Many of the things I hate about a breach. Not
detected internally. Probably operated for almost a year.
Matt O’Brien reports:
A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.
The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.
Read more on SacBee.
What’s of special note is that it
was a security firm, Gemini Advisory LLC , who picked up on this one
and made the Hudson Bay aware:
Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards.
From Gemini’s
advisory:
-
We estimate the window of compromise to be May 2017 to present.
-
Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations.
You’ll probably want to read
the entire advisory on this one.
Nothing in the article suggests they need a
password. I wonder if the FBI knows about this one?
Hayley Dixon reports:
Police forces across country have been quietly rolling out technology which allows them to download the entire contents of victim’s phone without a warrant.
At least 26 forces now use technology which allows them to to extract location data, conversations on encrypted apps, call logs, emails, text messages, photographs, passwords and internet searches among other information.
Read more on The
Telegraph.
[From
the article:
The searches can be done instantly at a local
police station and are used by many forces for low level crime –
regardless of whether or not someone is charged – and can be used
on victims and witnesses as well as suspects.
The
Metropolitan Police, which was the first force to introduce the
extraction devices during the London 2012 Olympics, has
admitted that when a single photograph is required from a victim's
phone every one is downloaded.
The revelations have led to concern that it could
prevent victims coming forward, particularly in domestic abuse or
rape cases.
… Some forces, each of which provide different
guidance, have even equipped officers with portable mobile phone
extraction kits which can be used on the go.
… Though guidelines say consent should be
obtained from a witness before their phone is accessed, it is
possible for this need to be overridden.
That’s a change!
Gert-Jan Fraeyman and Peter Craddock of DLA Piper
write:
On 22 February 2018, the European Court of Human Rights (ECHR) decided a case concerning the alleged violation of Article 8 of the European Convention on Human Rights (the Convention) in the context of controlling an employee’s personal files stored on the hard drive of his work computer. The judgment of the ECHR (in French) can be accessed here and the press release (in English) can be accessed here.
The applicant, Eric Libert, is a French national who had been working at the French railway company SNCF. In 2007, Mr Libert had been temporarily suspended from his duties because his employer found that Mr. Libert’s work computer contained, inter alia, address change certificates drawn up for third persons and bearing the official Surveillance unit logo, and a large number of files containing pornographic images and films. He was dismissed from his post on 17 July 2008. After being unsuccessful before the national courts, Mr. Libert lodged an application with the ECHR against the French Government while primarily relying on Article 8 (right to respect for private and family life) of the Convention.
Read more on DLA Piper Privacy
Matters.
Perspective.
Amazon
Exec: IoT Reverses the Internet
… The Internet today is designed to deliver
mass volumes of content, particularly video, from the center to
"masses of endpoints" that want to consume that content,
Cooper said. IoT does the opposite – it requires bringing masses
of data from the edge inward. And that requires fundamental changes
to Internet technology.
Something for my Students. Determine if this is a
fact.
Hand-crafted
fact-checking matters in an algorithmic world
Inside
Higher Education: “It’s International
Fact-Checking Day, a project
of the Poynter
Institute. What a quaint concept! It’s intrinsic to good
journalism, but it can’t be done by algorithm or en masse – it’s
lovingly hand-crafted work in pursuit of nailing down something
that’s often ambiguous and needs to be considered in context and
without confirmation bias. In an era when the deadline is eternally
now (newspapers are no longer put to bed, they have to be up and at
‘em 24/7) and lies travel to the top of Google search results
before the truth can get its pants on, there’s little time to check
the facts and few staff to do. The efforts librarians and media
literacy folks have launched to help citizens sort it all out are
needed, but outsourcing the work to individuals isn’t a solution
any more than privacy self-defense is the fix for surveillance
capitalism. Yes, we need to know how to weigh information we
encounter every day, but we also need to acknowledge that it’s
coming at us fast and at volume. We need some quality fact-checkers
working in critical places, which means we need to support
trustworthy human gatekeepers…”
Something to compliment my next spreadsheet class.
No comments:
Post a Comment