Tag

Cybersecurity

Browsing

At first glance, August has been a quiet month for data breaches, with a total of 114,686,290 breached records. That’s about 10 percent of the monthly average coming into the month.

But that figure comes from 95 incidents in total, which is the highest number of breaches we’ve had all year.

Let’s take a look at those breaches in full in our slightly tweaked monthly list. After a reader suggestion last month, we’re also listing the UK-specific incidents in bold. Let us know if you like that change or if you have any other suggestions for future months.

Cyber attacks

 

Ransomware

Data breaches

 

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance

Capital One Financial Corp. announced late Monday that more than 100 million people had their personal information hacked.

The hacker got information including credit scores and balances, plus the Social Security numbers of about 140,000 customers and 80,000 bank-account numbers from credit-card customers, the bank said. It will offer free credit-monitoring services to those affected. The hack affected about 100 million people in the U.S. and 6 million in Canada.

Capital One couldn’t say for sure whether the leaked data was used for fraud. It first heard about the hack on July 19, but waited until July 29 to inform customers. Over that time, it sought help from law enforcement.

The hacker also stole the names, addresses, phone numbers, dates of birth, credit scores and other financial data, Capital One COF, -1.18%   said. The company couldn’t say for sure whether the leaked data was used for fraud. It first heard about the hack on July 19, but waited until July 29 to inform customers; it sought help from law enforcement to catch the alleged perpetrator.

Two years after Equifax EFX, +0.27%  revealed that hackers accessed the personal information of up to 147 million people, the credit bureau recently announced a settlement for up to $700 million, including $425 million in relief for those who have been affected, although there are some key requirementspeople should be aware of before they file a claim.

Last year, Facebook FB, -1.91%  announced that U.K.-based Cambridge Analytica improperly accessed 87 million Facebook users’ data. Facebook Chief Executive Mark Zuckerberg testified before Congress and vowed to do more to fix the problem, and help make sure that nothing like that happens again. Cambridge Analytica closed down in the wake of the scandal. Earlier this month, the Federal Trade Commission fined Facebook $5 billion.

Don’t miss: A worrying theory after Equifax and Facebook settlements — aggregated data is NOT enough to protect your privacy

WhatsApp, the messaging and audio app owned by Facebook, announced last May that hackers were able to install spyware on Android smartphones and AppleAAPL, +0.93%  iPhones. “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” it said at the time.

More than 57 million customers of Uber UBER, -1.44%  had their data exposed by a massive hack in October 2016. Uber fired its chief security officer, Joe Sullivan, and one of his deputies for concealing the hack, which included the email addresses of 50 million Uber riders around the world. The revelation was made a year after the attack. It also affected 7 million drivers.

Be on your toes after a major hack or data breach. Consumers should never give out personal details over the telephone, even if the caller seems to represent Capital One or the email appears to be from a Capital One email address.

Be on your toes after a major hack or data breach. Consumers should never give out personal details over the telephone, even if the caller seems to represent Capital One or the email appears to be from a Capital One address. Consumers need to be careful whenever they are contacted by an unsolicited caller. Hang up and call the number on your card. “Phishing” scams — calls, emails or text messages that appear to offer protection — are actually trying to get more data from customers.

Security experts generally recommend never re-using security passwords and say people should use two-factor authentication on their phones, which requires a user to put a code sent to a phone or email into an app or website in order to log in from a new device or to change a password. They also say those affected by such hacks should freeze their credit report.

Don’t be pawned off by an offer of credit monitoring. Credit monitoring only looks for changes on a credit report, indicating that someone is using your personal information to open new accounts in your name. Here’s the bad news: Such security precautions would not help people protect against a data breach like the one Capital One announced Monday evening. Exposure of data that can’t be changed, such as Social Security numbers, are the hallmarks of particularly severe data breaches.

Here’s what else you should do now:

1. Check if your accounts have been affected

There still aren’t many formal ways to check if your data has been compromised in a breach. Often, the company will alert affected customers, but they aren’t required to. Some states, like California, have laws requiring companies to disclose data breaches that affect a certain number of customers, and the Federal Trade Commission has discussed proposing similar regulations. Consumers can also monitor their credit report to shut down fraudulent activity as quickly as possible.

2. Know the difference between a credit freeze and a lock

A freeze means that a consumer cannot take out a new loan or credit card without “unfreezing” the report first, but also prevents a hacker from taking out a loan in your name. Credit agencies also offer a service called credit “locking,” which offers the same protections as a freeze, but typically cost a monthly fee. Contact Equifax, Experian EXPN, +1.53%  and TransUnion TRU, -1.34%  to request a freeze.

