Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Targeting browsers

Brave browser undercuts transparency by autofilling affiliate links

Brave, the internet browser that appeals to users concerned with privacy, has been autofilling links for affiliates like Coinbase and Binance during crypto service URL searches without gaining consent from users. “The fact that Brave has put revenue above transparency is problematic,” said Ray Walsh, digital privacy expert at ProPrivacy. “The fact is that Brave can…

CPA Canada breach put 329,000 accounting pros at risk

A breach at Charter Professional Accountants of Canada (CPA Canada) by an unauthorized third party exposed the personal information of 329,000 individuals. “329,000 professionals are now at risk of sustained attacks, and therefore their clients are at risk,” said Colin Bastable, CEO of Lucy Security. “Accounting firms’ numbers of clients can range from the tens to…

San Francisco benefits program breach exposes PII on 74,000

A breach of the San Francisco Employees’ Retirement System (SFERS) may have exposed the information of 74,000 members, including names, addresses, birth dates, banking and IRS data as well as details on beneficiaries. An unauthorized third party on February 24 accessed a database that a SFERS vendor, 10up Inc., was using in a test environment,…

Work from home survey finds major security lapses as workers share devices, reuse passwords

Stay-at-home workers are threatening corporate IT security with 93 percent of them admitting they reuse passwords and 29 percent allowing other family members to use their company-issued devices for homework and online entertainment, according to a report from CyberArk. In a late April 2020 survey of 3,000 remote office workers and IT professionals in the…

Shiny Hunters’ latest hit: Minted among 73.1M records offered

More details have emerged about hacker group “Shiny Hunters’” prey this past month of more than 11 website victims, including Minted, a marketplace of independent illustrators and designers offering consumers items such as custom greeting cards. BleepingCompany reported that the Shiny Hunters is flooding the dark web with a combined total of 73.1 million user…

Kentucky is 6th state to disclose leak of unemployment claims amid Covid-19

Kentucky has become the sixth state to disclose a data leak related to unemployment-related forms that has taken place during the Covid-19 pandemic. The Kentucky Education & Workforce Development Cabinet (EWDC) on Thursday acknowledged that a vulnerability in its Unemployment Insurance Portal caused a data leak that allowed insurance claimants to view the identity verification…

Facial recognition fails accuracy test raises privacy concerns; ACLU sues Clearview AI

Existing criticisms of facial recognition technology once again is being called into question as news of Amazon’s “Rekognition” software was found to incorrectly match 105 U.S. and U.K. politicians. A blog post by privacy advocate Paul Bischoff published on comparitech.com/ May 28 criticized the tool for being inaccurate after he compared new data from Comparitech…

2 minutes on: Keeping the chill off journalism

26M LiveJournal bloggers’ credentials a hit on dark web six years later

Six years after blogging platform LiveJournal was hacked, the credentials of some 26 million users are being sold and traded on multiple hacker forums and the dark market. Complicating the breach’s fallout, the database’s old and/or unique passwords have allowed bad actors to launch targeted sextortion email campaigns. Another blogging platform, Dreamwidth, says it’s withstood…

Data Breach Disclosure

Arbonne breach of 3,500+ Calif. residents’ PII could test privacy law

The exposure of the PII of more than 3,500 California residents in the database of international multi-level marketing firm Arbonne following a breach on April 23 offers a glimpse into whether the state will enforce its new privacy statute that went into effect in January. Almost half of a four-page information sheet from Arbonne describing…

Nigerian ‘Scattered Canary’ gang exploits CARES Act with fraudulent unemployment claims

Adding COVID-19 exploitation to its nefarious arsenal targeting governments, the Nigerian Scattered Canary criminal gang most recently attempted to exploit the CARES Act on May 17, filing two fraudulent unemployment claims through Hawaii’s Department of Labor and Industrial Relations website. The bogus claims were part of a larger criminal effort in the past month that…

Next post in Coronavirus