Claims like this one are really scary for CSOs and other senior management. If none of your security systems detected a breach, how can you check when someone claims to have breached you? Is it worse to deny now and find out later that there was a breach?
AT&T denies data breach after hacker auctions 70 million user database
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.
… ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.
(Related)
US T-Mobile breach hits 53 million customers as probe finds wider impact
Reuters reports:
T-Mobile US Inc said on Friday, August 20, an ongoing investigation into a data breach revealed that hackers accessed personal information of an additional 5.3 million customers, bringing the total number of people affected to more than 53 million.
The third largest US wireless carrier had earlier this week said that personal data of more than 40 million former and prospective customers was stolen along with data from 7.8 million existing T-Mobile wireless customers.
Read more on Rappler.
Will there be another update revealing even more impacted? When was the last time we saw, “On further investigation, we found that it was 5.3 million fewer customers than we originally thought?”
Is it surveillance if this is how you apply for a loan?
Should Your Web History Impact Your Credit Score? The IMF Thinks So
A group of researchers has published a blog post at the International Monetary Fund’s website in which they call for a significant shift in how credit scores are assessed. Instead of being based on traditional metrics, the group believes banks should begin incorporating additional information, including your browser history.
The rise of fintech services and cryptocurrencies have changed modern banking in a number of ways, and banks face an increasing number of challenges as various third-party payment processors interpose themselves between financial institutions and their traditional customers. The credit scoring systems used broadly in the US and Europe are based on so-called “hard” information — bill payments, pay stubs, and how much of your current credit limit you are tapping.
The researchers point out that so-called “hard” credit scores have two significant problems. First, banks tend to reduce credit availability during a downturn, which is when people most need help. Second, it can be difficult for companies and individuals without credit histories to begin creating one. There’s a bit of a catch-22 in the system, in that what you need to persuade an institution to loan you money is a credit history you don’t have because no one will loan you money.
… However much the authors of this paper know about banking systems and finance, they’re clearly not up to date on the latest in AI research. This is a bad idea in general, but it’s a really terrible idea right now.
Correcting “Oops!”
https://arstechnica.com/information-technology/2021/08/now-that-machines-can-learn-can-they-unlearn/
Now that machines can learn, can they unlearn?
Companies of all kinds use machine learning to analyze people’s desires, dislikes, or faces. Some researchers are now asking a different question: How can we make machines forget?
A nascent area of computer science dubbed machine unlearning seeks ways to induce selective amnesia in artificial intelligence software. The goal is to remove all trace of a particular person or data point from a machine learning system, without affecting its performance.
… once trained, a machine-learning system is not easily altered, or even understood. The conventional way to remove the influence of a particular data point is to rebuild a system from the beginning, a potentially costly exercise. “This research aims to find some middle ground,” says Aaron Roth, a professor at the University of Pennsylvania who is working on machine unlearning. “Can we remove all influence of someone’s data when they ask to delete it, but avoid the full cost of retraining from scratch?”
Perspective.
https://www.trendmicro.com/en_us/research/21/h/level-4-autonomous-cars-allowed-on-german-roads.html
Level 4 Autonomous Cars Allowed on German Roads
Autonomous vehicles and driverless busses are set to make their debut on German public roads after lawmakers approved a new law on autonomous driving. The law intends to bring autonomous vehicles at the Society of Automotive Engineers (SAE) Level 4 into regular operation as early 2022.
SAE’s Level 4 of driving automation means autonomous vehicles do not require human interaction in their operations—vehicles are programmed to intervene in the event of a system failure. Level 4 technology is typically for use in driverless public vehicles, such as taxis and busses. They have set travel points and are restricted to specific boundaries.
