Who designs the “after the breach” customer contact?
Zack Whittaker reports:
Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack.
The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year.
The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.
Read more on TechCrunch.
Note that you do not have to input your passport
info – that’s merely recommended. You do need to input your
first and last name, email address, and town, state, country, and zip
code.
I tried the form using two different email
addresses. After each submission, I was told to check my email for a
confirmation email link that I would need to click to confirm. It’s
two hours later, and I haven’t received any emails asking me to
confirm my request. Zack had reported, “The checker won’t kick
back a result straight away — you’ll have to wait for a response
— and Marriott doesn’t say how long that’ll take.” I didn’t
anticipate that even the confirmation email might take a long time.
Surely this part could have been handled more
promptly???
I do advise my Computer Security students to talk
to their insurers. This seems a bit much.
Noddy A. Fernandez reports:
A gift distribution company is suing a global insurance broker, citing alleged broker malpractice.
Hampton-Haddon Marketing Corp. (HHMC) filed a complaint on Jan. 28 in the U.S. District Court for the Eastern District of Pennsylvania against Willis of Tennessee Inc. and Willis Towers Watson PLC, alleging the defendants breached their duty to advise plaintiff of reasonable business risks and the availability of insurance to cover such risks, and specifically of cyber crime risks such as the BEC scam.
Read more on Penn
Record.
You will love this App. That’s not a
prediction, that’s a command. (How would this work in the US?)
China’s
most popular app is a propaganda tool teaching Xi Jinping Thought
A slick tool for teaching “Xi Jinping Thought”
has become the most popular smartphone app in China, as the country’s
ruling Communist Party launched a new campaign that calls on its
cadres to immerse themselves in the political doctrine every day.
… Xuexi Qiangguo requires users to
sign up with their mobile numbers and real names. “Study points”
are earned by users who log on the app, read articles, make comments
every day and participate in multiple-choice tests about the party’s
policies.
That points feature also offers a method to
monitor the compulsory use
of the app. Party cadres across the country are now required to use
the app every day and accumulate their scores, according to recent
state media reports.
Coming (not so) soon to a country near you!
Meanwhile, all we have is California?
GAO gives
Congress go-ahead for a GDPR-like privacy legislation
An independent report authored by a US government
auditing agency has recommended that Congress develop internet data
privacy legislation to enhance consumer protections, similar to the
EU's General Data Protection Regulation (GDPR).
The
56-page report was put together by the US Government
Accountability Office (GAO), a bi-partisan government agency that
provides auditing, evaluation, and investigative services for
Congress. Its reports are used for hearings and drafting
legislation.
The House Energy and Commerce Committee, which
requested the GAO report
two years ago, has scheduled a hearing for February 26,
during which it plans to discuss GAO's findings and the possibility
in drafting the US' first federal-level internet privacy law.
(Related)
A Status
Report on the California Consumer Privacy Act
Yesterday, I did a
webinar for the California Lawyers Association on the status of the
California Consumer Privacy Act (CCPA). This post recaps the
discussion.
New tech, new issues. No doubt that shortly after
the wheel was invented, it ran over the inventor’s foot.
New Study
Highlights IoT Security and Privacy Flaws in Popular Off the Shelf
Devices
According to a new report (“State of IoT
Security”), so-called “smart” devices might not be so smart
after all. The report from Pepper IoT and Dark Cubed detailed a wide
variety of security issues and privacy flaws in common Internet of
Things (IoT) devices, including some cases where devices such as
smart light bulbs were communicating personal data and information to
third-party companies in China. The major conclusion of the report
is that both retailers and manufacturers need to be taking
comprehensive new steps to resolve these IoT security and privacy
issues.
[The
report: http://pepper.me/news/darkcubed-pepper
This article is interesting. We are increasing
the CJ/Computer Security relationship.
How the
internet made it easier for all of us to be criminals, or victims
In 2007, the criminologist Karuppannan
Jaishankar founded a field of research called cyber criminology,
which he defined as "the study of causation of crimes that occur
in the cyberspace and its impact in the physical space".
… "Cyber criminology is largely ignored
or marginalised by mainstream criminology ... many criminologists
refrain from examining this important, future-oriented issue.
Whether it be that they are lacking the necessary understanding of
technology, are intimidated by the jargon of the field, or that they
continue to fail to realise the full extent of societal implications
of this new type of crime, the lack of consideration is troubling."
Given
that cybercrime is the single most common form of crime,
this omission is unacceptable.
… This leads to a reasonable question, as
Diamond and Bachmann point out: "Should cybercrime be
conceptualised as a brand new crime type or traditional crimes
pursued through a new medium?"
… But there is one thing that threatens the
usefulness of traditional theories the most. "Criminological
theories have long relied upon confluence of offenders and victims in
time and space," say Diamond and Bachmann. But time and space no
longer matter like they used to. We can plan an attack that happens
days or years later, and never need to meet our victim.
… One theory that doesn’t completely break
down in the face of this change is Routine
Activity Theory (RAT), developed by Lawrence Cohen and Marcus
Felson in 1979. They suggest that in order for a crime to be
committed, there are three necessary ingredients. First, a
motivated offender – someone who wants to commit a crime or
otherwise do harm. Second, a suitable target – the offender
needs a victim (barring a few exceptions such as perjury). Online,
there are now billions of possible targets, all accessible without
having to leave home. Third, the absence of a capable
guardian. This means a lack of someone or something that can stop
the offender from harming the victim, such as a police officer or a
firewall.
Perspective. For my students, who seem to think
every company with billions in income must be profitable.
Uber Lost
$1.8 Billion in 2018 Despite Record Ride-Hailing, Food-Delivery Gains
Uber posted $50 billion in bookings for its
ride-hailing and food-delivery services in 2018. However, the
company still failed to turn a profit and its revenue growth slowed
toward the end of last year, reports Reuters.
That's bad news for Uber as the company looks to charm investors
into an initial
public offering (IPO) later this year.
Annual bookings were up 45 percent over 2017,
according to Uber. Even then, the company's losses before taxes,
depreciation, and other expenses still totaled $1.8 billion, down
from the $2.2 billion loss the company posted in 2017. Uber's
full-year revenue for 2018
was $11.3 billion, an increase of 43 percent from 2017.
Ford sees itself as a transportation company, not
just a manufacturer. (These will also fit in a trunk.)
Ford gets
into the electric scooter business, chooses Mesa for first Arizona
roll out
… Spin, a
micro-mobility company acquired by Ford late last year, launched
600 scooters in Mesa on Friday, competing with Lime, Bird, and Jump.
Lyft also plans to begin offering electric scooters in Mesa, possibly
later this month.
Spin scooters are $1 to unlock and 15 cents per
minute. The bulk of the fleet has been stationed in west Mesa, near
Mesa Community College. The idea is that riders will use the
scooters to travel the last mile or two to their destination.
Scooters will be picked up each night and
inspected before being deployed each morning.
I better start teaching AI.
‘Urgent
need to re-skill about 50 pc of India’s IT workforce’: Nasscom
official
This is due to the
growth of disruptive technologies like AI and Data Analytics, as per
Nasscom's IT-ITeS Sector Skills Council chief executive Amit
Aggarwal.
No comments:
Post a Comment