As Google tracks credit card transactions, privacy advocates raise questions

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Google has begun using bil­lions of cred­it-card trans­ac­tion records to prove that its online ads are prompt­ing peo­ple to make pur­chas­es, even when they hap­pen offline in brick-and-mor­tar stores, the com­pa­ny said. The advance allows Google to deter­mine how many sales have been gen­er­at­ed by dig­i­tal ad cam­paigns. The announce­ment renewed pri­va­cy com­plaints about how the com­pa­ny uses per­son­al infor­ma­tion. Google already ana­lyzes users’ Web brows­ing, search his­to­ry and geo­graph­ic loca­tions, using data from Google-owned apps such as YouTube, Gmail, Google Maps and the Google Play store. All that infor­ma­tion is tied to the real iden­ti­ties of users when they log into Google’s ser­vices. The new cred­it-card data enables the tech giant to con­nect these dig­i­tal trails. Pri­va­cy advo­cates said few peo­ple under­stand that their pur­chas­es are being ana­lyzed in this way and could feel uneasy, despite assur­ances from Google that it has tak­en steps to pro­tect the per­son­al infor­ma­tion of its users. Google also declined to detail how the new sys­tem works or what com­pa­nies are ana­lyz­ing records of cred­it and deb­it cards on Google’s behalf. Source:

Target to pay $18.5 million to states to settle hack probe

Tar­get will pay $18.5 mil­lion and take steps to improve its cyber­se­cu­ri­ty to set­tle inves­ti­ga­tions by 47 states and the Dis­trict of Colum­bia into its han­dling of a 2013 hack. The mul­ti­state set­tle­ment, the largest ever for a data breach, stems from an inves­ti­ga­tion that found Tar­get had not tak­en enough steps to prop­er­ly secure its cus­tomers’ data. The hack com­pro­mised mil­lions of cus­tomer accounts, includ­ing cred­it card and con­tact infor­ma­tion. Source: The Hill

Hospitals report data breaches sooner 

For the sec­ond straight month, hos­pi­tals post­ed improved data breach report­ing times, accord­ing to the month­ly Breach Barom­e­ter pub­lished by Pro­tenus and

Thir­ty-four inci­dents involv­ing pro­tect­ed health infor­ma­tion or med­ical data hap­pened in April, five few­er than the 39 inci­dents in March but three more than the 31 each reg­is­tered dur­ing Jan­u­ary and Feb­ru­ary. Source: Health­care IT News

Hackers accused of falsifying stories on news websites

Sau­di Ara­bia blocked access to sev­er­al Qatari news web­sites after they car­ried fake arti­cles about gulf efforts to iso­late Iran, sto­ries Qatari offi­cials said were the result of a hack, expos­ing ten­sions among Sun­ni-ruled monar­chies seek­ing to form a unit­ed front against the Islam­ic Repub­lic. Qatar said hack­ers post­ed a fake sto­ry on the Qatar News Agency web­site with com­ments false­ly attrib­uted to the Qatari emir describ­ing attempts to con­front Iran as a mis­take. They then took over the agency’s Twit­ter account to announce that Qatar was recall­ing its ambas­sadors from oth­er gulf coun­tries and Egypt. Source: Bloomberg

Congresswoman introduces bill to protect browser history

The House of Rep­re­sen­ta­tives may have vot­ed to roll back the FCC’s pri­va­cy rules and let inter­net providers sell your brows­er his­to­ry with­out your explic­it per­mis­sion, but there’s a replace­ment in the wings. Rep. Mar­sha Black­burn, R-Tenn., has pro­posed a bill, the Brows­er Act, which would have both inter­net providers and con­tent providers (Face­book, Google) get your per­mis­sion before sell­ing data. They couldn’t refuse ser­vice if you dis­agreed, either. Source: Engad­get

Video players, streaming devices vulnerable to attack

A proof of con­cept attack using mali­cious video sub­ti­tle files reveals how adver­saries can exe­cute remote code on PCs, Smart TVs and mobile devices using video play­ers and ser­vices such as VLC Media Play­er, Kodi, Strem­io and Pop­corn Time. “We believe there are upward of 200 mil­lion video play­ers and stream­ers vul­ner­a­ble to this type of attack,” said Omri Her­scovi­ci, team leader for prod­ucts research and devel­op­ment at Check Point Soft­ware Tech­nolo­gies. Source: Kasper­sky Lab

Cyber insurance coverage purchases on the rise

Busi­ness­es are buy­ing more cyber insur­ance and prices for the cov­er­age are sta­bi­liz­ing, accord­ing to a sur­vey by the Coun­cil of Insur­ance Agents and Bro­kers. About 32 per­cent of respon­dents’ clients pur­chased some form of cyber lia­bil­i­ty and/or data breach cov­er­age in the past six months, com­pared with 29 per­cent in Octo­ber 2016. Source: Insur­ance Journal

Hacking group says it can fool iris-recognition system on Galaxy S8

Sam­sung Elec­tron­ics is inves­ti­gat­ing claims by a Ger­man hack­ing group that it fooled the iris recog­ni­tion sys­tem of the new flag­ship Galaxy S8 device. A video post­ed by the Chaos Com­put­er Club shows the Galaxy S8 being unlocked using a print­ed pho­to of the owner’s eye cov­ered with a con­tact lens to repli­cate the cur­va­ture of a real eye. “A high-res­o­lu­tion pic­ture from the inter­net is suf­fi­cient to cap­ture an iris,” CCC spokesman Dirk Engling said. Source:

European data protection rules may catch some unready

The new Euro­pean Gen­er­al Data Pro­tec­tion Reg­u­la­tion goes into effect next May, with oner­ous noti­fi­ca­tion require­ments and high penal­ties, but a year might not be enough for firms to get ready. Recent sur­veys show that most com­pa­nies are not pre­pared for the reg­u­la­tions. Accord­ing to a recent Sail­Point sur­vey, 80 per­cent see GDPR as a pri­or­i­ty, but only 25 per­cent have an estab­lished plan. Gart­ner esti­mates that the major­i­ty of all com­pa­nies affect­ed by GDPR will still not be in com­pli­ance at the end of 2018. Source: CSO

Florida gun permit holders’ personal data exposed

Flori­da con­cealed weapon per­mit hold­ers’ infor­ma­tion could be in dan­ger after a statewide hack affect­ing more than 16,000 peo­ple; some Social Secu­ri­ty num­bers may be at risk. The state says the breach occurred through the online pay­ment sys­tem, but the hack­ers didn’t obtain finan­cial infor­ma­tion. Source: WBBH, Fort Myers, Fla.

Military to start cyber clearance process earlier

Mov­ing qual­i­fied ser­vice mem­bers through the secu­ri­ty clear­ance process to be part of the cyber mis­sion force has been a chal­lenge for the mil­i­tary. The Navy is try­ing to begin the process ear­li­er in sailors’ career so they can move to assign­ments and still be vet­ted prop­er­ly. Source: USNI News

Microsoft buying cybersecurity firm in $100 million deal

Microsoft will acquire cyber­se­cu­ri­ty firm Hexa­dite for $100 mil­lion. The com­pa­ny pro­vides tech­nol­o­gy to auto­mate respons­es to cyber attacks that it says increas­es pro­duc­tiv­i­ty and reduces costs for busi­ness­es. Source: Reuters