Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Every presidential campaign website executes suspicious third-party code

An analysis of 11 presidential campaign websites performed last September and again in December found multiple instances of potentially risky third-party code, unwanted code execution and unauthorized data tracking. According to a new report from The Media Trust, 81 percent of executing code on these websites was not internally developed, but rather from external third-party…

Five billion records exposed in open ‘data breach database’

More than five billion records were exposed after an Elasticsearch “data breach database” managed by a U.K.-based security firm and housing a trove of security incidents from the last seven years was left unprotected. “Data was very well structured,” wrote security researcher Bob Diachenko, who discovered the Elasticsearch instance, of the information, which included hashtypes,…

Govt surveillance NSA social

Bipartisan bill re-ups USA Freedom reauthorizations, aims at surveillance reform

The House Tuesday introduced bipartisan legislation that lawmakers touted as reforming the Foreign Intelligence Surveillance court (FISC) based on recent recommendations from the Justice Department inspector general (IG) and ends the government’s controversial domestic surveillance program, but which detractors say doesn’t represent reform at all. The bill, USA Freedom Reauthorization Act, bumps up congressional oversight…

Australian flag

Australia’s privacy watchdog sues Facebook over Cambridge Analytica

Facebook is facing a privacy lawsuit from Australia’s information commissioner over the Cambridge Analytica scandal. More than 300,000 Australians were affected by the when Cambridge Analytica, a data analytics firm used by both the Trump and Brexit Leave campaigns, violated Facebook policies by collecting the personal data from accounts of 87 million Americans and millions…

T-Mobile CEO John Legere

T-Mobile email vendor breach exposes info on customers, employees

A “sophisticated attack” at against T-Mobile’s email vendor gave an unauthorized third party access to some of the mobile provider’s employee email accounts that contained account information for T-Mobile customers and employees. The information may have included customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information, the T-Mobile said in a…

J.Crew says year-old breach exposed customer account info

J.Crew notified a group of customers that an unauthorized third-party accessed their accounts nearly a year ago using their login credentials and obtained personal information, including the last four digits of payment card numbers, expiration dates, card types and billing addresses as well as order numbers, shipping confirmation numbers and shipment status. In a filing…

Walgreens mobile app leaked PII, PHI on ‘small percentage’ of customers

A leak in the Walgreens mobile app’s messaging service exposed personal information – including what the company said was “limited health-related data” – on a “small percentage” of customers who used the app between Jan. 9-15. “Fortunately for consumers, the short exposure window of the vulnerability and the specific conditions required should keep the impact…

facebook

Facebook’s European dating service held up over data protection, privacy concerns

After Facebook was stopped from launching a dating service in Europe on Feb. 13, infosec experts are left wondering if the social media network had learned anything from the Cambridge Analytica debacle in 2018 or the platform’s other data privacy transgressions. The EU found Facebook committed data protection violations within the forthcoming service, such as…

Julian Assange

Trump offered Assange pardon to deny Russia behind DNC hack, lawyer tells court

The White House denied a claim made by WikiLeaks Founder Julian Assange Wednesday in a London court that President Trump offered Assange a pardon – via a U.S. lawmaker – in exchange for denying that Russia was involved in the 2016 hack of the Democratic National Committee (DNC). Attorney Edward Fitzgerald, referring to comments from…

Next post in Security News