Wednesday, February 25, 2015
Should non-customers (ex-customers, potential customers, etc.) be treated the same as customers? Same database, same security, etc?
Earlier this month, health insurer Anthem was hit by a massive hack. Now, it's admitted that between 8.8 million and 18.8 million people who are not its customers could also be victims in the attack.
… It's the non-Anthem Blue Cross Blue Shield customers that are potentially affected because "their records may be included in the database that was hacked," the company told Reuters. Up to this point, Anthem hadn't admitted that the effects of the recent hack spread any wider than its direct members.
… Anthem has also updated the total of its own customers affected by the hack to 78.8 million customers—down, ever so slightly, from the estimated 80 million. In total, with non-customers included, the tally of those affected could reach as high as 98.6 million. Uncertainty in the total is because 14 million of the records are incomplete, making it difficult for Anthem to link all of its members to the correct plans.
Joseph Conn reports:
The potential legal liabilities from the unprecedented breach of some 80 million individuals’ records at Indianapolis-based insurance giant Anthem could entangle nearly 60 health insurance plans from Hawaii to Puerto Rico, legal experts say. More than 50 class-action lawsuits related to the breach already have been filed in less than a month.
The plans could find themselves held legally responsible for the breach under the federal Health Insurance Portability and Accountability Act privacy and security law as well as state laws. They likely also face a rising number of private civil suits, according to legal experts.
Read more on Modern Healthcare.
(Related) Let me guess. North Korea?
Cory Bennett reports:
The FBI is close to naming the cyberattacker behind the Anthem data breach. Whether it tells the public, though, remains to be seen.
“We’re close already,” said Robert Anderson, who leads the FBI’s Criminal, Cyber, Response, and Services Branch, during a Tuesday roundtable with reporters. “But we’re not going to say it until we’re absolutely sure.”
Read more on The Hill.
Does this have implications for Anthem or is LinkedIn not as valuable as your complete medical history? (Article 4)
LinkedIn Pays Out $1 for Leaked Passwords
If you were a premium user of LinkedIn between March 2006 and June 2012 then the company owes you around $1. This is due to the settlement of a class-action lawsuit over the publication of LinkedIn passwords in 2012.
According to Ars Technica, an aggrieved premium user by the name of Katie Szpyrka sued LinkedIn alleging it was negligent over the leak, amongst other things. The court agreed, and LinkedIn has set up a fund worth $1.25 million to pay the costs and compensate the plaintiffs.
Unfortunately, 800,000 premium users qualify for compensation, so after the lawyers take their cut, each one will receive around $1. The company “continues to deny that it committed, or threatened, or attempted to commit any wrongful act or violation of law or duty alleged in the Action.” However, LinkedIn has promised to hash and salt all user passwords from now on.
Why now? Was this never considered when the company was started?
Seth Fiegerman reports:
Better late than never.
Reddit, the popular social news service, issued new digital privacy guidelines on Tuesday firmly prohibiting sexually explicit images posted without the user’s position. [Still Okay for “escort services” to advertise? Bob]
“No matter who you are, if a photograph, video, or digital image of you in a state of nudity, sexual excitement, or engaged in any act of sexual conduct, is posted or linked to on Reddit without your permission, it is prohibited,” the company’s top executives wrote in a post. “We also recognize that violent personalized images are a form of harassment that we do not tolerate and we will remove them when notified.”
Read more on Mashable.
(Related) Again, why now?
Google Announces Steps to Clean Up Blogger
I'm going to go farther and say that paying the ransom suggests that you had lousy security, inadequate backup procedures and really, really bad management.
In response to a recent news story out of Midlothian (noted here), an editorial in The Journal Times reminds law enforcement that they should take their own advice and not pay ransom to hackers who lock up police files.
As the editors note, the Midlothian incident is not the first time law enforcement has paid ransom:
Last November, the Dickson County Sheriff’s Department in Tennessee paid out $572 when the same virus infected its computers. The sheriff there said his first reaction was “we are not going to be held hostage. But, he said, “once it was determined which records were involved and that they were crucial to victims of crimes in this county, and to the operations of the sheriff’s office and the citizens of this county … I had no choice but to authorize to pay this.”
