Not much news today. You’d think it was some kind of holiday…
A clear Security responsibility.
FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule
On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML, stored documents with information, such as names, Social Security numbers and loan information, pertaining to tens of thousands of mortgage holders on a cloud-based server in plain text without any protections to block unauthorized access. The FTC further alleged that, as a result of the inadequate protections, the cloud-based server was subject to unauthorized access dozens of times.
The better the lure, the more phish you catch.
https://coppercourier.com/story/godaddy-employees-holiday-bonus-secruity-test/
GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test.
“2020 has been a record year for GoDaddy, thanks to you!” the email read.
Sent by Happyholiday@Godaddy.com, tucked underneath a glittering banner of a snowflake and stamped with the words “GoDaddy Holiday Party,” the Dec. 14 email to hundreds of GoDaddy employees promised some welcome financial relief during an otherwise stressful year.
“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!” the email read. “To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.”
But, two days later, the company sent another email.
“You’re getting this email because you failed our recent phishing test,” the company’s chief security officer Demetrius Comes wrote. “You will need to retake the Security Awareness Social Engineering training.”
No comments:
Post a Comment