Privacy Roundup #0069 • April 2012
April 2012 was defined by CISPA marching through the House over a veto threat, fresh payment card and health record breaches, and Google's long Street View reckoning catching up with it.
1. Global Payments breach may have exposed 1.5 million card numbers
Atlanta processor Global Payments confirmed that intruders may have exported up to 1.5 million payment card numbers from its North American systems. The firm said Track 2 data was at risk while names, addresses and Social Security numbers were not taken.
2. Visa drops Global Payments from its PCI compliant list
Visa removed Global Payments from its register of validated PCI DSS service providers following the breach. The processor's chief executive called the move expected and said the company was focused on remediation to regain its certification.
3. Flashback botnet infects more than 600,000 Macs
Security firms reported that the Flashback Trojan, malware built to steal personal information, had infected over 600,000 Apple computers. The botnet spread by exploiting a Java flaw that Apple had only just patched, with most victims in the United States and Canada.
4. Utah health data breach exposes hundreds of thousands of records
Hackers broke into a Utah Department of Health server left online with a weak password and removed Medicaid and child health records. Investigators put the haul at hundreds of thousands of files, including tens of thousands of Social Security numbers.
→ phys.org
5. State of Do Not Track ahead of W3C working group talks
EFF set out the stakes before the W3C Tracking Protection Working Group met in Washington to negotiate a Do Not Track standard. The group argued that Yahoo's pledge amounted to "Do Not Target" rather than a genuine limit on data collection.
6. Maryland becomes first state to ban employers demanding social media passwords
Maryland's legislature passed a bill barring employers from requiring job applicants or staff to hand over social media login details. The measure made the state the first in the country to outlaw the practice and prompted similar bills elsewhere.
7. Privacy concerns follow Instagram's sale to Facebook
Facebook's billion dollar acquisition of Instagram drew immediate worry from users over how their photographs might later be used. Commentators warned that policies on third party services could change without notice once a larger company took control.
8. Facebook defends its support for CISPA
Facebook publicly defended backing the Cyber Intelligence Sharing and Protection Act as the bill moved through Congress. The company insisted the law would impose no new obligation on it to share data, while privacy advocates warned the language was dangerously broad.
9. Google fined 25,000 dollars for stonewalling the FCC over Street View
The Federal Communications Commission fined Google 25,000 dollars for deliberately impeding its inquiry into Street View cars collecting Wi-Fi payload data. Regulators said the company delayed responses and refused to name the engineers involved.
10. Microsoft criticised over privacy fallout from its botnet takedown
Krebs on Security reported that Microsoft's legal sneak attack on ZeuS botnets had angered researchers. Critics said the operation exposed information shared in confidence and may have derailed law enforcement investigations.
11. EFF launches Stop Cyber Spying Week against CISPA
EFF kicked off a week of action urging the public to oppose CISPA before the House vote. The group warned the bill would let firms hand sensitive user data to the government without a court order under a vague cybersecurity banner.
12. South Carolina reports Medicaid breach affecting 228,000 patients
South Carolina disclosed that a former Department of Health and Human Services employee had emailed the records of 228,000 Medicaid recipients to a personal account. The data included names, addresses and Social Security numbers, and the man was arrested.
13. Obama order targets firms aiding Iranian and Syrian surveillance
President Obama signed an executive order sanctioning people and companies that help Iran and Syria monitor and censor their populations. EFF welcomed the recognition that surveillance and censorship are human rights abuses while noting the order's narrow scope.
14. CISPA and the question of the NSA reading your emails
EFF examined how CISPA's "national security" wording could let the NSA and other agencies reach private communications. The group argued that despite proposed amendments the loophole would gut existing privacy protections.
15. Google Drive launch raises questions over data ownership
Google's new cloud storage service drew scrutiny for terms granting the company a worldwide licence to use, host and adapt stored content. Reviewers noted the licence persisted after a user stopped using the service and went further than rival products.
16. House passes CISPA by 248 to 168
The House of Representatives passed CISPA in a 248 to 168 vote despite a White House veto threat. Lawmakers approved the information sharing bill over warnings from privacy groups that it waived existing privacy laws in the name of cybersecurity.
17. Full FCC report shows Street View staff knew about Wi-Fi sniffing
Google released the complete FCC Street View report, which revealed that an engineer had told the team about the payload collection years earlier. Managers claimed ignorance even though the design document had been circulated and pre-approved.
18. ACTA in the EU cannot be called dead yet
EFF cautioned that the Anti-Counterfeiting Trade Agreement remained alive in Europe despite a rapporteur recommending rejection. The group warned that a swing of around twenty members of the Parliament could still see the surveillance friendly treaty adopted.
19. Emory Healthcare loses backup discs holding 315,000 patient records
Emory Healthcare notified about 315,000 surgical patients that ten unencrypted backup discs had gone missing from a hospital storage location. Roughly 228,000 of the affected records included names, Social Security numbers, diagnoses and surgery dates.
20. Even with amendments CISPA remains a surveillance bill
EFF concluded that the amendments offered by Representative Mike Rogers did not fix CISPA's core problems. The group argued the bill still created sweeping legal immunity that left companies and the government largely unaccountable to users.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: