Sony, employees reach deal in breach lawsuit

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Sony Pic­tures has reached a set­tle­ment with for­mer employ­ees in a law­suit relat­ed to the hack it suf­fered 10 months ago, a breach that saw large amounts of sen­si­tive com­pa­ny infor­ma­tion leaked online. The law­suit, which is still pend­ing class-action cer­ti­fi­ca­tion in a hear­ing set lat­er this month, is a com­bi­na­tion of sev­en law­suits brought by for­mer employ­ees whose Social Secu­ri­ty num­bers, med­ical records, and oth­er sen­si­tive per­son­al infor­ma­tion were part of the data dump. Details of the set­tle­ment were not dis­closed. Sony and the plain­tiffs have asked that the class-action cer­ti­fi­ca­tion be pushed back 45 days while both par­ties await the approval of the set­tle­ment. Source: The Verge

Payback’s a … well, you know

sh_sanctions_280U.S. offi­cials are con­sid­er­ing eco­nom­ic sanc­tions against Rus­sia and Chi­na that tar­get for­eign com­pa­nies and cit­i­zens believed behind cyber attacks on U.S. com­mer­cial enter­pris­es. The sanc­tions would ban indi­vid­u­als and busi­ness­es from using the U.S. finan­cial sys­tem and would not tar­get indi­vid­u­als sus­pect­ed in gov­ern­ment hacks. If the Unit­ed States were to go for­ward with the sanc­tions, it would mark the first use of an exec­u­tive order that Pres­i­dent Oba­ma signed in April tar­get­ing hack­ers out­side U.S. bor­ders. Talk of the sanc­tions come amid reports that Chi­nese and Russ­ian intel­li­gence ser­vices are using per­son­al­ly iden­ti­fi­able infor­ma­tion obtained from the Office of Per­son­nel and Man­age­ment and Ash­ley Madi­son hacks to tar­get Amer­i­can gov­ern­ment offi­cials for coun­ter­in­tel­li­gence mea­sures. Source: SC mag­a­zine

Use of stingrays to track cell phones is blunted

The Jus­tice Depart­ment announced a new pol­i­cy that will require the FBI and oth­er fed­er­al agents to get a search war­rant before using stingrays—devices that sim­u­late a cell phone tow­er to track the loca­tion of mobile phone users. The pol­i­cy forces pros­e­cu­tors and inves­ti­ga­tors not only to obtain a war­rant but also to dis­close to judges that the spe­cif­ic tech­nol­o­gy they plan to use is a stingray, as opposed to anoth­er sur­veil­lance tool. Law enforce­ment agen­cies have been crit­i­cized for using the tech­nol­o­gy with­out a war­rant, and for telling courts that they planned to use a pen-reg­is­ter or trap-and-trace device to obtain loca­tion data on a sus­pect, rather than a stingray, which is much more inva­sive. Stingrays are mobile sur­veil­lance sys­tems the size of a small brief­case that imper­son­ate a legit­i­mate cell phone tow­er to trick mobile phones and oth­er mobile devices in their vicin­i­ty into con­nect­ing to them and reveal­ing their unique ID and loca­tion. Civ­il lib­er­ties groups have long assert­ed that stingrays are too inva­sive because they can sweep up data about every phone in their vicin­i­ty, not just tar­get­ed phones, and can inter­fere with their calls. Source: Wired

Bigger success, bigger target on your back

sh_target on back_280Small man­u­fac­tur­ers enjoy­ing growth and finan­cial suc­cess are get­ting smarter about their finances, accord­ing to reports from Bank of the West. But as their wal­lets get big­ger, so does the risk of cyber theft, with small man­u­fac­tur­ers sus­cep­ti­ble to poten­tial­ly crip­pling chal­lenges. Pay­ment fraud is emerg­ing as one of the top secu­ri­ty schemes to hit small man­u­fac­tur­ers. For the third year in a row in 2015, three out of five com­pa­nies became a tar­get of pay­ments fraud. “As small- and medi­um-size man­u­fac­tur­ers expand domes­ti­cal­ly and internationally—broadening their net­works of ven­dors, busi­ness con­nec­tions and customers—the risk of pay­ments fraud ris­es,” the report said. Source:

When the romance ends badly

A Cal­i­for­nia court found the Uni­ver­si­ty of Cal­i­for­nia Los Ange­les Health Sys­tem was not respon­si­ble for the unau­tho­rized release of a woman’s med­ical record to a roman­tic rival. The deci­sion absolves the hos­pi­tal from the $1.25 mil­lion the plain­tiff sought for emo­tion­al dis­tress and inva­sion of pri­va­cy. Nor­ma Lozano’s com­plaint alleges that in 2012, a tem­po­rary work­er in a physician’s office affil­i­at­ed with UCLA used a doctor’s pass­word and user ID to access Lozano’s med­ical record, then texted pho­tos of her med­ical infor­ma­tion to oth­ers, includ­ing Lozano’s for­mer boyfriend. The temp work­er was Lozano’s ex-boyfriend’s cur­rent roman­tic part­ner, accord­ing to the suit. Lozano accused UCLA of not doing enough to pre­vent unau­tho­rized access of her med­ical records, includ­ing enabling a sec­ond form of secu­ri­ty before the breach occurred. The hos­pi­tal claimed that it should not be held respon­si­ble for the mis­con­duct. The ques­tion of com­pa­ny lia­bil­i­ty for inside-job data breach­es is still being debat­ed by courts. Source: The Hill

