Clearly security is not a top priority.
Marriott
says data breach compromised info of up to 500 million guests
Marriott International said Friday that up to 500
million guests' information may have been accessed as part of a
breach of its Starwood guest reservation database, potentially one of
the largest breaches of consumer data ever.
The world's
largest hotel chain said it first received an alert in September
from an internal security tool of an attempt to access the database.
As part of an investigation, the company discovered there
had been unauthorized access since 2014 and that an
"unauthorized party" had copied and encrypted information.
Marriott said it determined on Nov. 19 that the
information was from its Starwood database.
… For about 327 million of the guests, it
added, the information includes some combination of a name, mailing
address, phone number, email address, passport number, Starwood
Preferred Guest account information, date of birth, gender, arrival
and departure information, reservation date, and communication
preferences.
There are some customers who may have also had
their credit card information taken. While that data would have been
encrypted, Marriott said it can't rule out the information may have
been decoded.
… The company also revealed the breach in a
filing with the Securities and Exchange Commission, saying it did
not expect the breach to hurt its business.
(Related) But considerably smaller…
Catalin Cimpanu reports:
As security experts predicted since last year, ElasticSearch servers –a technology for powering search functions– are becoming the next big source of massive data leaks.
The latest company to be added to the list of breach incidents caused by an exposed ElasticSearch server is Sky Brasil, one of the biggest subscription television services in Brazil.
For at least a week, and possibly more, Sky Brasil has left an ElasticSearch server exposed on the Internet without a password, ZDNet has learned from Fabio Castro, a security researcher based in Brazil.
Read more on ZDNet.
Far lass than a GDPR.
Amendments
to data breach notification law in Colorado impact HIPAA-regulated
entities
Passed during the 2018 state legislative session,
House
Bill 18-1128 went into effect
on Sept. 1, changing Colorado’s law on the protection of
personally identifying information and the procedure businesses must
follow when that information is breached.
Although the changes to the law are relatively
extensive, HIPAA-regulated entities are exempted from most of these
changes.
The new law contains a “deemed compliance”
provision stating that most HIPAA-regulated entities who comply with
HIPAA’s rules and regulations are deemed also to be in compliance
with the state law, with two important exceptions:
- HIPAA-regulated entities still must provide notice to individuals affected by a breach within 30 days.
- In certain circumstances, HIPAA-regulated entities must provide notice of a breach to the Colorado attorney general.
Kind of a backgrounder.
The Privacy
Paradox Could Determine the Next Evolution of Privacy Regulation
… Prior to Buttarelli’s speech, the Privacy
Paradox was generally defined as the fundamental inconsistency
between people’s stated beliefs and intentions about privacy and
their actual behaviors. In other words, it is the paradox of wanting
privacy but behaving as if it didn’t matter. Thus, while people
may have a deep distrust and uneasiness about granting Facebook and
Google so many insights into their daily lives via a constant stream
of data, they generally are
willing to click any boxes or agree to any terms of service, as long
as they can continue to use the service.
In thinking about the Privacy Paradox, most
researchers fall into either one of two camps: either they believe
that consumers are rational thinkers who perform a sort of
cost-benefit analysis in order to determine what is the price they
are willing to pay to give away their data, or they believe that
consumers are filled with inconsistencies and biases and are largely
inaccurate when coming up with the true price of their personal data.
… As Buttarelli also pointed out in his ICDPPC
speech, people did not think about ethics when drafting the European
General Data Protection Regulation (GDPR), and did not debate the
various ways that morality or moral obligations should influence the
actions of governments.
… What’s more, says Buttarelli, the next
evolution of data privacy regulation must take into account scenarios
involving privacy that today might be regarded as futuristic. For
example, should humanoid
robots also have a right to privacy? When machines
instead of humans are doing the sentencing of criminals (a process
that Buttarelli refers to as “algorithmic sentencing”), what
data should be allowed in their decision-making processes?
What an interesting idea. I wonder why the CIA
didn’t think of it first.
Is
WikiLeaks a Russian Front?
Consider the ramifications of this article, via
The Atlantic – The
idea that the putative transparency group served as a connection
between Moscow and the president’s associates is starting to become
clearer – if it proves to be an accurate appraisal of an
increasingly expanding potential exposure of corruption and
malfeasance perpetrated by public and private citizens and groups
around the world.
“Barely two years later, the idea of WikiLeaks
serving as a medium for Russia to boost the Trump campaign seems more
and more plausible—even likely. For some time, there has been
substantial evidence of Russia’s involvement in attempts to
influence the 2016 presidential election and to hurt the Democrat
Hillary Clinton’s presidential bid, from an elaborate trolling and
Astroturfing
operation to simple theft of emails and hacking. Until recently, the
connection between those Russian efforts and Trump allies has
remained somewhat obscure and speculative. But recent developments
have started to flesh out the picture. Russia used WikiLeaks as a
conduit—witting or unwitting—and WikiLeaks, in turn, appears to
have been in touch with Trump allies. The key remaining questions
are what WikiLeaks knew and what Trump himself knew.
According to a draft document from Special Counsel Robert Mueller’s team, which is investigating Russian interference in the election, the conservative author Jerome Corsi tipped off Roger Stone, a Trump friend and former political adviser, that WikiLeaks would release a tranche of emails hacked from Clinton campaign chairman John Podesta. The tip came in August, weeks before the October release. Corsi provided the document to NBC News and then several other news organizations. As per his practice, Mueller has not commented…”
I get the feeling they are looking for something
to support a new definition of monopoly.
Amazon
Under Fire in Europe as Germany Adds Antitrust Probe
Amazon.com
Inc.’s "double role" as Germany’s largest retailer
and biggest online host for smaller stores is the target of an
antitrust probe into the terms the company sets for other sellers,
the German Federal Cartel Office said.
The investigation into Amazon’s biggest market
outside the U.S. adds to European Union scrutiny
of whether the company gathers information on rival sellers’
successes to help launch its own products. German regulators said
they’d received "numerous" complaints from sellers.
No comments:
Post a Comment