Data regulator fines HelloFresh £140k for sending 80M+ spams The Register

Food delivery company HelloFresh is nursing a £140,000 fine by Britain's data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.
The meal-kit company provides weekly packages of premeasured ingredients with recipes so customers can prepare their own meals rather than winging it at the grocery store.
The Information Commissioner's Office says the company claimed messages were based on an opt-in statement, yet this statement did not include any reference to the sending of marketing messages via text.
Customers weren't give ample information that their data would be used for marketing messages for up to two years after they'd cancelled their HelloFresh subscription, the regulator added.
The investigation discovered that between August 23, 2021 and February 23, 2022, HelloFresh hit send on 80,993,013 messages, including 79,779,279 emails and 1,113,734 texts to subscribers.
These were sent in contravention of Regulation 22 of the Private Electronic Communications Regulations.
The ICO says it was made aware of the spams issue after receiving complaints from recipients on its reporting service.
It also found that even after people had asked HelloFresh to cease and desist, the spams continued.
The company was served with a £140,000 fine for breaking PECR, taking the number of fines handed to spammers to £2.44 million since April last year.


This Cyber News was published on go.theregister.com. Publication date: Fri, 12 Jan 2024 11:43:05 +0000


Cyber News related to Data regulator fines HelloFresh £140k for sending 80M+ spams The Register

Data regulator fines HelloFresh £140k for sending 80M+ spams The Register - Food delivery company HelloFresh is nursing a £140,000 fine by Britain's data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months. The meal-kit company ...
11 months ago Go.theregister.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
HelloFresh Fined £140K After Sending 80 Million Spam Messages - Meal-kit company HelloFresh is the latest brand to receive a major fine from the UK's privacy regulator, after it was found to have overwhelmed consumers with 80 million spam messages. The Information Commissioner's Office levied a £140,000 penalty ...
11 months ago Infosecurity-magazine.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2024-35824 - In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the ...
7 months ago Tenable.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
9 months ago Venturebeat.com
GDPR Turns Six: Reflecting on a Global Privacy Benchmark - The EU's flagship data protection law, the General Data Protection Regulation, celebrated its sixth anniversary on 25th May '24. Since coming into effect in 2018, its stringent requirements for enhanced security controls and data privacy have ...
6 months ago Itsecurityguru.org
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
9 months ago Feeds.dzone.com
Mine Secures $30M in Series B Funding - PRESS RELEASE. BOSTON and TEL AVIV, Israel, Dec. 5, 2023 /PRNewswire/ - Mine, a pioneering company disrupting the data privacy market, announced today that it has raised $30 million in Series B funding, co-led by Battery Ventures and PayPal Ventures, ...
1 year ago Darkreading.com
Russia Fines Google, Discord For 'Banned Content' | Silicon UK - Russia has issued a fine against Alphabet’s Google, as well the instant messaging platform Discord, over content the Putin regime deems illegal. Google was reportedly fined for not removing content Russia deems illegal, while Discord was ...
2 months ago Silicon.co.uk
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
1 year ago Helpnetsecurity.com
When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
9 months ago Feeds.dzone.com
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
1 year ago Tripwire.com
Italian Data Protection Authority Fines WhatsApp €5.5 Million - The Italian Data Protection Authority (DPA) has fined WhatsApp €5.5 million as a result of violations of the European Union’s General Data Protection Regulation (GDPR). ...
1 year ago Securityaffairs.com
As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever - A spokesperson for the regulator said its work increasing the “awareness of the link between cyber attacks and personal data breaches” was “driving organisations to improve their practices,” but the growing number of reported attacks ...
2 months ago Therecord.media
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
8 months ago Tenable.com
Data Classification Software Features to Look Out For - For organizations looking to improve their data protection and data compliance strategies, technology is essential. Implementation of the right software can help you gain visibility into your company's data, improving your ability to protect customer ...
1 year ago Securityboulevard.com
Data Protection in Educational Institutions - This article delves into the significance of data protection in educational institutions, emphasizing three key areas: the types of educational data, data privacy regulations, and data protection measures. Lastly, robust data protection measures are ...
1 year ago Securityzap.com
New Microsoft Purview features use AI to help secure and govern all your data - More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1Microsoft Purview can help you secure and govern your entire data estate in this complex and ...
1 year ago Microsoft.com
Developing Software Applications Under the Guidance of Data-Driven Decision-Making Principles - To architect and cultivate an application that yields precise outputs in alignment with business requirements, paramount emphasis must be given to the foundational data and the pertinent data scenarios shaping the application. Software application ...
10 months ago Feeds.dzone.com
The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace - This practice, which is unfortunately still widespread in an environment of relentless cyberattacks, is fraught with major cyber and financial risk. Unsecure messaging apps are a gateway for cybercriminals to access, expose and exploit an ...
11 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)