Reinforcing the points made in yesterdays Privacy
Foundation seminar. Authorized employees are a substantial risk!
“Became Aware” is not the same as “Discovered.” Likely
someone told them what was happening. Interesting again that the
offer Identity Protection to all of their clients.
From their press release:
SunTrust Banks, Inc. (NYSE: STI) is now offering Identity Protection for all current and new consumer clients at no cost on an ongoing basis. Experian IDnotify™ will be provided to those who sign up for the service.
SunTrust cares deeply about the privacy and security of client information. The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed. The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information. SunTrust is also working with outside experts and coordinating with law enforcement.
[…]
Read the full press release here.
More resources for my Computer Security students.
...and a tool for Privacy.
Interesting arguments?
Government
hacking tactics questioned at OURSA
Jennifer Granick, surveillance and cybersecurity
counsel at the American Civil Liberties Union, took the stage at
OURSA on Tuesday to discuss the state of modern surveillance and
hacking performed by the U.S. government, arguing that both cross the
line of traditional legal searches.
"Increasingly, modern surveillance is mass
surveillance," Granick said. "We used to target people for
surveillance because of their political opinions or their religion or
their race. Now the mainstream is being surveilled."
… The U.S. doesn't currently have specific
hacking laws, though the U.S. government uses hacking for law
enforcement and intelligence operations. Instead, noted Granick, the
U.S. relies on the same legal process for hacking that it does for
regular searches – the warrant. While warrants are crucial, they
don't cover enough ground.
"Government hacking is different from regular
searches in five particular ways that the warrant requirement can't
really address," Granick said.
Those ways include the amount of data being
collected; the invasiveness of the techniques the government uses to
hack and surveil, such as turning on the cameras and microphones on
personal laptops and smart devices; and, the falsification of data.
… "If this information is being collected
for criminal prosecution purposes, how can we know that the very act
of accessing the computer hasn't changed the information that's there
in ways that impinge upon the defendants' rights?" Granick
posed. "How can the defense test that theory and see that
the evidence is not altered in any way if the government insists on
keeping the exploit and the vulnerability secret? It interferes the
with due process rights of the defendant in the criminal justice
system."
The fourth way in which government hacking is
out-of-scope with regular search warrants is the potential
cybersecurity harms.
Fodder for my IT Management class.
Wells Fargo
Fined $1B for Mortgage, Auto Lending Abuses
Wells Fargo will pay $1 billion to federal
regulators to settle charges tied to misconduct at its mortgage and
auto lending business, the latest punishment levied against the
banking giant for widespread customer abuses.
… Starting in September 2016, Wells has
admitted to a number of abusive practices across multiple parts of
its business that duped consumers out of millions of dollars.
Regulators, in turn, have fined Wells several times and put
unprecedented restrictions on its ability to do business, including
forcing the bank to replace directors on its board
… In Friday's announcement, the CFPB and the
OCC penalized Wells for improperly charging fees to borrowers who
wanted to lock in an interest rate on a pending mortgage loan and for
sticking auto loan customers with insurance policies they didn't want
or need. The bank admitted that tens of thousands of customers who
could not afford the combined auto loan and extra insurance payment
fell behind on their payments and had their cars repossessed.
These abuses are separate from Wells Fargo's
well-known sales practices scandal, where employees opened as many as
3.5 million bank and credit card accounts without getting customers'
authorization. The account scandal torpedoed Wells Fargo's
reputation as the nation's best-run bank.
Helping my students select a major.
One of the
poorest-kept secrets in Silicon Valley has been the huge salaries and
bonuses that experts in artificial intelligence can command. Now, a
little-noticed tax filing by a research lab called OpenAI has made
some of those eye-popping figures public.
OpenAI paid its top researcher, Ilya Sutskever,
more than $1.9 million in 2016. It paid another leading researcher,
Ian Goodfellow, more than $800,000 — even though he was not hired
until March of that year. Both were recruited from Google.
A third big name in the field, the roboticist
Pieter Abbeel, made $425,000, though he did not join until June 2016,
after taking a leave from his job as a professor at the University of
California, Berkeley. Those figures all include signing bonuses.