This week:

3 – Starving children can’t get in the way of an attacker’s profits

2 – Data breaches aren’t just about cyber attacks

1 – GDPR finally catches up with Spanish hotels

 

3 – Starving children can’t get in the way of an attacker’s profits

“Ransomware gang attacks German charity that feeds starving children”

Source: The Record (via Risky Business)

 

What’s the story?

Deutsche Welthungerhilfe (WHH), a German charity whose name literally translates as World Hunger Help and which provides millions with humanitarian aid, has been targeted by a ransomware gang demanding over $2 million. The charity is refusing to pay and says it promptly shut down affected systems and engaged external cybersecurity experts to help it recover its operations.

 

So what?

These cyber attackers are not Ordinary Decent Criminals. Many are now intentionally targeting charities and non-profits as they know they have weaker security defences than private / for-profit enterprises.

A Good Cause may also be An Easy Target.

(If you work for a charity or non-profit and need help to review and improve your security, I can help.)

 

 

 

2 – Data breaches aren’t just about cyber attacks

“It is alleged that a “serious data breach” took place after an individual entered [The Arts Council] headquarters to obtain documents.”

Source: Irish Independent

 

What’s the story?

Ireland’s Arts Council is conducting an internal review of a serious security incident that occurred on June 19, 2025.

Apparently, the ‘serious incident’ was an ex-employee entering The Arts Councils’ HQ in an effort to obtain ‘documentation’.  

 

So what?

This incident shows the difference between cyber security and information security.

So, while you may want to improve your cyber security.

You need to focus on your information security.

(Need help? You know where I am.)

 

 

1 – GDPR finally catches up with Spanish hotels

“According to the law, hotels and other types of holiday accommodation in Spain have no right to take a copy of guests’ ID cards and passports.”

Source: Sur in English

 

What’s the story?

Spain’s Data Protection Agency (AEPD) has ruled that hotels and rental accommodations must stop photocopying guest passports or ID cards. The agency views the practice as “excessive processing” under GDPR, carrying unnecessary identity theft risks. Instead,  “accommodation establishments can collect the information they need by asking the guest to complete a form, providing full name, sex, ID number, date of birth and mobile phone number. To authenticate the data provided in the form, a simple and quick visual check of the corresponding identity document should be enough, for which a copy is not needed.”.

 

So what? 

It always amazes me how every Spanish hotel I stay in insists on taking a photocopy of my passport.

And while sipping a beer in the sunshine, I also wonder how good these hotels are at securing these photocopies.

Given their inability to serve decent beer in the hotel bar, I’m not too confident!

Hopefully, this ruling from the AEPD will address the problem.

Mañana.