Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
CYPRIOT SUPERVISORY AUTHORITY: Security lack in ticketing systems of APOEL and OMONOIA

CYPRIOT SUPERVISORY AUTHORITY: Security lack in ticketing systems of APOEL and OMONOIA

In connection with recent reports and after the notification of the accident breach presented by APOEL and AMONOIA and the investigation made up by the Authority, it has issued and send today to these clubs and contractor which has realized and developed systems, on their behalf, potential decisions. In these preliminary decisions, the three affected parts have been informed of the breaches of the General Data Protection Regulation and it were asked their positions before starting with the emission of final decisions.

Breaches refers to a vulnerability into the security which has made that an unauthorized person has been able to restore by website of club details of their fans (name and surname, number of the supporter card and the number of the ID) who have acquired tickers that during the breach.

For this reason, by inserting these last one information on the website of Cyprus Sports Organization, the unauthorized person shall visualize and download the data subject’s supporter card.

It is expected that clubs and the contractor present their positions on the above-mentioned fact within a specific period of time, in order that the Authority can proceed with the final decisions.

Even if it has been detected, after a investigation and a written report of Cyprus Sports Organization to the Authority’s office, that the system of Cyprus Sports Organization connected to the supporting card has not been compromised, the Authority has recommended that is implemented a protection in order that the access and the ability of receive the supporter card by its data controller is additionally improved by the send and the usage of a unique secure code.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DI CIPRO

Recommended to you

Advanced Research