I don’t recall ever seeing that case, but I do recall the one in Detroit earlier last year. In that case, the city didn’t pay the demand for hundreds of thousands of dollars.
As the editors note:
Paying ransom, even cheap ransom, is never a good policy, and it’s particularly unseemly when a police agency is held up.
Read more on The Journal Times.
We’ll probably never know how often entities pay ransom and just quietly go about their business if they’re lucky enough to get the promised decryption key, but the editors have a point: this should not be one of those “Do as we say, not as we do” situations.
...because not all high school students are criminals? What a concept!
I just love to see students stand up for their rights!
Olivia Carville reports:
In a precedent-setting decision, two Toronto high school students took their principal to court and won the battle against mandatory breath testing at prom.
The Northern Secondary School students petitioned the court after their principal, Ron Felsen, demanded compulsory breathalyzer tests at last year’s prom.
The Superior Court ruled in the students’ favour on Monday, stating mandatory breath testing would infringe on their constitutional rights.
Read more on Toronto Star.
(Related) Did they ask lawyers or parents or students? Why pay so much for an easily created App?
Genevieve Bookwalter reports:
Lake Forest teachers soon will have a cell phone app that operates like a panic button, letting them alert police and administrators and track students in case of a school shooting or other emergency.
At a school board meeting Monday night, members of the District 67 board of education, which governs Lake Forest’s elementary schools, unanimously approved buying CrisisGo, based in Marion, Ill., for teachers and administrators to use in crises. Along with notifying authorities, the app also would hold a copy of schools’ emergency response manuals.
“It’s really the next best practice in school safety,” said Lauren Fagel, assistant superintendent of curriculum, instruction, technology and assessment for districts 67 and 115. District 115 governs Lake Forest High School.
But before approving the purchase, district leaders did voice concerns about students’ privacy. In the end, they felt increased safety was worth the trade-off.
Read more on Chicago Tribune.
[From the article:
… Along with serving as something of a panic button, CrisisGo would tap Lake Forest's attendance software to let administrators know which students are in what classrooms and who stayed home sick, according to company officials. [Could this be used to target specific students or teachers? Bob]
… The app is expected to cost $.90 per student, or about $4,000 per year.
I think it's a bad idea. If they aren't talking in public, how will we be able to mock them in public? (See how easily I can ridicule Rep. Poe?)
Rep. Ted Poe (R-Texas) on Tuesday suggested that terrorist groups like the Islamic State should be barred from using social media sites like Twitter to spread their message.
Poe cited recent examples of the Islamic State, also known as ISIS, posting videos of murdered prisoners on Twitter. The Texas Republican argued that the American-owned company is essentially giving terrorist groups a free platform to reach millions of people.
For my Data Management and Business Intelligence students to explore.
25 Social Media Channels You’re Probably Not Using Now
… Check out our list of social media channels you’re probably not using and see if any have potential for your business.
Identify Your Target Audience on Instagram with SharkReach
(Related) Also worth a read.
7 Reasons Snapchat is a Teenager’s Favourite Social Network
(Related) How Analytics can be used to benefit (and locate?) customers.
Analytics in E Major
How to Build Your Own Search Engine
This evening I hosted a webinar for a school district in Florida. One of the many topics that we covered was building a custom search engine for elementary school students to use. If you have ever wanted to build your own search engine, the directions contained in the slides and videos below will get you started on the right path.
If you would like a copy of these slides open the slide editor then select "file, make a copy." You will have to be logged into your Google Account to make the copy.
This might be useful in a few of my classes.
The Handy Guide to Social Media Keyboard Shortcuts
Do you use social media, either for fun or work? Would you like to make your social media experience more enjoyable and efficient? As with anything, mastering keyboard shortcuts can be a great way to achieve that goal. But every social media site has it’s own set of keyboard shortcuts; how are you to remember them all?
The answer is simple: check out the this cheat sheet below, as it breaks down the most useful shortcuts for every big player in social media. Save it, print it, and use it to help turn you into a social media guru.