Data-Protection

🟡 Medium | Source: The Register — Security Two former RAC employees who sold personal data belonging to car crash victims to claims management companies have been ordered to repay £118,000 under the Proceeds of Crime Act, following earlier sentences of imprisonment and community service. The pair exploited their privileged access to customer data for financial gain, representing a textbook insider threat and data protection failure. The case underscores the real-world financial and legal consequences of misusing access to sensitive personal data. ...

🟡 Medium | Source: AWS Security Blog AWS has published guidance on identifying unused KMS encryption keys and protecting them from accidental deletion across large, multi-account environments. Orphaned or forgotten keys can inflate costs, create compliance gaps, and pose a risk if unexpectedly deleted — potentially making encrypted data permanently inaccessible. The post outlines tooling and processes to audit key usage and apply deletion safeguards at scale. Architect’s Take: Implement regular KMS key usage audits using AWS CloudTrail and CloudWatch metrics, and ensure deletion windows and key policies are configured to prevent accidental removal — particularly in multi-account organisations where key ownership can become unclear over time. ...