TalkTalk about trouble without encryption

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

British mobile phone operator TalkTalk, which has been hit by hackers, has acknowledged it did not encrypt customer data such as credit card details and telephone numbers. Millions of customers’ data could have been stolen. “We have complied with all of our legal obligations in terms of storing of financial information,” CEO Dido Harding said. “It wasn’t encrypted, nor are you legally required to encrypt it.” The mobile operator has 4 million users, but has not confirmed how many it believes were caught up in the data breach. However, TalkTalk could face thousands of legal claims from victims, with the total payout rising to around 20 million pounds (about $31 million), says insurance law firm BLM, including the cost of replacing 4 million credit cards. Source: IT Pro

Social media makes stalking easier

sh_online breakup_stalk_280Social networking makes it easy to monitor the status and activities of a former romantic partner, an often-unhealthy use of social media known as interpersonal electronic surveillance. A study published in Cyberpsychology, Behavior, and Social Networking, called “Romantic Partner Monitoring after Breakups: Attachment, Dependence, Distress, and Post-Dissolution Online Surveillance via Social Networking Sites,” written by Jesse Fox of Ohio State University and Robert Tokunaga of the University of Hawaii, report that individuals who were most distressed by a breakup were most likely to monitor their ex-partners online. Source: Science 2.0

This just in: News sites vulnerable to hacks

sh_online news_280A global study carried out by Newscycle Solutions finds that 52 percent of news media companies it canvassed were either hacked or suffered a data breach from the beginning of 2014. A further 12 percent were uncertain if their businesses had been attacked or compromised. Although the two most common types of reported cyber attacks involved phishing (59 percent) and malware (51 percent), it was the 49 percent of distributed-denial-of-service attacks by so-called hacktivists that are said to have posed a particular concern. They have attempted to take over media websites for political purposes. Peter Marsh, Newscycle Solutions’ vice president of marketing, believes that the news media industry is especially vulnerable to cyber attacks. “With cyber attacks and data breaches continuing to grow in scale, sophistication and frequency,” he writes, “publishers must take every step possible to protect themselves from those who seek to silence their voices and steal their valuable data.” Source: The Guardian

They Like it: Facebook gets a win in privacy case

sh_facebook like_400Facebook has won dismissal of a $15 billion lawsuit accusing the company of secretly tracking the Internet activity of its users after they log off. A judge agreed with Facebook’s argument that the case should be dismissed because subscribers didn’t specify how they were harmed. The judge said the users could refile most of their claims in a revised lawsuit. Facebook users alleged in a 2012 complaint that while they may have agreed to the company’s installation of “cookie” files on their computers to track and transmit their Web browsing, they didn’t consent to such monitoring after logging out of the social network. The lawsuit consolidated similar complaints filed on behalf of U.S. residents who subscribed to Facebook from May 2010 to September 2011. Source: The Sydney (Australia) Morning Herald

False information online can hurt … and that’s no lie

The Supreme Court is going to consider the question of what remedy people might have if false information is published about them on the Internet. The case involves a man who sued Spokeo, “a people search engine that organizes White Pages listings, public records and social network information to safely find and learn about people.” The plaintiff alleges that Spokeo published false information about him, which damaged his ability to find a job, and that it also would have a negative impact on his credit and insurance prospects. He is relying on the Fair Credit Reporting Act, which provides in part for “fair and accurate reporting.” Spokeo says because the man did not have a “real” injury, he should not be allowed to proceed. Source: Communities Digital News

Home Depot continues to be an example of hack impact

sh_home depot_280A little more than a year after some 56 million customers’ credit card numbers were exposed to hackers in one of the nation’s largest security breaches, Home Depot’s reputation and bottom line have survived relatively unscathed. But the breach prompted internal changes at the home improvement giant and left it with lingering legal headaches. More than 50 lawsuits filed since the company disclosed in September 2014 it had been hacked have been consolidated into two suits, each seeking class-action status—one for consumers and the other for financial institutions such as banks and credit unions. Experts say Home Depot is likely to settle out-of-court to both avoid the millions in costs it will take to fight the litigation and the public relations damage it could suffer if either case went to trial. Home Depot has sought to quash the lawsuits, which have not yet been certified as class actions. Its attorneys argued for dismissal of the suits in U.S. District Court. A decision is pending. Source: The Atlanta Journal-Constitution

A lesson in privacy, and the lack of it

Weaknesses in state and federal laws—and the often-conflicting motives of students, parents, and college officials—have left patient privacy vulnerable when students receive medical treatment on campus. Universities walk a fine line when providing that treatment or mental health services to students. If campus officials don’t know what’s going on or disclose too little, they risk being blamed if a student harms himself, herself or others. If they pry too deeply, they may be accused of invading privacy, thereby discouraging students from seeking treatment. Even after mental health treatment ends, privacy issues persist. Disputes have erupted over whether colleges can consult patient records to defend themselves, such as when they are accused of not properly investigating a sexual assault. Source: ProPublica

More trouble for iPhone in China

sh_iPhone unlock_200China’s Public Security Ministry has warned iPhone users to disregard a message asking them to “unlock account” as it’s a scam that gives hackers access to their device. If victims click on the scam message, it blocks the phone, and owners are asked to pay a fee to turn it back on again. The ministry’s warning tells people to click cancel if such a message pops up, and to change the password for their email and Apple ID. Source: The South China Morning Post

Shades of the Jetsons: Shopping with the touch of a button

Buying stuff on Google Play will get easier with Android 6.0 Marshmallow, as the new OS brings fingerprint authentication to quickly authorize purchases. Users will be able to authorize Play Store purchases with their fingerprints. This new Google Play option significantly increases security, while also helping users save time when they shop. The option is now live for fingerprint sensor-equipped handsets running Android 6.0 Marshmallow. For now, this means that only the new Nexus 6P and Nexus 5X support it. Source: Tech Times

Shocker (not): OPM breach prompts lawsuit

sh_OPM breach_750An Idaho man is suing the federal government for compromising his personal information in computer hacks revealed earlier this year at the federal Office of Personnel Management that put the private data of at least 21.5 million Americans at risk. Victor Hobbs, an aviation safety specialist for the Federal Aviation Administration, claims the U.S. hiring agency violated his constitutional right to privacy and was negligent by failing to properly secure his personal information. The OPM has said data stolen from its computer networks included Social Security numbers and other sensitive data on millions of current and former federal workers and people who underwent security clearance background checks. Hobbs is seeking monetary and other damages and has asked a federal judge to grant class-action status for his lawsuit. It names as defendants OPM officials and a contractor that ran background investigations for the agency. Source: Reuters via Venture Beat