Technology

Disrupt Berlin 2018 takes place on 29-30 November, and we simply can&t wait to see you all there. We always get super stoked about Startup Alley, the Disrupt exhibition hall, where hundreds of innovative early-stage startups display the very latest tech products, platforms and services. Now, the only thing better than exhibiting in Startup Alley is to do it for free. Yes…free.

Herethe deal. We&re searching for founders of exceptional startups to be TC Top Picks. If you should earn that title, you&ll receive a FREEStartup Alley Exhibitor Package. All the benefits of exhibiting in Startup Alley with none of the cost. The deadline to apply to be a TC Top Pick is 28 September, so, get ‘er done!

If you&re not familiar with Startup Alley, know this: ita breeding ground for opportunity. Consider what Vlad Larin, co-founder of Zeroqode, had to say about his Startup Alley experience:

&Startup Alley was a great networking opportunity. It was full of all the people you could possibly hope to meet at a tech conference. They spanned diverse backgrounds and industries. We talked to people looking for partnerships, investments, new ideas, collaboration and inspiration.&

Herethe first Top Pick qualification hurdle you need to clear. Your startup must fall into one of the tech categories below:

• AI/Machine Learning
• Blockchain
• CRM/Enterprise
• E-commerce
• Education
• Fintech
• Healthtech/Biotech
• Hardware, Robotics, IoT
• Mobility
• Gaming

Our selection process is highly curated, and TechCrunch editors will review and vet each qualified application thoroughly. They&ll choose up to five startups to represent each category.

Each Top Pick receives one Startup Alley Exhibitor Package, which includes a one-day exhibit space, three Disrupt Berlin Founder Passes, access toCrunchMatch(our free investor-to-startup matching platform) and access to the Disrupt press list. With all these tools and resources at your disposal, you&ll be an unstoppable networking machine.

And who knows The attendees in Startup Alley might even vote your startup as a Wild Card company, which would let you participate in the Startup Battlefield pitch competition for a $50,000 cash prize. Thatexactly what happened to RecordGram at Disrupt NY 2017, and it went on to win the grand prize.

Along with lots of attention from media outlets roaming through the Alley, Top Picks also receive a three-minute interview with a TechCrunch editor on the Showcase Stage, which we promote across our social media platforms. That kind of exposure has life-changing potential, and it can help take your business to the next level.

Disrupt Berlin 2018 takes place 29-30 November, and we hope to see you exhibiting in Startup Alley — for free. Remember, the deadline toapply to be a TC Top Pickis 28 September. Seize the day and the opportunity!

Credit rating giant Equifax has been issued with the maximum possible penalty by the UKdata protection agency for last yearmassive data breach.

Albeit, the fine is only £500,000 because the loss of customer data occurred when the UKprior privacy regime was in force — rather than the tough new data protection law, brought in via the EUGDPR, which allows for maximum penalties of as much as 4% of a companyglobal turnover for the most serious data failures.

So, again,Equifax has managed to dodge worse consequencesover the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months — thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers.

Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.

The UK data protection regulator is involved because up to 15 million UK citizens& data was also breached in the attack. And while the hack compromised EquifaxUS systems, the UK citizens& data was being processed in the US.

The UKInformation CommissionerOffice (ICO) said today that the UK arm of Equifax failed to take adequate steps to ensure its US parents was protecting this data.

Reporting the result of its investigation, the ICO said Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 — including, failure to secure personal data; poor retention practices; and lack of legal basis for international transfers of UK citizens& data.

&Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law,&said information commissioner Elizabeth Denham in a statement. &We are determined to look after UK citizens& information wherever it is held.&

&The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce. This is compounded when the company is a global firm whose business relies on personal data,& she added.

The regulatorinvestigation, carried out in parallel with the UKfinancial regulator, the Financial Conduct Authority, revealed multiple failures at the credit reference agency.

The ICO says it found thatmeasures that should have been in place to manage personal information were &inadequate and ineffective&, and there were also &significant problems& with data retention, IT system patching, and audit procedures.

It flags the fact that the US Department of Homeland Security had warned Equifax Inc about a critical vulnerability as far back as March 2017, noting that &sufficient steps to address the vulnerability were not taken meaning a consumer facing portal was not appropriately patched&.

&Many of the people affected would not have been aware the company held their data; learning about the cyber attack would have been unexpected and is likely to have caused particular distress,& added Denham, emphasizing the reasons for the ICO to issue the maximum possible penalty for the breach.

The ICO also recently issued Facebook with the same level of finefor allowing user data on up to 87 million Facebook users to be scraped by a third party app which used it to try to build voter targeting models, selling this as a service to a political consultancy involved in US elections.

&Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it,& she continued. &Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers& expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to todayfine.&

Equifax has responded with disappointment to the ICOdecision. In a statement responding to the ICOruling, a company spokesperson said: &We have received the Monetary Penalty Notice from the Information CommissionerOffice (ICO) on Wednesday afternoon and are considering the detailed points made. Equifaxhas cooperated fully with the ICO throughout its investigation, and we are disappointed in the findings and the penalty.

&As the ICO makes clear in its report,Equifaxhas successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect. The criminal cyberattack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.

&Data security and combatting criminal digital activity is an ongoing battle for all organisations that requires continued innovation and attention. We have acted and continue to act to make things right for consumers. They will always be our priority.&

The company points to a number of changes it says it has made in response to the incident to strengthen its policies and processes, and also highlights ongoing investments in infrastructure and corporate governance procedures, including hiring additional IT staff, which are intended to improve the resilience of its systems to hack attacks.

However it does concede that the breach itself was the result of internal process failings, given that a file containing historical consumer information which should have been deleted was not.

And the key point here is that the ICOdecision is based on scrutinising exactly what happened that led to the breach occurring.

How a company has acted since a security crisis will be taken into consideration, as part of the overall picture, but having shut the barn door after the horse has bolted is only going to get so much credit vs the reasons for the barn door not being properly secured in the first place. And thatas it should be given the point of data protection legislation is to encourage companies to prioritize security, not overlook it.

In the Equifaxdecision the ICO writes: &The Commissioner has also taken into account her underlying objective in imposing a monetary penalty notice, namely to promote compliance with the DPA [data protection act]. She considers that, given the nature, seriousness and potential consequences of the contravention arising in this case, that objective would not be adequately served by an unduly lenient penalty.&

Bike and scooter company Lime recently hit 11.5 million rides,a couple of months after it surpassed six million rides. This milestone comes just 14 months after Lime deployed its first bikes.

Today, Lime is in more than 100 markets throughout the U.S. and Europe. Last December, Lime brought its bikes to a number of European cities and in June,Lime brought its scooters to Paris. By the end of this year, Lime plans to launch in an additional 50 cities.

The rise of shared personal electric vehicles has also led to a new type of side hustle for some people. Through LimeJuicer program, which enables anyone to make money from charging scooters overnight, the company has paid out millions of dollars to those workers.

Lime has raised $467 million in funding, with its most recent round coming in at$335 million. The round, led by GV, included participation from Uber.