CyberSecurityBoard
Sponsor Register Login

Data regulator fines HelloFresh £140k for sending 80M+ spams The Register

Food delivery company HelloFresh is nursing a £140,000 fine by Britain's data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.
The meal-kit company provides weekly packages of premeasured ingredients with recipes so customers can prepare their own meals rather than winging it at the grocery store.
The Information Commissioner's Office says the company claimed messages were based on an opt-in statement, yet this statement did not include any reference to the sending of marketing messages via text.
Customers weren't give ample information that their data would be used for marketing messages for up to two years after they'd cancelled their HelloFresh subscription, the regulator added.
The investigation discovered that between August 23, 2021 and February 23, 2022, HelloFresh hit send on 80,993,013 messages, including 79,779,279 emails and 1,113,734 texts to subscribers.
These were sent in contravention of Regulation 22 of the Private Electronic Communications Regulations.
The ICO says it was made aware of the spams issue after receiving complaints from recipients on its reporting service.
It also found that even after people had asked HelloFresh to cease and desist, the spams continued.
The company was served with a £140,000 fine for breaking PECR, taking the number of fines handed to spammers to £2.44 million since April last year.


This Cyber News was published on go.theregister.com. Publication date: Fri, 12 Jan 2024 11:43:05 +0000


Cyber News related to Data regulator fines HelloFresh £140k for sending 80M+ spams The Register

Data regulator fines HelloFresh £140k for sending 80M+ spams The Register - Food delivery company HelloFresh is nursing a £140,000 fine by Britain's data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months. The meal-kit company ...
1 year ago Go.theregister.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
8 months ago Aws.amazon.com
HelloFresh Fined £140K After Sending 80 Million Spam Messages - Meal-kit company HelloFresh is the latest brand to receive a major fine from the UK's privacy regulator, after it was found to have overwhelmed consumers with 80 million spam messages. The Information Commissioner's Office levied a £140,000 penalty ...
1 year ago Infosecurity-magazine.com
CVE-2024-40975 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2024-35824 - In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the ...
1 year ago Tenable.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
7 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
7 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
1 year ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
8 months ago Tenable.com
CVE-2023-52911 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
1 year ago Venturebeat.com
British company Advanced fined £3m by privacy regulator over ransomware attack | The Record from Recorded Future News - His comments followed a series of ransomware incidents affecting the healthcare sector last year, including one in which every single household in the Scottish region of Dumfries and Galloway received a letter warning residents that their data was ...
2 months ago Therecord.media LockBit
GDPR Turns Six: Reflecting on a Global Privacy Benchmark - The EU's flagship data protection law, the General Data Protection Regulation, celebrated its sixth anniversary on 25th May '24. Since coming into effect in 2018, its stringent requirements for enhanced security controls and data privacy have ...
1 year ago Itsecurityguru.org
Russia Fines Google, Discord For 'Banned Content' | Silicon UK - Russia has issued a fine against Alphabet’s Google, as well the instant messaging platform Discord, over content the Putin regime deems illegal. Google was reportedly fined for not removing content Russia deems illegal, while Discord was ...
8 months ago Silicon.co.uk
Mine Secures $30M in Series B Funding - PRESS RELEASE. BOSTON and TEL AVIV, Israel, Dec. 5, 2023 /PRNewswire/ - Mine, a pioneering company disrupting the data privacy market, announced today that it has raised $30 million in Series B funding, co-led by Battery Ventures and PayPal Ventures, ...
1 year ago Darkreading.com
CVE-2025-26603 - Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or ...
4 months ago Tenable.com
CVE-2024-42253 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
1 year ago Feeds.dzone.com
Italian Data Protection Authority Fines WhatsApp €5.5 Million - The Italian Data Protection Authority (DPA) has fined WhatsApp €5.5 million as a result of violations of the European Union’s General Data Protection Regulation (GDPR). ...
2 years ago Securityaffairs.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
1 year ago Tenable.com
As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever - A spokesperson for the regulator said its work increasing the “awareness of the link between cyber attacks and personal data breaches” was “driving organisations to improve their practices,” but the growing number of reported attacks ...
8 months ago Therecord.media
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
1 year ago Helpnetsecurity.com
When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
1 year ago Feeds.dzone.com
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
2 years ago Tripwire.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)