Sony, employees reach deal in breach lawsuit

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Sony Pictures has reached a settlement with former employees in a lawsuit related to the hack it suffered 10 months ago, a breach that saw large amounts of sensitive company information leaked online. The lawsuit, which is still pending class-action certification in a hearing set later this month, is a combination of seven lawsuits brought by former employees whose Social Security numbers, medical records, and other sensitive personal information were part of the data dump. Details of the settlement were not disclosed. Sony and the plaintiffs have asked that the class-action certification be pushed back 45 days while both parties await the approval of the settlement. Source: The Verge

Payback’s a … well, you know

sh_sanctions_280U.S. officials are considering economic sanctions against Russia and China that target foreign companies and citizens believed behind cyber attacks on U.S. commercial enterprises. The sanctions would ban individuals and businesses from using the U.S. financial system and would not target individuals suspected in government hacks. If the United States were to go forward with the sanctions, it would mark the first use of an executive order that President Obama signed in April targeting hackers outside U.S. borders. Talk of the sanctions come amid reports that Chinese and Russian intelligence services are using personally identifiable information obtained from the Office of Personnel and Management and Ashley Madison hacks to target American government officials for counterintelligence measures. Source: SC magazine

Use of stingrays to track cell phones is blunted

The Justice Department announced a new policy that will require the FBI and other federal agents to get a search warrant before using stingrays—devices that simulate a cell phone tower to track the location of mobile phone users. The policy forces prosecutors and investigators not only to obtain a warrant but also to disclose to judges that the specific technology they plan to use is a stingray, as opposed to another surveillance tool. Law enforcement agencies have been criticized for using the technology without a warrant, and for telling courts that they planned to use a pen-register or trap-and-trace device to obtain location data on a suspect, rather than a stingray, which is much more invasive. Stingrays are mobile surveillance systems the size of a small briefcase that impersonate a legitimate cell phone tower to trick mobile phones and other mobile devices in their vicinity into connecting to them and revealing their unique ID and location. Civil liberties groups have long asserted that stingrays are too invasive because they can sweep up data about every phone in their vicinity, not just targeted phones, and can interfere with their calls. Source: Wired

Bigger success, bigger target on your back

sh_target on back_280Small manufacturers enjoying growth and financial success are getting smarter about their finances, according to reports from Bank of the West. But as their wallets get bigger, so does the risk of cyber theft, with small manufacturers susceptible to potentially crippling challenges. Payment fraud is emerging as one of the top security schemes to hit small manufacturers. For the third year in a row in 2015, three out of five companies became a target of payments fraud. “As small- and medium-size manufacturers expand domestically and internationally—broadening their networks of vendors, business connections and customers—the risk of payments fraud rises,” the report said. Source:

When the romance ends badly

A California court found the University of California Los Angeles Health System was not responsible for the unauthorized release of a woman’s medical record to a romantic rival. The decision absolves the hospital from the $1.25 million the plaintiff sought for emotional distress and invasion of privacy. Norma Lozano’s complaint alleges that in 2012, a temporary worker in a physician’s office affiliated with UCLA used a doctor’s password and user ID to access Lozano’s medical record, then texted photos of her medical information to others, including Lozano’s former boyfriend. The temp worker was Lozano’s ex-boyfriend’s current romantic partner, according to the suit. Lozano accused UCLA of not doing enough to prevent unauthorized access of her medical records, including enabling a second form of security before the breach occurred. The hospital claimed that it should not be held responsible for the misconduct. The question of company liability for inside-job data breaches is still being debated by courts. Source: The Hill

Too much on their plates

sh_license plates_280A law enforcement push for more license-plate scanners is gaining steam, with Maryland’s Ocean City announcing plans to deploy the technology at essentially every point of entry. With the expansion comes mounting privacy concerns as critics raise questions about law-enforcement agencies’ legal authority to collect and store the data. Ocean City officials say the scanners are needed to fight a persistent heroin-trafficking problem and other crimes. But beyond the concerns about governments taking pictures of vehicles regardless of the driver’s connection to any criminal activity—and what officials might do with the data of the vehicle owner—critics say the technology can create a profile to predict when and where Americans come and go. Another major concern is the use of such technology by private companies—including those that repossess vehicles and the surveillance firms that sell the plate scanners and store the data. Source: Fox News

Yeah, sure, you can have my number

Whether it’s a blind date you’re meeting for the first time or a listing on Craigslist, there’s a better way to maintain anonymity by using temporary numbers to send or receive calls, texts and picture messages on your iPhone. The Burner app puts multiple short-term phone numbers at your disposal, each of which can be deleted with the tap of a button. You are required to share your real iPhone number with the developer, which then becomes your account number. When a Burner number expires, any history and unused minutes/texts also go away—there’s no undo option available. Users also can choose to extend the life of a burner for 90 days at a time, topping off available minutes and texts in the process. Source: Macworld

Free speech in Russia? Nyet

sh_censored_280A controversial new Russian law on the retention of personal computer data raises questions about the possible impact on the world’s largest Internet companies and the privacy of the customers they serve—and whether the law can be effectively enforced. The law requires Russian and foreign companies to store data for customers who are Russian citizens on servers housed on Russian territory. That sparked concerns among privacy advocates who fear the law will further restrict speech in Russia, where the Internet has served as a largely unhindered forum for public debate, particularly compared with traditional media outlets. Despite earlier efforts by former Russian President Dmitry Medvedev, now the prime minister, to instill a Silicon Valley-style ethos in Russia, the Kremlin’s attitude toward the Internet has cooled since Vladimir Putin’s return to the presidency in 2012. Last year, Putin publicly called the Internet a “CIA project.” Source: Radio Free Europe

New rules likely mean more cyber insurance sales

Law firm DAC Beachcroft predicts that changes in regulation will boost cyber insurance policies in 2016. The company said it expected the proposed new European Data Protection Regulation to bring mandatory breach notification requirements, in effect making data breaches more costly. The firm warned brokers and insurers that this could reinforce the need for standalone cyber coverage and urged them to look over their existing policies. DAC Beachcroft further predicted that an increase in cyber risks could swamp the market, as regulatory and legal trends were likely to result in more successful claims for damages following a data breach. The report states that big data and new technology would lead to more personal data collected and shared, and that courts have shown an increased willingness to award damages for breaches of privacy in recent years. Source: Insurance Age U.K.

Might be rethinking that coverage now

sh_security breach_280The Heritage Foundation suffered a data breach this week in which intruders swiped sensitive emails and donor information, the right-wing think tank confirmed. Some of those stolen files may have started surfacing on the Internet. “We experienced a malicious, unauthorized data breach of six-year-old documents on an external server that appear to contain personal information of private donors, who we are notifying,” said spokesman Wesley Denton. “We are unable to verify the authenticity of files circulated online.” The breach occurred at the same time that the foundation’s multimedia news organization, the Daily Signal, has criticized the Obama administration and federal agencies such as the Office of Personnel Management over lax cybersecurity. “Our internal servers were not part of this breach and we have taken—and will continue to take—all appropriate steps to ensure that our members have the ability to support public policy organizations free from intimidation,” Denton said. Source: Politico