TalkTalk about trouble without encryption

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

British mobile phone oper­a­tor Talk­Talk, which has been hit by hack­ers, has acknowl­edged it did not encrypt cus­tomer data such as cred­it card details and tele­phone num­bers. Mil­lions of cus­tomers’ data could have been stolen. “We have com­plied with all of our legal oblig­a­tions in terms of stor­ing of finan­cial infor­ma­tion,” CEO Dido Hard­ing said. “It wasn’t encrypt­ed, nor are you legal­ly required to encrypt it.” The mobile oper­a­tor has 4 mil­lion users, but has not con­firmed how many it believes were caught up in the data breach. How­ev­er, Talk­Talk could face thou­sands of legal claims from vic­tims, with the total pay­out ris­ing to around 20 mil­lion pounds (about $31 mil­lion), says insur­ance law firm BLM, includ­ing the cost of replac­ing 4 mil­lion cred­it cards. Source: IT Pro

Social media makes stalking easier

sh_online breakup_stalk_280Social net­work­ing makes it easy to mon­i­tor the sta­tus and activ­i­ties of a for­mer roman­tic part­ner, an often-unhealthy use of social media known as inter­per­son­al elec­tron­ic sur­veil­lance. A study pub­lished in Cyberpsy­chol­o­gy, Behav­ior, and Social Net­work­ing, called “Roman­tic Part­ner Mon­i­tor­ing after Breakups: Attach­ment, Depen­dence, Dis­tress, and Post-Dis­so­lu­tion Online Sur­veil­lance via Social Net­work­ing Sites,” writ­ten by Jesse Fox of Ohio State Uni­ver­si­ty and Robert Toku­na­ga of the Uni­ver­si­ty of Hawaii, report that indi­vid­u­als who were most dis­tressed by a breakup were most like­ly to mon­i­tor their ex-part­ners online. Source: Sci­ence 2.0

This just in: News sites vulnerable to hacks

sh_online news_280A glob­al study car­ried out by News­cy­cle Solu­tions finds that 52 per­cent of news media com­pa­nies it can­vassed were either hacked or suf­fered a data breach from the begin­ning of 2014. A fur­ther 12 per­cent were uncer­tain if their busi­ness­es had been attacked or com­pro­mised. Although the two most com­mon types of report­ed cyber attacks involved phish­ing (59 per­cent) and mal­ware (51 per­cent), it was the 49 per­cent of dis­trib­uted-denial-of-ser­vice attacks by so-called hack­tivists that are said to have posed a par­tic­u­lar con­cern. They have attempt­ed to take over media web­sites for polit­i­cal pur­pos­es. Peter Marsh, News­cy­cle Solu­tions’ vice pres­i­dent of mar­ket­ing, believes that the news media indus­try is espe­cial­ly vul­ner­a­ble to cyber attacks. “With cyber attacks and data breach­es con­tin­u­ing to grow in scale, sophis­ti­ca­tion and fre­quen­cy,” he writes, “pub­lish­ers must take every step pos­si­ble to pro­tect them­selves from those who seek to silence their voic­es and steal their valu­able data.” Source: The Guardian

They Like it: Facebook gets a win in privacy case

sh_facebook like_400Face­book has won dis­missal of a $15 bil­lion law­suit accus­ing the com­pa­ny of secret­ly track­ing the Inter­net activ­i­ty of its users after they log off. A judge agreed with Facebook’s argu­ment that the case should be dis­missed because sub­scribers didn’t spec­i­fy how they were harmed. The judge said the users could refile most of their claims in a revised law­suit. Face­book users alleged in a 2012 com­plaint that while they may have agreed to the company’s instal­la­tion of “cook­ie” files on their com­put­ers to track and trans­mit their Web brows­ing, they didn’t con­sent to such mon­i­tor­ing after log­ging out of the social net­work. The law­suit con­sol­i­dat­ed sim­i­lar com­plaints filed on behalf of U.S. res­i­dents who sub­scribed to Face­book from May 2010 to Sep­tem­ber 2011. Source: The Syd­ney (Aus­tralia) Morn­ing Herald

False information online can hurt … and that’s no lie

The Supreme Court is going to con­sid­er the ques­tion of what rem­e­dy peo­ple might have if false infor­ma­tion is pub­lished about them on the Inter­net. The case involves a man who sued Spokeo, “a peo­ple search engine that orga­nizes White Pages list­ings, pub­lic records and social net­work infor­ma­tion to safe­ly find and learn about peo­ple.” The plain­tiff alleges that Spokeo pub­lished false infor­ma­tion about him, which dam­aged his abil­i­ty to find a job, and that it also would have a neg­a­tive impact on his cred­it and insur­ance prospects. He is rely­ing on the Fair Cred­it Report­ing Act, which pro­vides in part for “fair and accu­rate report­ing.” Spokeo says because the man did not have a “real” injury, he should not be allowed to pro­ceed. Source: Com­mu­ni­ties Dig­i­tal News

