Sunday, January 13, 2019

How do you get the Board of Directors to pay attention to Computer Security?
Craig A. Newman of Patterson Belknap writes:
Yesterday, a Superior Court judge in Santa Clara, California approved what is believed to be the first monetary award to a company in a data breach-related derivative lawsuit. Until now, such breach-related derivative cases have settled through a combination of governance changes and modest awards of attorney’s fees.
But the former officers and directors of Yahoo! Inc. agreed to pay $29 million to settle charges that they breached their fiduciary duties in the handling of customer data during a series of cyberattacks from 2013 until 2016. Three billion Yahoo user accounts were compromised in the attacks, making it one of the largest reported hacks in U.S. history. The settlement puts an end to three derivative lawsuits filed in Delaware and California against the company’s former leadership team and board including ex-CEO Marissa Mayer.
Read more on Data Security Law Blog.
[From the Blog:
Under the settlement, the lawyers will walk away with just under $11 million in fees and expenses, with the remaining $18 million paid to Yahoo! (now called Albata, Inc.). The settlement will be funded by insurance.




It sounds simple, but there more here than you might think. Points to a good article.
Dina Bass of Bloomberg reports:
Last year, Microsoft Corp.’s Azure security team detected suspicious activity in the cloud computing usage of a large retailer: One of the company’s administrators, who usually logs on from New York, was trying to gain entry from Romania. And no, the admin wasn’t on vacation. A hacker had broken in.
Microsoft quickly alerted its customer, and the attack was foiled before the intruder got too far.
Chalk one up to a new generation of artificially intelligent software that adapts to hackers’ constantly evolving tactics. Microsoft, Alphabet Inc.’s Google, Amazon.com and various startups are moving away from solely using older “rules-based” technology designed to respond to specific kinds of intrusion and deploying machine-learning algorithms that crunch massive amounts of data on logins, behavior and previous attacks to ferret out and stop hackers.
Read more on Daily Herald.




One would assume hope pray that a Privacy Officer looked at all these procedures and gave them an official okey-dokey?
Amazon’s ‘Ring’ security cameras plagued by privacy issues, employee snooping – report
Amazon’s popular security system, Ring, is billed as a round-the-clock sentry for homeowners. But lax privacy practices have allowed Ring employees to turn the security cameras into ‘surveillance’ devices, reports claim.
Starting in 2016, according to the Intercept, Ring provided employees based in Ukraine nearly unrestricted access to an Amazon database containing every video created by every Ring camera around the world. The company’s Ukraine team was also reportedly given the ability to link individual video files to corresponding Ring customers.




Helping to define the right to privacy?
From the folks at EPIC.org:
EPIC is requesting to intervenein a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdomasks whether remote hacking of devices and the use of malware by UK intelligence services violate the European Convention on Human Rights. EPIC seeks to present information to the Court on the unique privacy risks of government hacking. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone.




Perspective.
Ford announces electric versions of all vehicles in Europe
… The automaker announced plans to stop production of several vehicles in Europe, like it did last year in the US.
As for electric vehicles, the company says it wants to release “new all-electric vehicles and electrified options to be offered for all models.”
That’s something that several other automakers have announced in the past, like Volvo, Jaguar, and INFINITI. It means that all new vehicles will have a “hybrid, plug-in hybrid, or all-electric option.”


No comments: