Media reports that computers of European Commission representatives were hacked at the Internet Governance Forum in Baku, Azerbaijan, last week have been vastly inflated.
The European Digital Agenda Commissioner, Neelie Kroes mentioned in her blog that a staff member's computer was hacked, but her spokesman, Ryan Heath, explained on Monday that it was his private computer that may have been compromised.
"It was not an official Commission computer and it contained no sensitive data. It was my own MacBook that I been using in the hotel. When I switched it on three hours later, I discovered a message telling me that my security had been compromised that that I may have been hacked," he said.
Heath said that the computer, although not an official European Commission machine, would be looked at by experts to determine if any information had been stolen. He added that neither he nor any of his colleagues using their Commission computers had experienced any security problems.
Delegates at the event did report connectivity issues, but Heath said that was not suspicious -- event organizers just didn't expect so many people to show up.
European Commission policy regarding protecting computers when working outside the Commission buildings is quite strict. Commission staff are briefed by the Security Directorate before traveling to certain countries.
"Mobile users with Commission laptops are equipped with tested reference configurations, whose security settings are controlled. Any of these computers are expediently equipped with security updates, and their malware scanners are up to date," explained DIGIT spokesman Antony Gravili. Commission laptops are also encrypted using full disk encryption.
According to new research by Edelman, many private companies are not so diligent. More than half (57 percent) of respondents said their organization does not consider privacy and the protection of personal information to be a corporate priority and six out of 10 companies do not strictly enforce all levels of compliance with laws and regulations.
Around two thirds said their organizations do not have the expertise or technology and 55 percent said they lack adequate resources to protect personal information. The full Edelman Privacy Risk Index is due to be released on Tuesday.