Home Depot continues to be an example of hack impact

sh_home depot_280A lit­tle more than a year after some 56 mil­lion cus­tomers’ cred­it card num­bers were exposed to hack­ers in one of the nation’s largest secu­ri­ty breach­es, Home Depot’s rep­u­ta­tion and bot­tom line have sur­vived rel­a­tive­ly unscathed. But the breach prompt­ed inter­nal changes at the home improve­ment giant and left it with lin­ger­ing legal headaches. More than 50 law­suits filed since the com­pa­ny dis­closed in Sep­tem­ber 2014 it had been hacked have been con­sol­i­dat­ed into two suits, each seek­ing class-action status—one for con­sumers and the oth­er for finan­cial insti­tu­tions such as banks and cred­it unions. Experts say Home Depot is like­ly to set­tle out-of-court to both avoid the mil­lions in costs it will take to fight the lit­i­ga­tion and the pub­lic rela­tions dam­age it could suf­fer if either case went to tri­al. Home Depot has sought to quash the law­suits, which have not yet been cer­ti­fied as class actions. Its attor­neys argued for dis­missal of the suits in U.S. Dis­trict Court. A deci­sion is pend­ing. Source: The Atlanta Journal-Constitution

A lesson in privacy, and the lack of it

Weak­ness­es in state and fed­er­al laws—and the often-con­flict­ing motives of stu­dents, par­ents, and col­lege officials—have left patient pri­va­cy vul­ner­a­ble when stu­dents receive med­ical treat­ment on cam­pus. Uni­ver­si­ties walk a fine line when pro­vid­ing that treat­ment or men­tal health ser­vices to stu­dents. If cam­pus offi­cials don’t know what’s going on or dis­close too lit­tle, they risk being blamed if a stu­dent harms him­self, her­self or oth­ers. If they pry too deeply, they may be accused of invad­ing pri­va­cy, there­by dis­cour­ag­ing stu­dents from seek­ing treat­ment. Even after men­tal health treat­ment ends, pri­va­cy issues per­sist. Dis­putes have erupt­ed over whether col­leges can con­sult patient records to defend them­selves, such as when they are accused of not prop­er­ly inves­ti­gat­ing a sex­u­al assault. Source: ProP­ub­li­ca

More trouble for iPhone in China

sh_iPhone unlock_200China’s Pub­lic Secu­ri­ty Min­istry has warned iPhone users to dis­re­gard a mes­sage ask­ing them to “unlock account” as it’s a scam that gives hack­ers access to their device. If vic­tims click on the scam mes­sage, it blocks the phone, and own­ers are asked to pay a fee to turn it back on again. The ministry’s warn­ing tells peo­ple to click can­cel if such a mes­sage pops up, and to change the pass­word for their email and Apple ID. Source: The South Chi­na Morn­ing Post

Shades of the Jetsons: Shopping with the touch of a button

Buy­ing stuff on Google Play will get eas­i­er with Android 6.0 Marsh­mal­low, as the new OS brings fin­ger­print authen­ti­ca­tion to quick­ly autho­rize pur­chas­es. Users will be able to autho­rize Play Store pur­chas­es with their fin­ger­prints. This new Google Play option sig­nif­i­cant­ly increas­es secu­ri­ty, while also help­ing users save time when they shop. The option is now live for fin­ger­print sen­sor-equipped hand­sets run­ning Android 6.0 Marsh­mal­low. For now, this means that only the new Nexus 6P and Nexus 5X sup­port it. Source: Tech Times

Shocker (not): OPM breach prompts lawsuit

sh_OPM breach_750An Ida­ho man is suing the fed­er­al gov­ern­ment for com­pro­mis­ing his per­son­al infor­ma­tion in com­put­er hacks revealed ear­li­er this year at the fed­er­al Office of Per­son­nel Man­age­ment that put the pri­vate data of at least 21.5 mil­lion Amer­i­cans at risk. Vic­tor Hobbs, an avi­a­tion safe­ty spe­cial­ist for the Fed­er­al Avi­a­tion Admin­is­tra­tion, claims the U.S. hir­ing agency vio­lat­ed his con­sti­tu­tion­al right to pri­va­cy and was neg­li­gent by fail­ing to prop­er­ly secure his per­son­al infor­ma­tion. The OPM has said data stolen from its com­put­er net­works includ­ed Social Secu­ri­ty num­bers and oth­er sen­si­tive data on mil­lions of cur­rent and for­mer fed­er­al work­ers and peo­ple who under­went secu­ri­ty clear­ance back­ground checks. Hobbs is seek­ing mon­e­tary and oth­er dam­ages and has asked a fed­er­al judge to grant class-action sta­tus for his law­suit. It names as defen­dants OPM offi­cials and a con­trac­tor that ran back­ground inves­ti­ga­tions for the agency. Source: Reuters via Ven­ture Beat