Privacy Roundup #0101 • December 2014
December 2014 was dominated by the Sony Pictures breach, fresh Snowden disclosures and a run of retail card thefts that exposed how fragile everyday privacy had become.
1. Sony Pictures warns staff their personal data was exposed
Sony Pictures told employees that attackers had accessed names, addresses, social security numbers and financial details during the cyberattack on its network. The disclosure confirmed that the leak went far beyond unreleased films and corporate email.
2. FBI blames North Korea for the Sony hack
The FBI publicly attributed the Sony Pictures attack to the North Korean government, citing shared malware code and known infrastructure. The statement turned a corporate breach into a national security incident with international fallout.
3. Former Sony employees sue over the leaked data
Ex-employees filed a class action accusing Sony Pictures of failing to protect their personal information despite earlier breaches. The suit argued that the company should have expected such an attack and hardened its systems.
4. Senate releases its report on CIA torture
The Senate Intelligence Committee published the executive summary of its long-secret study of the CIA detention and interrogation programme. The report documented brutal methods and repeated misrepresentations about their effectiveness.
5. UK tribunal rules GCHQ mass surveillance lawful
The Investigatory Powers Tribunal found that GCHQ access to NSA material and its own bulk interception did not breach human rights law. Campaigners including Privacy International and Liberty had argued that the secret regime was unlawful.
6. Inside the GCHQ hack of Belgium's largest telco
The Intercept published the inside story of Operation Socialist, in which British spies infiltrated Belgacom using sophisticated malware. The operation gave GCHQ access to communications routed through the carrier and its European institutional customers.
7. New documents reveal what encryption defeated the NSA
Der Spiegel published Snowden files detailing the NSA ability to crack much web traffic while struggling with tools such as Tor, PGP and OTR. The reporting gave users a practical map of which defences still worked.
8. Researchers expose SS7 flaws that let anyone snoop on calls
German researchers showed that flaws in the SS7 signalling network allowed attackers to track phones, intercept calls and read texts worldwide. The findings revealed deep insecurity in the system that connects the world's mobile carriers.
9. Tor Project warns of a plan to seize directory authorities
The Tor Project said it had learned of a possible attempt to disable the network by seizing its directory authority servers. The team stressed that built-in redundancy would protect users even if some servers were taken.
10. ICANN compromised in a spear phishing attack
Attackers used forged emails to steal staff credentials and reach internal ICANN systems, including its zone data system, blog and WHOIS portal. Security upgrades limited the damage to what could have been a far more serious breach.
11. Staples confirms a six-month card breach
Staples confirmed that point-of-sale malware at 115 stores may have exposed around 1.16 million payment cards. The intrusion ran undetected for months, mirroring the earlier Target and Home Depot thefts.
12. Bebe Stores confirms a payment card breach
The clothing chain confirmed that thieves had stolen card data swiped in its stores over a three-week window in November. Names, account numbers, expiry dates and verification codes were among the records exposed.
13. Charge Anywhere admits a five-year breach
Payment gateway Charge Anywhere disclosed that malware had captured plain text card data leaving its network, with access dating back to 2009. The case showed how a single processor could expose customers of many merchants at once.
14. EFF backs Microsoft in the Ireland email warrant fight
The EFF and allied groups filed an amicus brief supporting Microsoft against a US warrant for emails stored in Dublin. The brief warned that letting domestic warrants reach data abroad would erode protections for digital privacy.
15. UN General Assembly adopts a privacy resolution
The General Assembly approved a resolution on the right to privacy in the digital age, spearheaded by Brazil and Germany. It called for adequately resourced oversight of state surveillance and effective remedies for unlawful spying.
16. Hackers leak data from South Korea's nuclear operator
Korea Hydro and Nuclear Power said attackers had leaked personal records of thousands of staff alongside reactor blueprints and internal manuals. The intruders demanded reactor shutdowns and threatened to release more stolen material.
17. Lizard Squad floods the Tor network with fake relays
The Lizard Squad group spun up about three thousand new Tor relays in an apparent attempt to undermine the anonymity network. The Tor Project said the relays made up less than one per cent of capacity and would be blacklisted.
18. Sony shelves The Interview after breach-linked threats
Sony pulled the cinema release of The Interview after the hackers behind its data dump threatened violence against theatres. The decision showed how a data breach could be used to coerce a company through fear as well as exposure.
19. Banks trace card fraud to a Park 'N Fly breach
Banks reported a pattern of fraud pointing to an online breach at airport parking firm Park 'N Fly. Stolen card numbers, names and security codes were already being offered for sale on a criminal marketplace.
20. Article 29 Working Party guides the right to be forgotten
European data protection regulators set out how search engines should apply the Google Spain ruling on delisting. The guidance pushed for removals to take effect on all relevant domains, including .com, to prevent easy circumvention.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: