Big GDPR gaffe!

You’ve probably heard of Ghostery. Even if you don’t use it yourself, you are likely to have seen it.
Ghostery is a browser extension that helps you to manage website trackers for a cleaner, faster, safer experience.
Ghostery’s German owner, Cliqz, part-owned by Mozilla, makes a Firefox-based browser called Cliqz, aka “the no-compromise browser” that only gives you relevant search results and does not leak your private data.
Therefore you probably wouldn’t expect Ghostery, to be carried away by the recent GDPR messaging frenzy sweeping Europe.

Even though GDPR has been a law for more than two years already, companies that collected our email addresses never thought to ask if we minded being on their mailing lists. Because of that the last few days before the start of GDPR enforcement were hell for every email inbox that was flooded with messages trying to make things official and legal.
Most of the emails typically warned us that if we weren’t careful, we’d inadvertently sacrifice the inestimable value of being on their list.

Here is a hilarious tweet about how desperate things are for the companies which are trying to keep as much data as they can:
MAKE IT STOP! More GDPR “opt out of opting into opting into opting out” madcap frenzy 🙂 This one has a CAT VIDE……
— Paul Ducklin (@duckblog) May 24, 2018

With or without GDPR Companies and individual people must take certain precautions against this growing phenomenon of unrestricted use of private data; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.

On 25 May 2018, when GDPR enforcement officially started and everyone was looking forward to the end of all this consent-at-the-last-minute nonsense… Ghostery made a big gaffe by deciding to send its subscribers a “Happy GDPR Day” email on Friday.
Ghostery did that quite literally, as you can see in the text below:
We at Ghostery hold ourselves to a high standard when it comes to users’ privacy, and have implemented measures to reinforce security and ensure compliance with all aspects of this new legislation.
We suspect that someone is not only regretting those words but also worrying about if there will be any job left for him or her, because, unfortunately, when Ghostery Send on this mail, the privacy-protecting Ghostery ended up delivering the message to all of its security-sensitive subscribers in batches of 500, with all 500 email addresses in the To: field every time.
In other words, each of the recipients could see the other 499 people on their section of the mailing list, and because this is about privacy policy: “That was NOT supposed to happen!”

What should you do?
First of all: for Ghostery this is embarrassing… and there is nothing you can do to protect yourself from this privacy leak because it already happened.

If you are a company and want to avoid the same problem? Don’t do that and always double check everything before sending it through cyberspace.

Keep in mind that every private data has a significant value that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.