US seeing surge of ransomware attacks

(Aug 22, 2019) The New York Times reports more than 40 municipalities have been hit with ransomware attacks over the last year. This particular type of cyberattack is not new, but the success of ransomware has led hackers to seek further research and development for more precise attacks. "The business model for the ransomware operators for the past several years has proved to be successful,”  Department of Homeland Security Cybersecurity and Infrastructure Security Agency Director Chris Krebs said. "Years of f... Read More

Sneaker company faces class-action lawsuit over data breach

(Aug 22, 2019) A class-action lawsuit has been filed against StockX over its recent data breach, The Detroit News reports. The lawsuit was filed on behalf of a minor from Kansas and others who had their information compromised in the attack. The suit alleged the plaintiff's personal data “was accessed, acquired, stolen and re-sold by hackers for the express purpose of misusing plaintiff’s data and causing further irreparable harm to plaintiff’s personal, financial, reputational and future well-being.” The snea... Read More

Report shows spike in unlawful data use, access by Chinese apps

(Aug 22, 2019) Caixin Global reports a new half-year study in China has revealed that a large portion of mobile apps are illegally using and accessing personal information. National Computer Network Emergency Response Technical Team/Coordination Center of China analyzed 1,000 Chinese apps, each requiring an average of 25 permissions, while 30% of apps demand access to call logs despite that data being unrelated to their operations. The apps also averaged 20 collected data items relating to individuals or their... Read More

NPP Australia reports PayID data breach

(Aug 22, 2019) A data breach involving an undisclosed number of PayID records has been reported by the New Payments Platform Australia, iTnews reports. Australian banks have begun notifying customers of the breach, which exposed PayID names and account numbers. "None of the details involved can, on their own, enable the withdrawal of funds from a customer’s account without the customer’s specific further involvement," NPP Australia said, adding that customers were informed by the banks "so that they can take t... Read More

A look at ISO's new privacy management standard

(Aug 20, 2019) When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information privacy, it noted that digital privacy has "become a significant business concern." No doubt this has been demonstrated on the enforcement front in recent months. The new standard, ISO/IEC 27701, is an extension of ISO/IEC 27001 — the commonly adopted security standard — and "specifies the requirements for establishing, implementing, maintai... Read More

World's first global privacy management standard hits the mainstream

(Aug 20, 2019) When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information privacy, it noted that digital privacy has "become a significant business concern."  No doubt this has been demonstrated on the enforcement front in recent months. The U.S. Federal Trade Commission fined Facebook a record $5 billion in the same week that it fined Equifax $575 million. Each settlement also included board-level requirements a... Read More

Bail bondsman obtains location data with fake calls to carriers

(Aug 20, 2019) A Colorado bail bondsman coaxed Sprint, T-Mobile and Verizon into providing him with the location data of bail jumpers through illegal phony calls, The Daily Beast reports. Matthew Marre posed as law enforcement when he contacted the phone carriers, which were told Marre was a member of the Colorado Public Safety Task Force dealing with an emergency that required location data on certain individuals. U.S. Sen. Ron Wyden, D-Ore., a privacy critic of phone carriers, took issue with the carriers' p... Read More

Researchers' noise-exploitation attack may break through differential privacy methods

(Aug 19, 2019) Researchers from Imperial College London and Université Catholique de Louvain discovered a noise-exploitation attack to break through query-based databases that use aggregation and noise to mask personal data, TechCrunch reports. Imperial College London Assistant Professor and co-author of the research paper Yves-Alexandre de Montjoye said a party could exploit differential privacy should they send enough queries to eventually figure out “every single thing that exists in the database because ev... Read More

Lawsuit claims Facebook did not warn against personal data risks before 2018 breach

(Aug 19, 2019) A class-action suit has been filed in the U.S. District Court for the Northern District of California alleging Facebook did not properly inform users about data risks related to its single sign-on tool, which was the source of the social network's 2018 data breach, Reuters reports. The claim argues that while users were not informed of the risks that ultimately led to accounts being taken over, Facebook's employees were allegedly aware of them. "Facebook knew about the access token vulnerability... Read More

Officials say at least 20 Texas agencies impacted by ransomware attack

(Aug 19, 2019) The Hill reports at least 20 Texan government entities were impacted by a ransomware attack. The Texas Department of Information Resources said in a statement officials from those agencies have responded to the attack. "Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested,” the statem... Read More