Data Breach Notification

General Data Protection Regulation (GDPR) does not explicitly require 2FA (two-factor authentication), but it does mandate implementing appropriate technical measures to protect personal data, making 2FA a strong consideration for achieving robust security and demonstrating compliance with the "privacy by design" principle within the GDPR framework.

I feel like adding 2fa might be in your guys' best interest right now.

6

GGG has no good reason for keeping the physical addresses of service users on file either. Not deleting that data as soon as the physical merchandise has been dispatched appears to be yet another GDPR breach.

MFA is annoying, that said, also necessary, needed even, in our glorious future we share and live within.

Is it Star Trek tech yet where its all verbal? 'Computer: "Authorization code Tea, Earl Grey, Hot"' Or some such.

I know everyone is jumping up and down about MFA, but GGG doesn't want to hire more support staff to deal with MFA issues, loool. That's why they didn't do it. But now they HAVE to do it, because they had a sec vuln issue.

Wow dude.

Thanks for the transparency!

This is what I understand it reading this, that you don't even had your own administrative users / support users protected through appropriate security measures, such as fido token, conditional access rules etc.?

Thanks for the information and yeah in that case MFA wouldn't been useful at all for the affected users


Uff.

"

BruceAE#4780 написал:

Anyone who falls under GDPR can file a claim against GGG if they like.

Is there anything online where you can go and check if GGG have already self reported the breach as they are required by law to do, not much point reporting them if they've done things by the book and self reported, although I'm not sure if they actually have because it usually requires them notifying users individually their data was potentially breached, not sure forum posts count ?

aguardo ansiosamente o 2FA.