|
juthi52943
|
Posts: | 1 |
Joined: | January 1970 |
Likes: | 0 |
Points: |
|
|
|
Post by juthi52943 on Jan 6, 2024 4:21:00 GMT
Such as changing their password. In this case, notification was not mandatory, but in many cases it could be considered good practice. The violation must be documented in accordance with Art. section , but no notification to the supervisory authority or communication with affected persons is required. Example In the seventh example, the EDPB describes an electronic banking website that was subjected to a stuffing attack. A a result of which the criminal managed Job Function Email List to log in to , bank accounts whose owners used trivial passwords and gained access to the data of a total of , people. The bank managed to capture all of these logins and, upon further analysis, determined that no transactions had been made on any of these accounts. The institution disabled its website and forced each of the affected accounts to change passwords. The bank informed the people whose passwords were guessed about the breach. What should you do? Due to the risk, the following should be documented internally and reported to the supervisory authority. Countermeasures to reduce the likelihood and negative effects of attacks.
|
|