Privacy & Compliance News, Articles and Updates

AgentRun's misconfigured S3 bucket exposes PII insurance companies' customers

Information on insurance policies as well as health, medical and financial data were accessible by the public because no password was required.

Roger Stone sought dirt on Clinton from WikiLeaks through friend

Stone sought emails pertaining to Clinton's involvement in an alleged 2011 failed peace deal with Libya, according to a September 2016 email from Stone to New York radio personality Randy Credico.

Corporation Service Company breach exposes PII on 5,678 customers

During routine security monitoring, the company, whose clients include Fortune 500 firms, discovered that an unauthorized third party had infiltrated its systems and stolen PII.

Trump's mobile phone security questioned

While Barack Obama's Blackberry use was restricted during his presidency and former Secretary of State Hilary Clinton was pilloried for using her private smart device for work purposes, President Trump still wields at least two two devices issued to him by the government.

TeenSafe app exposes data on more than 10K accounts

Anyone who ran across the exposed server could access Apple IDs, user ID and passwords stored in plaintext.

Securus hacked after reports cops used it for tracking location

The hacker at the very least snatched a spreadsheet that housed 2,800 logins and passwords.

Former CIA software engineer id'ed as suspect in Vault 7 leaks

Joshua Adam Schulte has not yet been charged with leaking classified information but is being held in the Metropolitan Correctional Center in New York after being indicted for possession of child pornography.

Intimate data from 3 million Facebook myPersonality app users left exposed for four years

Data, including results of psychological tests, was made available to qualifying researchers via a website run by academics David Stillwell and Michal Kosinski at the University of Cambridge's The Psychometrics Centre.

Wyden demands FCC probe into wireless carriers allowing law enforcement "unrestricted" access to location data

Noting that law enforcement can obtain location data by going through a Securus web portal, Wyden asked what carriers were doing to prevent abuse of private customer data.

Cambridge Analytica shuts down, Twitter defends sale of data to firm

Claiming no wrongdoing in the scandal over obtaining the data of unwitting Facebook users, the data analytics firm that took some credit for Donald Trump's White House win, shuts down with bankruptcy looming.

Supreme Court to hear Google privacy settlement case

The appeal by conservative think tank Competitive Enterprise Institute stems from a 2013 case in which Google was found to have violated users' privacy rights by sharing their search queries with other websites.

Private eye sentenced for using president's social security number to get tax info from IRS

Jordan Hamlett, 32, started a Free Application for Federal Student Aid (FAFSA) form online and tried to use the IRS Data Retrieval Tool to gain access to the president's tax information.

Will privacy be a stumbling block for blockchain?

Best known as the infrastructure underlying the wildly popular Bitcoin cryptocurrency, blockchain technology has really come into its own in the past year or so—being viewed, trialed and utilized as a means of better executing and sharing corporate documents, managing identity and authentication, even running an emerging social media network.

GDPR: It's (just about) here

Like many college students who cram the night before a test - and some writers who test the limits of their editors' patience with their procrastination - many companies have pushed off GDPR compliance, believing either it doesn't apply to them, it's too costly or overwhelming or they can afford to wait and see just how serious regulators are about admonishing and fining companies who falter on privacy. Big mistake.

GDPR countdown: For the small business

The first step for SMBs is to know what kind of data they have.

SC Video: Global Cyber Alliance's Phil Reitinger talks DMARC adoption

Phil Reitinger, president and CEO of the Global Cyber Alliance, spoke with SC Media Executive Editor Teri Robinson about DMARC's benefits and its trajectory in both the private and public sectors.

Lock maker offers fixes to prevent hackers from using fake master keys to open hotel locks

F-Secure researchers found vulnerabilities in electronic lock systems used by global hotel chains and other hotels around the world that could be exploited to allow hackers access to any room in a hotel.

One month out: Top 6 steps for GDPR compliance

Here are the Top 6 steps you need to take in order to become GDPR compliant.

Wylie urges U.S. lawmakers to probe Cambridge Analytica; Kogan faces British lawmakers

Christopher Wylie, the whistleblower who exposed the scheme was on Capitol Hill Tuesday encouraging lawmakers to probe whether the data analytics firm's actions were in violation of U.S. law.

North Korea 'elite' tightening security, increasing obfuscation, abandoning Western social media

The use of internet obfuscation services by the elite, or North Korea's "0.1 percent," increased 1,200 percent since a July 2017 analysis, with significant upticks in the use of VPNs, TOR, VPS and TLS.

Bipartisan Senate bill presses for privacy protections on social media

The bill, penned by Sen. John Kennedy, R-La., and Sen. Amy Kobluchar, D-Minn., would compel social media firms to provide users with a copy of the data that has been collected on them and who had accessed.

SCOTUS dropped Microsoft case citing passage of CLOUD Act, but questions remain

The federal government and Microsoft have clashed for years after the U.S. asked for access to the emails belonging to one individual linked to a narcotics investigation back in December 2013 and stored on a server in Ireland.

DNC files suit against Trump campaign, Russia, WikiLeaks over 2016 election interference

The Democratic National Committee (DNC) filed a lawsuit Friday in a federal district court in Manhattan against the Trump campaign, WikiLeaks and the Russian government for conspiring to swing the election toward Donald Trump.

EFF says N.Y. judge wrong not to question police over Stingray use

The judge agreed with a detective and inspector in the case, who contended that revealing information on Stingrays and their use would pose a threat to law enforcement's efforts to snare criminals.

Chase initiative to identify insider threats devolved into spying operation

Run by Peter Cavicchia III, a former Secret Service agent, the Chase program collected data on employees, including browser histories, transcripts of phone calls, emails and GPS locations from company smartphones.

Web trackers exploit 'login with Facebook' feature to gather, share user data

Third-party JavaScript trackers that are embedded on websites where users login through Facebook can gather their data, including email addresses, researchers found.

Looking to reduce GDPR liability, Facebook ports 1.5B non-U.S. users to domestic HQ

Facebook is widely seen to have dodged a GDPR bullet in the Cambridge Analytica scandal.

McSweeney to leave FTC

Only acting Chairwoman Maureen Ohlhausen will remain on the Federal Trade Commission after Commissioner Terrell McSweeney takes her leave April 28.

Uber, FTC agree to expanded settlement after second breach

The Federal Trade Commission had already announced a settlement with Uber last August over a previous incident in 2014 when it discovered that the car-sharing service had been less than forthcoming about a second breach.