View this email in your browser
PIMFA WEEKLY NEWS BULLETIN | 4 July 2022 Dear Nigel,
Welcome to the PIMFA Bulletin; grab a coffee and take 10 minutes to read the latest news impacting you and your firm.
ICO: International data protection & privacy authorities provide guidance against the threat of credential stuffing attacks
The latest report from international data protection and privacy authorities has identified credential stuffing as a significant and growing cyber threat to personal information. Credential stuffing is a cyber-attack method that exploits people’s tendency to use the same username and password combination across multiple online accounts. These attacks are automated and often in large scale, using stolen and legitimate credentials obtained from unrelated data breaches to access people’s accounts across websites. The report is published by a sub-working group of the Global Privacy Assembly’s International Enforcement Working Group (IEWG), including the Information Commissioner’s Office (ICO) and data protection authorities from Canada, Gibraltar, Jersey, Switzerland, and Turkey. Among the security measures listed in the guidance, the report notes that multi-factor authentication is considered to be the most effective measure in securing online accounts against credential stuffing.