All companies should take security as seriously IMO.
As I mentioned in another thread, it’s time for the poor old enduser to stop taking the pain for the corporations poor security, be that data leaks or telcos hosting bad actors or email service providers allowing spam. We need legislation and fines introduced to make them step up to plate and protect us from the dangers they land in our inboxes.
1 Like