Twitter Cracks Down on Data Use for Surveillance*:
- Twitter reiterated its policy that restricts third-parties from employing public data or data products for surveillance.
- Last month, law enforcement officials in Baltimore and Oakland, CA, used analytics software from Geofeedia to monitor demonstrators via Twitter, Facebook, and Instagram.
- Following a report by the ACLU, the social media firm promptly curtailed Geofeedia’s access.
- Twitter will also continue running its internal review process, rejecting requested use cases "where appropriate."
- Twitter is built on content that people choose to share publicly, and has benefited from innovation and creation.
- While the crackdown won't stop law enforcement officials from making formal requests or conducting its own searches, it will make the process more difficult.
*Source: PCMag, November 23, 2016
State Department Gets Failing Cyber-Security Grades Again in New Report*:
- Despite being one of the most tempting targets on the planet for hackers and spending $1.92 billion annually on information technology, the US State Department earned more failing grades on cybersecurity from internal watchdogs this year.
- The state of security at the State Department has been widely criticized for nearly a decade while under the leadership of both Hillary Clinton and John Kerry.
- The State Department plays a crucial role in the federal government as it is responsible for the country’s international relations.
- In more than 55 percent of attacks and incidents reviewed by the watch dogs, the Department failed to comply with its own security policies.
- A lack of “IT contingency plans” both in Washington and overseas continues to plague the Department five years after watchdogs first pointed out the deficiency.
- When the State Department did spend its $1.92 billion tech budget, a lack of oversight led to duplicated efforts and poor transparency, according to the report.
- The State Department has not yet responded to a request for comment, but in the past State Department spokespeople have often disagreed with reports and called their cybersecurity program “strong.”
*Source: FedScoop, November 17, 2016
UMass Will Pay $650,000 to Settle Potential HIPAA Violations*:
- The University of Massachusetts Amherst (UMass) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules stemming from a malware infection back in 2013.
- The settlement includes a corrective action plan and a monetary payment of $650,000, which is reflective of the fact that the University operated at a financial loss in 2015.
- UMass reported to the Office for Civil Rights (OCR) that a workstation in its Center for Language, Speech, and Hearing was infected with a malware program, which resulted in the impermissible disclosure of electronic protected health information (ePHI) of 1,670 individuals.
- It includes names, addresses, social security numbers, date of birth, health insurance information, diagnoses and procedure codes.
- UMass failed to implement technical security measures at the Center to guard against unauthorized access to ePHI transmitted over an electronic communications network by ensuring that firewalls were in place at the Center.
- UMass has agreed to a corrective action plan that requires the organization to conduct an enterprise-wide risk analysis; develop and implement a risk management plan; revise its policies and procedures, and train its staff on these policies and procedures.
*Source: Health Care, November 22, 2016
Canadian Army Recruitment Website Hacked*:
- The Canadian armed forces recruitment website was hacked, redirecting would-be recruits to the Chinese government's main page instead.
- Canadian security officials have long complained about what they say are frequent attempts by foreign hackers to penetrate secure government computer systems.
- In 2014, Canada's then Conservative government took the unusual step of singling out Chinese-based hackers for attacking a key computer network and lodged a protest with Beijing.
- Canada's Liberal government, which took power a year ago, is trying to boost trade relations with China.
*Source: Reuters, November 17, 2016
Symantec to Buy LifeLock for $2.3B*:
- Symantec will purchase identity theft protection company LifeLock for $2.3 billion.
- LifeLock offers several tiers of identity theft protection services to its 4.4 million subscribers.
- Members are alerted to fraudulent activity on their online accounts and applications for credit.
- Symantec has been reshaping its holdings - early in the year, it sold its data storage business Veritas for $7.4 billion and in August it purchased a security firm that helps detect and mitigate attacks.
- The LifeLock deal has been given a green light by the boards of directors of both companies and is expected to close in Q1 17, pending regulatory approval.
*Source: SC Magazine, November 21, 2016
Six Million Customers' Private Data at Risk*:
- Three, one of UK's biggest mobile operators, has become the latest victim of a massive data breach that reportedly left the personal information and contact details of 6 million of its customers exposed.
- The company admitted the data breach, saying that computer hackers gained access to a Three Mobile customer phone upgrade database containing the account details of nearly 6 million customers.
- The computer hackers used an employee login to gain entry into its database.
- The stolen data includes customer names, addresses, phone numbers and dates of birth, which is then used to carry out mobile phone fraud.
- The company has not yet confirmed the total number of users' affected by the breach.
- The hackers had stolen the database to use the stolen personal details to find customers eligible for handset upgrade, placing orders for the new phones, intercepting the parcels as they arrived, and then reselling them for a profit.
- Three has confirmed around 400 cases in which fraudsters had stolen high-value handsets through burglaries and 8 devices have already been illegally obtained through the upgrade activity.
*Source: The Hacker News, November 17, 2016