Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

WeWork unsecured WiFi exposes documents

Security scans of a WeWork building in New York’s Financial District uncovered security vulnerabilities in the company’s WiFi network that exposed financial records and devices of companies in the building. A tenant moving into the building in 2015 began scanning the facilities to ensure his company wouldn’t be vulnerable to attack, according a CNET report,…

Software automates fake purchases on compromised credit cards

CFPB probes fake credit card accounts at Bank of America

The Consumer Financial Protection Bureau (CFPB) has been probing of Bank of America (BoA) for allegedly opening customer credit card accounts with authorization a la Wells Fargo. The BoA investigation emerged after the bureau posted documents to its site showing the back and forth regarding turning over emails and other records with the bank’s attorneys,…

Restaurant Depot customers targets of phishing emails

Customers of commercial food service wholesaler Restaurant Depot received phishing emails asking for payment of an (attached) outstanding invoice or else the company would deduct the balance from their accounts. Some of those recipients began tweeting to the company’s customer service department with one noting that he “finally got through to tell them. They’re aware.…

Justice Dept. sues Snowden over book release

The U.S. Justice Department filed suit against former National Security Agency (NSA) contractor Edward Snowden for not running his memoir, “Permanent Record,” through the proper government review prior to its publication. “If only the Justice Department was as concerned with the systematic legal violations carried out by the U.S. government’s mass surveillance programs as they…

Exposed server leaks PII on all 16.6 million Ecuador citizens

If another leaky Elasticsearch server may seem a little anticlimactic, considering how frequently they occur, the latest find by security researchers might have more of a “wow” factor since it exposed information on nearly all of Ecuador’s 16.6 million citizens, 6.7 million of them children. “The irresponsible handling of Personally Identifiable Information (PII) has literally…

Security in 2015: Biometrics

Warner presses CBP on security best practices for third-party contractors

After photos of travelers and vehicles crossing U.S. borders were nicked from a Customs and Border Patrol (CBP) subcontractor through a cyberattack, and Suprema BioStar 2 exposed more than 1 million fingerprint records along with facial recognition information and other sensitive data, Sen. Mark Warner, D-Va., pressed CBP for details on how it ensures third-party…

Instagram fixed after researcher finds way to link account info to PII

Facebook has repaired a vulnerability in its Instagram social media platform, after a researcher found that it could be exploited to link users’ phone numbers to their account numbers, usernames and actual names. With the help a brute-force algorithm and a network of bots, malicious actors could have leveraged the flaw to bypass data security…

Next post in Privacy & Compliance News and Analysis