3. Sign up for additional fraud protection

Those affected should sign up for services that go beyond typical credit freezing and alert services, such as LifelockEZ Shield and Identity Guard. The most basic version of Lifelock costs $9.99 per month and provides benefits including address change verification, help canceling or replacing lost credit cards, driver’s licenses, Social Security cards and insurance cards, plus a “restoration team” that helps correct any identity-theft issues and black-market website surveillance.

4. Know the difference between a hack and a breach

A breach is when data is unintentionally left unsecured and vulnerable to hacking, as a result of malicious activity or from negligence. A hack specifically refers to the activities of cyber attackers who purposely compromise IT infrastructure to steal information or to hold systems ransom; that’s what happened with Capital One. If your data was part of a breach, it’s possible it was just left exposed online and was not stolen.

Source: Market Watch

 

How Equifax neglected cybersecurity and suffered  a devastating data breach

Credits:  Connor Lechleitner

The Space Threat Assessment | Report

Credits: Connor Lechleitner

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total.

The offender this time is the First American Financial Corp., which breached sixteen years’ worth of insurance data. That incident accounted for more than 60% of all of May’s breached records.

In total, at least 1,389,463,242 records were compromised. That brings the annual running total to 7.28 billion and reduces the monthly average to 1.44 billion.

Cyber attacks

Ransomware

Data breaches

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance

Amazon.com Inc. is developing a voice-activated wearable device that can recognize human emotions.

The wrist-worn gadget is described as a health and wellness product in internal documents reviewed by Bloomberg. It’s a collaboration between Lab126, the hardware development group behind Amazon’s Fire phone and Echo smart speaker, and the Alexa voice software team.

Designed to work with a smartphone app, the device has microphones paired with software that can discern the wearer’s emotional state from the sound of his or her voice, according to the documents and a person familiar with the program. Eventually the technology could be able to advise the wearer how to interact more effectively with others, the documents show.

It’s unclear how far along the project is, or if it will ever become a commercial device. Amazon gives teams wide latitude to experiment with products, some of which will never come to market. Work on the project, code-named Dylan, was ongoing recently, according to the documents and the person, who requested anonymity to discuss an internal matter. A beta testing program is underway, this person said, though it’s unclear whether the trial includes prototype hardware, the emotion-detecting software or both. Amazon declined to comment.

The notion of building machines that can understand human emotions has long been a staple of science fiction, from stories by Isaac Asimov to Star Trek’s android Data. Amid advances in machine learning and voice and image recognition, the concept has recently marched toward reality. Companies including Microsoft Corp., Alphabet Inc.’s Google and IBM Corp., among a host of other firms, are developing technologies designed to derive emotional states from images, audio data and other inputs. Amazon has discussed publicly its desire to build a more lifelike voice assistant.

The technology could help the company gain insights for potential health products or be used to better target advertising or product recommendations. The concept is likely to add fuel to the debate about the amount and type of personal data scooped up by technology giants, which already collect reams of information about their customers. Earlier this year, Bloomberg reported that Amazon has a team listening to and annotating audio clips captured by the company’s Echo line of voice-activated speakers.

A U.S. patent filed in 2017 describes a system in which voice software uses analysis of vocal patterns to determine how a user is feeling, discerning among “joy, anger, sorrow, sadness, fear, disgust, boredom, stress, or other emotional states.” The patent, made public last year, suggests Amazon could use knowledge of a user’s emotions to recommend products or otherwise tailor responses.

A diagram in the patent filing says the technology can detect an abnormal emotional condition and shows a sniffling woman telling Alexa she’s hungry. The digital assistant, picking up that she has a cold, asks the woman if she would like a recipe for chicken soup.

A second patent awarded to Amazon mentions a system that uses techniques to distinguish the wearer’s speech from background noises. Amazon documents reviewed by Bloomberg say the wearable device will take advantage of such technology.

Amazon’s work on a wearable device underscores its ambitions of becoming a leading maker of both cutting-edge speech recognition software and consumer electronics. The Echo smart speaker line and embedded Alexa voice software have popularized the use of voice commands in the home. The company has also added voice control to Fire-branded video streaming devices for television, as well as tablets.

But Amazon’s efforts to create smartphone software to rival Apple Inc. or Google have failed. So the company is trying to make Alexa ubiquitous in other ways. Bloomberg reported earlier this year that Amazon was developing wireless earbuds, similar to Apple AirPods, that are expected to include the Alexa voice software. The company has begun distributing Echo Auto, a dashboard-mounted speaker and microphone array designed to pair with a smartphone, and says it received 1 million pre-orders.

Amazon has also been working on a domestic robot, Bloomberg reported last year. Codenamed “Vesta,” after the Roman goddess of the hearth, home and family, the bot could be a kind of mobile Alexa, according to people familiar with the project. Prototypes of the robot can navigate through homes like a self-driving car.

Source: Bloomberg