Too much on their plates

sh_license plates_280A law enforce­ment push for more license-plate scan­ners is gain­ing steam, with Maryland’s Ocean City announc­ing plans to deploy the tech­nol­o­gy at essen­tial­ly every point of entry. With the expan­sion comes mount­ing pri­va­cy con­cerns as crit­ics raise ques­tions about law-enforce­ment agen­cies’ legal author­i­ty to col­lect and store the data. Ocean City offi­cials say the scan­ners are need­ed to fight a per­sis­tent hero­in-traf­fick­ing prob­lem and oth­er crimes. But beyond the con­cerns about gov­ern­ments tak­ing pic­tures of vehi­cles regard­less of the driver’s con­nec­tion to any crim­i­nal activity—and what offi­cials might do with the data of the vehi­cle owner—critics say the tech­nol­o­gy can cre­ate a pro­file to pre­dict when and where Amer­i­cans come and go. Anoth­er major con­cern is the use of such tech­nol­o­gy by pri­vate companies—including those that repos­sess vehi­cles and the sur­veil­lance firms that sell the plate scan­ners and store the data. Source: Fox News

Yeah, sure, you can have my number

Whether it’s a blind date you’re meet­ing for the first time or a list­ing on Craigslist, there’s a bet­ter way to main­tain anonymi­ty by using tem­po­rary num­bers to send or receive calls, texts and pic­ture mes­sages on your iPhone. The Burn­er app puts mul­ti­ple short-term phone num­bers at your dis­pos­al, each of which can be delet­ed with the tap of a but­ton. You are required to share your real iPhone num­ber with the devel­op­er, which then becomes your account num­ber. When a Burn­er num­ber expires, any his­to­ry and unused minutes/texts also go away—there’s no undo option avail­able. Users also can choose to extend the life of a burn­er for 90 days at a time, top­ping off avail­able min­utes and texts in the process. Source: Mac­world

Free speech in Russia? Nyet

sh_censored_280A con­tro­ver­sial new Russ­ian law on the reten­tion of per­son­al com­put­er data rais­es ques­tions about the pos­si­ble impact on the world’s largest Inter­net com­pa­nies and the pri­va­cy of the cus­tomers they serve—and whether the law can be effec­tive­ly enforced. The law requires Russ­ian and for­eign com­pa­nies to store data for cus­tomers who are Russ­ian cit­i­zens on servers housed on Russ­ian ter­ri­to­ry. That sparked con­cerns among pri­va­cy advo­cates who fear the law will fur­ther restrict speech in Rus­sia, where the Inter­net has served as a large­ly unhin­dered forum for pub­lic debate, par­tic­u­lar­ly com­pared with tra­di­tion­al media out­lets. Despite ear­li­er efforts by for­mer Russ­ian Pres­i­dent Dmit­ry Medvedev, now the prime min­is­ter, to instill a Sil­i­con Val­ley-style ethos in Rus­sia, the Kremlin’s atti­tude toward the Inter­net has cooled since Vladimir Putin’s return to the pres­i­den­cy in 2012. Last year, Putin pub­licly called the Inter­net a “CIA project.” Source: Radio Free Europe

New rules likely mean more cyber insurance sales

Law firm DAC Beachcroft pre­dicts that changes in reg­u­la­tion will boost cyber insur­ance poli­cies in 2016. The com­pa­ny said it expect­ed the pro­posed new Euro­pean Data Pro­tec­tion Reg­u­la­tion to bring manda­to­ry breach noti­fi­ca­tion require­ments, in effect mak­ing data breach­es more cost­ly. The firm warned bro­kers and insur­ers that this could rein­force the need for stand­alone cyber cov­er­age and urged them to look over their exist­ing poli­cies. DAC Beachcroft fur­ther pre­dict­ed that an increase in cyber risks could swamp the mar­ket, as reg­u­la­to­ry and legal trends were like­ly to result in more suc­cess­ful claims for dam­ages fol­low­ing a data breach. The report states that big data and new tech­nol­o­gy would lead to more per­son­al data col­lect­ed and shared, and that courts have shown an increased will­ing­ness to award dam­ages for breach­es of pri­va­cy in recent years. Source: Insur­ance Age U.K.

Might be rethinking that coverage now

sh_security breach_280The Her­itage Foun­da­tion suf­fered a data breach this week in which intrud­ers swiped sen­si­tive emails and donor infor­ma­tion, the right-wing think tank con­firmed. Some of those stolen files may have start­ed sur­fac­ing on the Inter­net. “We expe­ri­enced a mali­cious, unau­tho­rized data breach of six-year-old doc­u­ments on an exter­nal serv­er that appear to con­tain per­son­al infor­ma­tion of pri­vate donors, who we are noti­fy­ing,” said spokesman Wes­ley Den­ton. “We are unable to ver­i­fy the authen­tic­i­ty of files cir­cu­lat­ed online.” The breach occurred at the same time that the foundation’s mul­ti­me­dia news orga­ni­za­tion, the Dai­ly Sig­nal, has crit­i­cized the Oba­ma admin­is­tra­tion and fed­er­al agen­cies such as the Office of Per­son­nel Man­age­ment over lax cyber­se­cu­ri­ty. “Our inter­nal servers were not part of this breach and we have taken—and will con­tin­ue to take—all appro­pri­ate steps to ensure that our mem­bers have the abil­i­ty to sup­port pub­lic pol­i­cy orga­ni­za­tions free from intim­i­da­tion,” Den­ton said. Source: Politi­co