Privacy – Big IT company faces security incident
By Mariano Peruzzotti and Mateo Darget.
In the last few days, a well-known software developer and technological solutions company suffered a security incident. The event was caused by an unauthorized access to the company’s source code.
According to reports, the incident was committed by the LAPSUS$ group, a cyber-hacking organization that has recently carried out similar attacks on large technology companies. As a result, 70GB of company data and master passwords for access to a considerable amount of internal services were leaked. The breach affected information about important clients of the company.
As a result of the situation, the company informed in a press release that it had activated all security protocols and that it had initiated an exhaustive investigation. It also declared that the compromised information is limited to a specific source code and that it is related to projects of a very limited number of clients.
If a data breach compromises personal data, a notification to the supervisory authority and/or the affected data subjects will be required depending on the jurisdiction. As commented in a previous edition of BeNews (see here), in Argentina Personal Data Protection Law No. 25,326 does not impose the obligation to report a security incident to the Agency for Access to Public Information (“AAIP”) nor to the affected data subjects. Likewise, Resolution 47/2018 of the AAIP recommends the notification of security incidents to such agency.
For further information contact: mperuzzotti@ojambf.com.
