Recently it became known that valuable data was stolen from Hewlett Packard Enterprise, examination results were leaked in South Africa, while a draft of key data protection law was published in India. Learn more about these events in this weekly digest.
A major incident happened with Hewlett Packard Enterprise. Well-known threat actor claimed responsibility for the direct incursion into HP’s data. According to the claims, exposed data includes:
Exposure of assets from GitHub and Docker could potentially lead to further unauthorized access to proprietary code and intellectual property. HPE’s business operations can also be affected by exposure of Zerto’s and iLo’s source code.
Moreover, there are signs that compiled software and deployment files were compromised. Also, a threat actor could have gained access to infrastructure information, subsequent security vulnerabilities, and legacy user PII, which could be used for further phishing attacks. To sum up, HPE’s data breach is a loud bang at the start of the new year. It is a major leak that highlights the importance of cybersecurity in 2025.
The South African public is engaged in heated debates over the illegal sale of graduation examinations results. Matriculation is a qualification received on graduation from high schools and university entrance requirement. In mid-January, the Information Regulator of South Africa issued the statement about the start of the investigation into rumors of leaked matric exams results.
One online service started to sell early access to final marks for sum around $5, despite the results being undisclosed till the 14th of January. Independent journalists accessed the above-mentioned service, bought matric results, and confirmed their authenticity. It’s worth noting that matric results were distributed only among Universities South Africa (USAf) on the 11th of January. Most likely, such rapid access to the matric results can be achieved by the use of insider help.
The Department of Basic Education started an investigation of the ongoing incident. According to preliminary information, the Directorate for Priority Crime Investigation detained one suspect.
This incident raises concerns about data protection. South Africa is under POPI compliance, and despite that, the confidential information was exposed. Such events are undermining the integrity of the educational system and are raising questions about data protection measures. Such incidents are highlighting the importance of data protection legislation and the need to fulfill the demands enforced by legislation.
The draft Digital Personal Data Protection Rules was published in India at the beginning of January. The Ministry of Electronics & IT (MeitY) introduced an act that aimed at creating a robust framework for protecting personal data and putting into action the Digital Personal Data Protection Act, 2023.
The draft DPDP Rules are marking the next step on the way of practical implementation of the DPDP Act. The key points of published rules are:
This draft is currently under public consultation, but despite that, we can conclude that it is an episode of the ongoing process of data protection legislation development. Such legislative rules and acts are implemented or are currently in the process of development in many countries around the globe. Data protection is a point of high concern for state bodies due to many reasons. Data protection rules will be tightened in the upcoming years, and many business entities will have to ensure compliance with them.
Compliance with data protection regulations can be a tricky issue. There are many demands that must be addressed. Business bodies have to pay attention to developing laws, fulfill the need of hiring highly and specifically skilled specialists, and use expensive data protection software and hardware. All of these points have to be implemented in a robust and comprehensive way. Managed Security Service (MSS) is a helping hand for business entities and state bodies. MSS is providing a complex package of skilled specialists and cutting-edge software solutions. Click here and get your free 30-day trial to see if it is a fit for you.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!