Data Privacy

Robocall Company Exposes Thousands of US Voter Data

Robocall Company Exposes Thousands of US Voter Data

Kromtech Security expert Bob Diachenko said that he has recently discovered a trove of files containing hundreds of thousands of voter records on an Amazon S3 bucket which was completely accessible to anyone even without a password. The storage, which belonged to a Virginia-based political campaign and robocalling company, had around 2,600 files including spreadsheets and recordings of US political campaigns. Diachenko said that the files were packed with voters’ full names, home addresses, and political affiliations. Information such as gender, phone numbers, age, birth year, ethnicity, language spoken, education, as well as a jurisdiction breakdown based on district or […]

Twitter Suspends Accounts Linked to 2016 DNC Hack

Twitter Suspends Accounts Linked to 2016 DNC Hack

Twitter announced this week that it has suspended the Guccifer 2.0 and DC Leaks accounts which were linked to the hacking of the US Democratic National Committee in 2016. Twitter told the media that they suspended the accounts for violating the rules of the platform. The move follows the indictments handed down against 12 Russian agents by the Justice Department which said that the accounts acted as fronts for agents in Russia’s Main Intelligence Directorate (GRU). It was revealed that the accounts, which were left unused for a year and a half, had previously been suspended, albeit temporarily for posting […]

IBM Says Data Breach Will Cost Organizations at Least $3.86 Million

IBM Says Data Breach Will Cost Organizations at Least $3.86 Million

A new study by IBM estimates that organizations that get hit by a breach can expect to shell out around $3.86 million. In the study “2018 Cost of a Data Breach” which was done with the Ponemon Institute, IBM says that the cost can be brought not by system damage, but rather the subtle expenses the breach may bring to the organization. It was noted that situations such as loss of reputation that may deter potential future customers, dissolution of business relationships, and the time employees must spend on damage control, rack up the bill significantly.   Source: ZDNet

India to Relax Local Data Storage Laws for Foreign Payment Companies

India to Relax Local Data Storage Laws for Foreign Payment Companies

India’s finance ministry revealed this week that the directive from the country’s central bank that requires global payment firms to store customer data only locally may be relaxed. The move was said to be in reaction to intense lobbying by U.S. companies and trade bodies. It is expected that the proposal would relieve firms like Visa, Mastercard, and American Express of costs that could potentially run up to millions of dollars. The finance ministry said in June that a possible solution could be to allow companies to store data offshore, as long as a copy was kept in India. Source: […]

Facebook Drops “Treason” Interest Category for Ad Targeting  

Facebook Drops “Treason” Interest Category for Ad Targeting  

It was revealed this Wednesday that Facebook has dropped the “treason” tag used to identify user interest for advertisers. Danish state broadcaster DR published that the “treason” interest category tag can potentially be used by intelligence services in authoritarian regimes to hunt down subversives. DR also revealed that their sources said that the tag could have been used by Russian authorities to locate about 65,000 Facebook users. A Facebook spokesperson said that treason was only given a historical significance, but since it is an illegal activity, they have removed it as an interest category. Source: Reuters

Timehop Reveals Gender, Country, DOB Included in Breach

Timehop Reveals Gender, Country, DOB Included in Breach

Timehop revealed this week that sensitive information such as gender, country, language, and date of birth may have been accessed by the attacker in its July 4 breach. It was previously reported that around 21 million records were included in the breach, with 15 million records containing the date of birth, and around 9 million bearing gender information. The company apologized for having issued a secondary breach disclosure, saying that it only became apparent to them after a comprehensive audit that there were more information on the tables that they originally disclosed. Source: ZDNet

Ticketmaster Breach Part of Larger Credit Card Fraud Campaign

Ticketmaster Breach Part of Larger Credit Card Fraud Campaign

According to new research released this week, the Ticketmaster breach may only be part of a larger operation involving the skimming of credit cards affecting as much as 800 ecommerce sites. The Magecart threat group, which was operational since 2015, is said to be responsible for the campaign. The hackers usually target software companies that build and provide code that developers include on their websites. The altered code then affects every website that it runs on and affects millions of users daily. RiskIQ says that the Ticketmaster breach was far bigger than first thought as it was running code from […]

“Tech Abuse” List Published Online

“Tech Abuse” List Published Online

A “tech abuse” list which aims to provide help to victims of harassment using smart home devices was recently published online by a UK team including researchers from Privacy International and University College London. Largely aimed at women, the list offers guidance to those who are being subjected to “technology-facilitated abuse”, like the remote altering of temperature controls or door locks to cause confusion and fear. Security researcher Ken Munro explained that in some abuse cases, the only way to lock out a former partner’s access was to replace the gadget entirely. He advised that it was important to review […]

UK’s ICO to Fine Facebook for Data Abuse, Breach

UK’s ICO to Fine Facebook for Data Abuse, Breach

The UK’s Information Commissioner Elizabeth Denham revealed this week that she seeks to penalize Facebook 500,000 pounds ($663,850) for breaches of data protection law based on their new finding into the use of data analytics by political campaigns. Denham said that Facebook violated the law by failing to safeguard people’s information and not showing transparency about how data was being harvested on its platform. However, the fine is said to be a small figure for the tech giant which is valued at $590 billion. ICO also said that other regulatory actions, such as a criminal prosecution, may be taken against […]

Facebook’s Calculated Response to Privacy Scandals Not the Only Issue

Facebook’s Calculated Response to Privacy Scandals Not the Only Issue

Facebook has recently been criticized for repeatedly using its carefully crafted message to respond to recent issues concerning its data leaks, manipulation of its ad platform, and the use of its services to promote violence. It was said that by saying “we were too slow”, the social network used a carefully crafted message that admits fault, but maintains the assumption that the company can be better and faster in the future. Critics, however, say that perhaps Facebook is just being naive, negligent or even ill-equipped to police its platform. However, Facebook may now be looking for outside help instead of […]

Read more about the Data Privacy practice at Disini & Disini Law Office