“However, leakage of other information types – as is the case here – can leave people open to real risk.At the most extreme end is blackmail, or password reset on another account which goes into Hotmail and is then read and stolen by the hackers who gain control of that other account.”From a legal perspective, any individual who thinks they have suffered a loss has a right to seek compensation from Microsoft, Overton says.
“They don’t need the Information Commissioner’s Office (ICO) to find against Microsoft first in order to succeed, although that would help.
Consumers can also take steps to try and compel the ICO, or any other local EU regulator to investigate under the GDPR."Many users of Microsoft services such as Hotmail and MSN told me they use their accounts purely for junk mail.
This would have shown a hacker who the person was communicating with, the subject of the email and the birth date of the individual.
This is fairly limited information which would be difficult to act on, says Andrew Martin, CEO and founder of cybersecurity company Dyna Risk.
“The attacker could also send the person a 'Microsoft Password Reset' email which could trick the user into giving up username/password details so the adversary could log into their social media, banking or other accounts to commit identity theft."If accounts of European citizens were compromised and the breach contained personally identifiable information, which seems to be the case, this “definitely falls under the scope of GDPR”, says Felix Rosbach, product manager at Comforte AG.
And of course, this wouldn’t be the first time the company has had a run-in with EU data protection regulators.Perhaps close down accounts that have been sitting unused for months or years.Affected users – those with addresses, and even older Hotmail and MSN addresses – should check what sensitive information can be found in their accounts, and should consider the possibility that a malicious third party has at some point had access to this information, says Oz Alashe, CEO of Cyb Safe.“Though passwords haven’t been exposed, affected users should change their passwords regardless.Microsoft wasn’t particularly clear at first, but it did reveal some information to me in a statement over email.“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told me.“A small group (~6% of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support,” according to the Microsoft spokesperson.Designed to help you excel in evidence-based decision making, informatics, global perspectives and innovative thinking, this program prepares graduates to serve in educational or administrative roles in nursing. With meaningful assignments, the RN to MSN program is relevant, immediately applicable, and designed to meet the needs of employers.