As Google tracks credit card transactions, privacy advocates raise questions

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Google has begun using billions of credit-card transaction records to prove that its online ads are prompting people to make purchases, even when they happen offline in brick-and-mortar stores, the company said. The advance allows Google to determine how many sales have been generated by digital ad campaigns. The announcement renewed privacy complaints about how the company uses personal information. Google already analyzes users’ Web browsing, search history and geographic locations, using data from Google-owned apps such as YouTube, Gmail, Google Maps and the Google Play store. All that information is tied to the real identities of users when they log into Google’s services. The new credit-card data enables the tech giant to connect these digital trails. Privacy advocates said few people understand that their purchases are being analyzed in this way and could feel uneasy, despite assurances from Google that it has taken steps to protect the personal information of its users. Google also declined to detail how the new system works or what companies are analyzing records of credit and debit cards on Google’s behalf. Source: AL.com

Target to pay $18.5 million to states to settle hack probe

Target will pay $18.5 million and take steps to improve its cybersecurity to settle investigations by 47 states and the District of Columbia into its handling of a 2013 hack. The multistate settlement, the largest ever for a data breach, stems from an investigation that found Target had not taken enough steps to properly secure its customers’ data. The hack compromised millions of customer accounts, including credit card and contact information. Source: The Hill

Hospitals report data breaches sooner 

For the second straight month, hospitals posted improved data breach reporting times, according to the monthly Breach Barometer published by Protenus and Databreaches.net.

Thirty-four incidents involving protected health information or medical data happened in April, five fewer than the 39 incidents in March but three more than the 31 each registered during January and February. Source: Healthcare IT News

Hackers accused of falsifying stories on news websites

Saudi Arabia blocked access to several Qatari news websites after they carried fake articles about gulf efforts to isolate Iran, stories Qatari officials said were the result of a hack, exposing tensions among Sunni-ruled monarchies seeking to form a united front against the Islamic Republic. Qatar said hackers posted a fake story on the Qatar News Agency website with comments falsely attributed to the Qatari emir describing attempts to confront Iran as a mistake. They then took over the agency’s Twitter account to announce that Qatar was recalling its ambassadors from other gulf countries and Egypt. Source: Bloomberg

Congresswoman introduces bill to protect browser history

The House of Representatives may have voted to roll back the FCC’s privacy rules and let internet providers sell your browser history without your explicit permission, but there’s a replacement in the wings. Rep. Marsha Blackburn, R-Tenn., has proposed a bill, the Browser Act, which would have both internet providers and content providers (Facebook, Google) get your permission before selling data. They couldn’t refuse service if you disagreed, either. Source: Engadget

Video players, streaming devices vulnerable to attack

A proof of concept attack using malicious video subtitle files reveals how adversaries can execute remote code on PCs, Smart TVs and mobile devices using video players and services such as VLC Media Player, Kodi, Stremio and Popcorn Time. “We believe there are upward of 200 million video players and streamers vulnerable to this type of attack,” said Omri Herscovici, team leader for products research and development at Check Point Software Technologies. Source: Kaspersky Lab

Cyber insurance coverage purchases on the rise

Businesses are buying more cyber insurance and prices for the coverage are stabilizing, according to a survey by the Council of Insurance Agents and Brokers. About 32 percent of respondents’ clients purchased some form of cyber liability and/or data breach coverage in the past six months, compared with 29 percent in October 2016. Source: Insurance Journal

Hacking group says it can fool iris-recognition system on Galaxy S8

Samsung Electronics is investigating claims by a German hacking group that it fooled the iris recognition system of the new flagship Galaxy S8 device. A video posted by the Chaos Computer Club shows the Galaxy S8 being unlocked using a printed photo of the owner’s eye covered with a contact lens to replicate the curvature of a real eye. “A high-resolution picture from the internet is sufficient to capture an iris,” CCC spokesman Dirk Engling said. Source: Phys.org

European data protection rules may catch some unready

The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready. Recent surveys show that most companies are not prepared for the regulations. According to a recent SailPoint survey, 80 percent see GDPR as a priority, but only 25 percent have an established plan. Gartner estimates that the majority of all companies affected by GDPR will still not be in compliance at the end of 2018. Source: CSO

Florida gun permit holders’ personal data exposed

Florida concealed weapon permit holders’ information could be in danger after a statewide hack affecting more than 16,000 people; some Social Security numbers may be at risk. The state says the breach occurred through the online payment system, but the hackers didn’t obtain financial information. Source: WBBH, Fort Myers, Fla.

Military to start cyber clearance process earlier

Moving qualified service members through the security clearance process to be part of the cyber mission force has been a challenge for the military. The Navy is trying to begin the process earlier in sailors’ career so they can move to assignments and still be vetted properly. Source: USNI News

Microsoft buying cybersecurity firm in $100 million deal

Microsoft will acquire cybersecurity firm Hexadite for $100 million. The company provides technology to automate responses to cyber attacks that it says increases productivity and reduces costs for businesses. Source: Reuters