Could
Equifax have secured its data for less than $1 Billion? Is $1
Billion enough to guarantee future security?
Equifax
Ordered to Spend $1 Billion on Data Security Under Data Breach
Settlement
On
January 13, 2020, a federal court approved the proposed settlement
for the class action suit filed against Equifax over the massive data
breach it disclosed in September 2017.
… As
per the settlement, the credit reporting agency “will pay
$380,500,000 into a fund for class benefits, attorneys’ fees,
expenses, service awards, and notice and administration cost.”
Attorneys have been awarded nearly $80 million.
If
the amount proves insufficient, the company will pay an additional
$125 million for claims for out-of-pocket losses, “and potentially
$2 billion more if all 147 million class members sign up for credit
monitoring,” the court’s final approval order reads (PDF).
… The
court also revealed that Equifax
has agreed “to spend a minimum of $1 billion for data security and
related technology over five years and to comply with
comprehensive data security requirements,” which should reduce the
likelihood of a similar data breach in the future.
Why
not inform all the players?
FBI
Changes Policy for Notifying States of Election Systems Cyber
Breaches
WSJ.com
[paywall] – “The Federal Bureau of Investigation will notify
state officials when local election systems are believed to have been
breached by hackers,
a pivot in policy that comes after criticism that the FBI wasn’t
doing enough to inform states of election threats.
The FBI’s previous policy stated that it notified the direct victims of cyberattacks, such as the counties that own and operate election equipment, but wouldn’t necessarily share that information with states. Several states and members of Congress in both parties had criticized that policy as inadequate and one that stifled state-local partnerships on improving election security…”
An example of
‘undue reliance?”
Criminals
are using ‘Frankenstein identities’ to steal from banks and
credit unions
- So-called synthetic identity fraud is the fastest-growing financial crime, according to the Federal Reserve, driven in part by lending moving online. It’s also one of the hardest to detect.
- Instead of outright stealing an identity, a criminal makes one up in what’s sometimes called a “Frankenstein” identity. The criminal then spends years building up credit under a fake alias.
- “It’s a really long con and an expensive one,” says Naftali Harris, co-founder and CEO of San Francisco-based start-up SentiLink. “But once you have this fake person who has an 800 credit score, you can then use that to get multiple high limit credit cards and unsecured loans from banks.”
Should we
block phishy emails?
These
subject lines are the most clicked for phishing
… (This
also represents the actual capitalization and spelling used in the
original phishing subject lines.)
- Change of Password Required Immediately 26%
- Microsoft/Office 365: De-activation of Email in Process 14%
- Password Check Required Immediately 13%
- HR: Employees Raises 8%
- Dropbox: Document Shared With You 8%
- IT: Scheduled Server Maintenance – No Internet Access 7%
- Office 365: Change Your Password Immediately 6%
- Avertissement des RH au sujet de l'usage des ordinateurs personnels 6%
- Airbnb: New device login 6%
- Slack: Password Reset for Account 6%
We
need all the help we can get.
French
Supervisory Authority Publishes Second Guidance on Cookies and
Similar Technologies
On
January 14, 2020, the French Supervisory Authority (“CNIL”)
published a new draft guidance on the use of cookies and similar
technologies on websites and applications (see here,
in French). The draft guidance is open for public consultation until
February 25, 2020.
In
its nine articles, the guidance sets out how to properly inform users
and collect their consent in this context. For each requirement, the
guidance provides examples and best practices.
Seeking
agreement...
8
ways to ensure your company's AI is ethical
…
Workday
recently published our Commitments
to Ethical AI to
show how we operationalize principles that build directly on our core
values of customer service, integrity and innovation. Based on our
experiences, here are eight lessons for technology companies looking
to champion those principles across their organization:
1. Define what 'AI
ethics' means.
2. Build ethical AI
into the product development and release framework.
3. Create
cross-functional groups of experts
4. Bring customer
collaboration into the design, development and deployment of
responsible AI.
5. Take a lifecycle
approach to bias in machine learning.
6. Be transparent.
7. Empower your
employees to design responsible products.
8. Share what you know
and learn from others in the industry.
No comments:
Post a Comment