Target, states reach $18.5 million settlement on data breach
Target Corp. has reached an $18.5 million settlement over
a massive data breach that occurred before Christmas in 2013, New York's
attorney general announced Tuesday.
The agreement involving 47 states and the
District of Columbia is the largest multistate data breach settlement to date,
Attorney General Eric T. Schneiderman's office said. The settlement, which stipulates some security
measures the retailer must adhere to, resolves the states' probe into the
breach.
… Target had
announced the breach on Dec. 19, 2013, saying it occurred between Nov. 27 and
Dec. 15 of that year. It affected more
than 41 million customer payment card accounts and exposed contact information
for more than 60 million customers.
… The settlement
requires Target to maintain
appropriate encryption policies and take other security
steps, though the company has already implemented those measures.
For my Computer Security students.
CEOs and Coffee Shops Are Mobile Computing's Biggest Risks:
Report
The balance between
encouraging mobility for business purposes and controlling it for security
remains as tricky today as ever. Ninety-three percent of organizations are now
somewhat or very concerned that the mobile workforce is presenting an
increasing number of security challenges. Of these, 47% are 'very concerned'; a figure
that has grown from 36% a year ago.
These figures come from the iPass 2017 Mobile Security
Report (PDF),
published today. iPass is a global
provider of always-on, secure Wi-Fi; with more than 60 million hotspots in more
than 120 countries.
Something my students and I will explore.
Flashpoint Enhances Risk Intelligence Platform
Just as global intelligence firm Stratfor extracts and
presents geopolitical intelligence from the noise of available information, so
now does Flashpoint extract cyber business risk intelligence (BRI) from the
noise of deep and dark web conversations.
… That process has
now come to fruition with today's launch of the Flashpoint
Intelligence Platform 3.0. It aims to convert and present the raw
intelligence gleaned from the deep and dark web as actionable business risk
intelligence that will help customers take a more strategic role in security
planning.
A very long and very damning illustration of failure at
HHS. So why is the government spending
my tax dollars? Perhaps even they do not
know.
I was excited back in 2010 when HHS started posting
breaches on what some would call the “wall of shame.” I knew that we’d only learn about breaches
involving HIPAA-covered entities, but at least we were finally starting to get
some actual data. Now, more than 6 years
later, it’s become clear to me that it’s probably best to just call time of
death on the breach tool, despite its popularity with marketers who look for numbers
to support their sales pitches.
In this post, I review some of what we are not seeing
on HHS’s breach tool, and why it’s really not a source of accurate or helpful information
for those who want to understand breaches and incidents involving health or
medical data.
It sure looks like blackmail… The “Program” consists of an App and some
hardware.
Joe Cadillic writes:
Since 2016,
New York motorists are being forced asked to let the police spy on their
cellphones for a minimum of 90 days.
In Nassau County, motorists are
asked, wink, wink to pay hundreds of dollars to enter the ‘Distracted
Driver Education Program’ (DDEP). The Feds, claim to offer motorists a
choice, either dispute the texting while driving ticket in court, accept a 5
point moving violation or enter the DDEP.
Before a motorist can enter the
DDEP they have to pay a distracted driving citation which can be anywhere from
$50 and $400 and have to pay an installation fee of $125.00 for the in-car
device.
Read more on MassPrivateI.
[From the
article:
"A device called DriveID is installed in the
motorist’s primary vehicle and an app is installed on the motorist’s phone. The app receives information from the device
which causes the keyboard of the phone to deactivate and the screen to be
blocked. The motorist is broken of the
habit of reaching for the device. However,
voice commands are not disabled, so the motorist can still use apps like “Hey
Siri”, which don’t require the user to touch or even look at their device, to
control their device legally while driving."
We can, therefore we must!
Helen Christophi reports:
Even trains are spying on us now,
a woman claims in a federal class
action accusing the Bay Area Rapid Transit District of tracking passengers’
movements by duping them into downloading a seemingly benign crime-reporting
app.
Pamela Moreno claimed Monday that
BART collects personal information from riders’ cellphones and tracks their
location through its BART Watch app, without consent.
Read more on Courthouse
News.
Perhaps the “administration” should actually walk around their
school? What else have they missed?
CTV reports:
The Simcoe County District School
Board is warning students and parents of
a possible privacy breach after discovering surveillance cameras were secretly installed in
some of the music classrooms at Collingwood Collegiate Institute.
The discovery was made late last
year and the board has been investigating the matter with Collingwood OPP and
the Information and Privacy Commissioner of Ontario (IPC).
All of the monitoring equipment
was removed by school board staff after being discovered and is now secured at
the board office.
An internal investigation
determined the surveillance cameras were installed approximately five years ago
by two staff members to address issues of alleged instrument theft. The
school’s administration was unaware that the equipment was
installed or in place during the five year period, the board said.
Read more on CTV.
So, they could clone you?
Joel Winston writes:
Don’t use the AncestryDNA
testing service without actually reading the Ancestry.com Terms of Service and
Privacy Policy. According to these legal
contracts, you still own your DNA, but so does Ancestry.com.
The family history
website Ancestry.com is selling a new DNA testing service called AncestryDNA. But the DNA and genetic data that Ancestry.com
collects may be used against “you or a genetic relative.” According to its privacy policies,
Ancestry.com takes ownership of your DNA forever. Your ownership of your DNA, on the other hand,
is limited in years.
It seems obvious that
customers agree to this arrangement, since all of them must “click here to
agree” to these terms. But, how many
people really read those contacts before clicking to agree? And how many relatives of Ancestry.com
customers are also reading?
Read more on ThinkProgress.org.
And so it goes…
Appeals court decision keeps lawsuit against NSA surveillance
alive
A federal appeals court on Tuesday reversed a lower court’s
decision to dismiss Wikimedia’s lawsuit challenging the National Security
Agency’s (NSA) mass interception of Americans’ international digital
communications.
The lower court had ruled in 2015 that the case, filed by
the American Civil Liberties Union (ACLU) on behalf of the Wikimedia
Foundation, The Nation magazine, Amnesty International USA, Human Rights Watch
and other groups, failed to
demonstrate that their communications were being monitored by the NSA.
A panel of three judges on the 4th Circuit Court of
Appeals unanimously disagreed with this on Tuesday, allowing Wikimedia to
continue its lawsuit.
Google gets “anonymized” data and immediately matches it
to your online identity? They get “encrypted”
data and can tell who you are and what you purchased? I don’t think the authors of these articles
knew much about their topic.
Google’s New Feature Can Match Ad Clicks With In-Store
Purchases
… A new feature,
born out of partnerships between Google and credit and debit card companies, links in-store purchases to your online identity,
CNN reports. That means Google could tell whether you
clicked an online ad before buying the product in a shop later.
Companies that Google partners reportedly
account for 70% of all credit and debit card purchases in the U.S. According to CNN, credit and debit card companies will send Google encrypted information
about store purchases, that can then be compared to collective online profiles
of users who clicked on corresponding ads.
Google said that encryption means it
cannot see identifiable payment information such as the customer's name or what they bought. The tool also doesn't work for cash payments
This columnist makes an interesting point.
Mark Fields’
abrupt removal from Ford should come as something of a warning to other
traditional automakers, especially ones whose shareholders demand answers as to
why they aren’t valued as highly as Tesla: profits aren’t enough anymore. Record sales aren’t enough anymore. Making the goddamn F-150, which will always
sell in huge volumes even in the event of the apocalypse, somehow isn’t enough.
Fields wasn’t perfect but he was far from being a bad CEO,
and right now it’s all about “mobility” and “technology” for Wall Street—even
though no one really has a clear view of what that means or how to make it
profitable.
Researching the Twits?
Twitter as a data source: An overview of tools for
journalists
by Sabrina
I. Pacifici on May 23, 2017
Data Driven Journalism: “Journalists may wish to use data
from social media platforms in order to provide greater insight and context to
a news story. For example, journalists
may wish to examine the contagion of hashtags and whether they are capable of achieving
political or social change. Moreover,
newsrooms may also wish to tap into social media posts during unfolding crisis
events. For example, to find out who
tweeted about a crisis event first, and to empirically examine the impact of
social media. Furthermore, Twitter users
and accounts such as WikiLeaks may operate outside the
constraints of traditional journalism, and therefore it becomes important to
have tools and mechanisms in place in order to examine these kinds of
influential users. For example, it was
found that those who were backing Marine Le Pen on Twitter could have been users who had an
affinity to Donald Trump. There
remains a number of different methods for analysing social media data. Take text analytics, for example, which can
include using sentiment analysis to place bulk social media posts into
categories of a particular feeling, such as positive, negative, or neutral. Or machine learning, which can automatically assign social
media posts to a number of different topics…”
A place for my students to share their skills?
IFTTT now lets any developer build and publish applets for
others to use
IFTTT, the platform that
allows users to create customized, conditional interactions between apps,
online services, digital assistants, and devices, has announced that it’s
opening its platform to individual developers, allowing them to build and
publish their own applets for others to use.
… From today,
IFTTT is making this available to individual developers too, via a free “maker”
tier that lets anyone build and publish applets.
… It’s worth
noting here that up until now, anyone has been able to build applets that work
with two IFTTT services for personal use.
But with this new offering they can publish their applets for others to
use, and showcase everything on a dedicated maker profile page.
Additionally, they can create applets that work on any
connected device, regardless of whether they own one of these devices
themselves. And above all else, makers
can now build applets with multiple actions, as partner companies have been
able to do since last year.
… In a way, this
launch is a little like smartphone app stores allowing any developer to build
and create apps. It enables IoT
companies to tap a gargantuan developer pool, with some potentially interesting
connected device and service integrations coming to the fore. By opening to individuals, developers could
have their applets picked up and featured by some big name partner companies,
including Domino’s or Adobe.
No comments:
Post a Comment