By James Pavur
On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) came into effect, bringing with it the most expansive governmental effort to regulate data security and privacy to date. Among the GDPR’s many provisions is the «Right of Access,» which states that individuals have the right to access their personal data. This provision can be easily abused by social engineers to steal sensitive information that does not belong to them.
Full Abstract & Presentation Materials: https://www.blackhat.com/us-19/briefings/schedule/#gdparrrrr-using-privacy-laws-to-steal-identities-14526