UK charity mistakenly exposes private emails

(Jun 20, 2019) Mermaids, a U.K. advocacy group and charity, endured a personal information compromise of its own doing, ZDNet reports. The organization mistakenly posted nearly 1,100 emails to its system and made an "inadvertent" data breach by making them publicly accessible. The messages exposed "intimate details of the vulnerable youngsters it [the charity] seeks to help," along with names, addresses and telephone numbers of those who wrote the leaked messages. In a statement, the charity wrote that the ema... Read More

Fla. city pays $592K to hackers in ransomware attack

(Jun 20, 2019) The City Council in Riviera Beach, Florida, has ordered its insurance carrier to pay nearly $592,000 to hackers in order to end a recent ransomware attack, The New York Times reports. The cyberattack occurred May 29 when an opened email attachment forced the city's system to shut down. In addition to paying the ransom, which comes with no guarantees of system restoration, Riviera Beach officials invested $900,000 for new computer hardware to alleviate concerns of further hacking. “We are well on... Read More

Google releases open-source tool to assist in secure data sharing

(Jun 19, 2019) Google announced it has launched an open-source tool to help organizations share information and respect data subjects’ privacy rights. The Private Join and Compute multiparty computation uses a cryptographic protocol to allow parties to encrypt identifiers within datasets and join them together. The two groups can perform calculations of the data to find useful information in aggregate. “All inputs (identifiers and their associated data) remain fully encrypted and unreadable throughout the proc... Read More

Survey shows enterprises won't act on fears of data security, lack the funds to do it

(Jun 19, 2019) MarTech Advisor reports an Ensighten survey of 200 marketing, security, information technology and corporate professionals showed staggering inconsistencies with concerns regarding data breaches versus action to prevention. Nearly 90% of respondents said the recent increase in breaches concerns them, and 98% would like to bolster security to avoid data exposures. However, only 34.5% have put their fears to rest by implementing safeguards for customer data. The lack of action toward bulking up da... Read More

Former DHS chief: US data regulation to draw parallels with GDPR

(Jun 19, 2019) Speaking at the Gartner Security and Risk Management Summit, former Secretary of the U.S. Department of Homeland Security Michael Chertoff said that data regulation in the U.S. may mirror the EU General Data Protection Regulation in the way of giving users more control of their data. "The focus has to change from 'hide the data,' which [isn't] going to work, to 'controlling the data,'" Chertoff said of the overall scope for any proposed regulation. He added that tech companies "are starting to a... Read More

NIST releases guidelines for building trustworthy, secure software

(Jun 18, 2019) The U.S. National Institute of Standards and Technology has published draft guidelines that set out to help tech companies bolster software security while working to help consumers choose the most secure technologies, Nextgov reports. The framework involves principles for software preparation, protection, creation and vulnerability response. “Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the ex... Read More

GAO finds breach vulnerability in 4 US government agencies

(Jun 17, 2019) CNET reports the U.S. Government Accountability Office has released a report citing four government entities that are vulnerable to data breaches and fraud due to a shared security measure. The U.S. Postal Service, Department of Veterans Affairs, Social Security Administration, and Centers for Medicare and Medicaid Services each use Knowledge-Based Verification, which calls for applicants to verify identity using personal information, such as birthdates, Social Security numbers and addresses. Th... Read More

Forensics firm claims new tool can unlock any device for police

(Jun 17, 2019) Israeli forensics firm and law enforcement Cellebrite announced a tool that law enforcement can use to unlock iOS and Android devices, Wired reports. The tool, referred to as the Universal Forensic Extraction Device, can reportedly be used to unlock any iOS, beginning with iOS 7 through the latest update, without user consent. While there are companies that access personal devices for law enforcement, this is the first time a security firm has publicly acknowledged this ability. Meanwhile, TechC... Read More

Telegram app accuses China of cyberattack

(Jun 14, 2019) Encrypted messaging app Telegram said it was the target of a cyberattack originating from China, The Hill reports. The attack occurred at the same time protests were taking place in Hong Kong over a bill that would extradite people to mainland China. Telegram Founder and CEO Pavel Durov said that every major distributed-denial-of-service attack it has experienced “coincided in time with protests in Hong Kong.” While service was disrupted, Durov said Telegram’s encryption was not affected during ... Read More

CBSA launches investigation following US CBP breach

(Jun 14, 2019) The recent data breach that affected U.S. Customs and Border Protection has forced the Canada Border Services Agency to launch an investigation of its own, CBC News reports. The U.S. agency was impacted by a privacy breach in which photos of travelers and license plates were compromised. The CBSA uses the same plate-reader technology as the CBP. CBSA Spokesman Nicholas Dorion said in an email the agency is reviewing whether the breach will ultimately impact Canadian citizens. "(CBSA is) investig... Read More