A cyberattack gave attackers access to British veterinary chain CVS Group, forcing it to shut down computer systems for several days while it investigated the attack. And new EU's AI Act wins support from Wojciech Wiewiórowski, European Data Protection Supervisor. However, Wiewiórowski voices concern over how effective it can be without needed "resources". 

Veterinary Chain CVS Group Says Attackers Access IT Systems

British veterinary chain CVS Group identified and intercepted unauthorised external access to a limited number of its IT systems.

The company said in a message to the stock market on Monday that it had endured “considerable operational disruption over the past week” after discovering the intruders in its systems, the Guardian reported. This led to CVS shutting down computer systems at its practices - and in some broader business functions - for several days last week.

The company said it took immediate steps, according to media reports, but did not specify the nature of any information which may have been accessed, or its financial impact.

The company confirmed that specialist third party consultants have been engaged to investigate the nature and extent of the incident, and it had informed relevant authorities.

“IT services to our practices and business functions have now been securely restored across the majority of the estate; however, due to the increased levels of security and monitoring, some systems are not working as efficiently as previously and this is likely to result in an ongoing operational impact,” CVS said.

EU Data Protection Supervisor Stresses Need for AI Compliance Resources

The EU’s AI Act has been welcomed by the European Data Protection Supervisor (EDPS), although he has warned that tools should be developed and used in accordance with the law and data protection rules.

In a speech launching the 2023 EDPS Annual Report, Wojciech Wiewiórowski said newly adopted legislations, in particular the AI Act, imposes “significant obligations” on the EDPS, and welcomed them, but stressed that the EDPS “needs to be equipped with resources, which so far are not being given.”

Wiewiórowski said this lack of resources “puts into question our ability to exercise functions imposed on us.”

He also said the EDPS provided the co-legislators with appropriate and prompt advice to ensure that AI follows a human-centric approach, complying with the fundamental rights to privacy and data protection.

 The AI Act was approved in March, and will ensure safety and compliance with fundamental rights, while boosting innovation, and  establish obligations for AI based on its potential risks and level of impact.