In the corporate work world, cybersecurity experts are worried about their limited ability to track how employees are working remotely, including whether they record conference calls, share corporate devices with family members or take photos of sensitive documents. Their actions could inadvertently put the company at greater risk to be hacked; organizations such as the National Bureau of Economic Research are tracking an uptick in hacking attempts while corporate security teams are devising new policies to head off the problems. Continue reading Cybersecurity Chiefs Concerned Over Risks of Remote Work

The Justice Department issued a federal indictment, which was unsealed in the Eastern District of New York, accusing Huawei Technologies and its affiliates of a “pattern of racketeering activity” as well as stealing trade secrets from six U.S. firms. The six firms were not named, but a source identified them as Cisco Systems, CNEX Labs, Fujitsu, Motorola Solutions, Quintel Technology and T-Mobile. Among the reportedly stolen information were source code and manuals for wireless technology. Continue reading Justice Department Charges Huawei with Racketeering, Theft

A hacker accessed the personal data of about 106 million credit card customers and applicants of Capital One Financial, the fifth-largest credit card company in the U.S., making it one of the biggest such breaches of a large bank. Federal authorities arrested 33-year old Paige Thompson, who is accused of breaking through the bank’s firewall to access data stored on Amazon’s cloud service. Most of those exposed by the hack were customers and small businesses who applied for credit cards between 2005 and early 2019. Continue reading Capital One Breach Exposes Data of 106 Million Customers

In September 2017, hackers broke into credit agency Equifax, compromising almost 150 million Social Security numbers and other personal information. Now, according to sources, under the terms of an agreement with the Federal Trade Commission, Consumer Financial Protection Bureau and most state attorneys general, Equifax will pay about $700 million to settle with these agencies as well as a nationwide consumer class-action lawsuit. The exact amount of the settlement depends on the number of consumer claims ultimately filed. Continue reading 2017 Data Breach Likely to Cost Equifax Up to $700 Million

Cyberattacks could potentially disrupt U.S. infrastructure, from the electric grid to the financial system. In July, the Department of Homeland Security reported that Russian hackers gained access to the control rooms of electric utilities. Now, analysts and policymakers are debating the best way to protect our critical infrastructure. While many believe that federal and state government regulation, funding and oversight are necessary, others argue this tack may actually cause harm and we should consider alternative approaches. Continue reading A Debate Over Most Effective Strategy to Fight Cyberattacks

Popular travel booking site Orbitz, owned by Expedia, confirmed yesterday that it “identified and remediated a data security incident affecting a legacy travel booking platform.” The company explained that a hack late last year exposed customer data and billing information spanning two years. Personal data may have included birth dates, mailing addresses, email addresses, gender, payment card info, and more. According to Orbitz, about 880,000 credit cards may have been affected. However, the company noted that the current Orbitz.com site was not breached. Continue reading Hacker Accessed Customer Data From Orbitz Legacy System

Uber Technologies acknowledged that one year ago it paid hackers $100,000 to hide a data breach that impacted 47 million accounts. The company fired then-chief security officer Joe Sullivan and deputy Craig Clark for both the breach itself and concealing it. The hackers got the names, emails and phone numbers of millions of riders as well as 600,000 drivers’ license numbers, although apparently Social Security numbers and credit card numbers were not accessed. Uber says it will inform those impacted by the breach in “coming days.” Continue reading New Uber CEO Faces the Impact of Undisclosed Data Breach

Members of the Senate Commerce Committee interrogated Equifax interim chief executive Paulino do Rego Barros, but not about the widely reported hack that compromised the personal data of more than 145 million U.S. consumers. The committee wanted to know why Equifax was storing the information to begin with, challenging Equifax’s right to profit from such personal information. The highlight of the meetings thus far has been Barros’ assertion that Equifax, not consumers, own the data collected about them and that people cannot remove themselves from the company files. Continue reading Under Senate Grilling, Equifax Says It Owns Consumer Data

In the wake of May’s Equifax website breach that reportedly involved personal data of 145.5 million U.S. consumers, the credit reporting service’s site was manipulated again this week. On Wednesday, and again on Thursday, fraudulent Adobe Flash updates appeared that infected computers with adware when clicked. Only three of 65 antivirus providers detected the adware. Security analyst Randy Abrams discovered the issue while investigating false information that had appeared on his credit report. Meanwhile. federal legislators have introduced a new cybersecurity bill to help protect consumers. Continue reading Clicking Flash Update on the Equifax Site Results in Adware

The Equifax breach exposed millions of U.S. adults’ personal information, prompted Federal Trade Commission and FBI investigations, and spurred lawsuits by many states’ attorneys general. With the threat of even worse breaches in the future, companies will be urged to adopt better cybersecurity practices. But the Equifax breach is likely to have another result that tech companies won’t like: the need for transparency. Although 48 states have already passed data-breach disclosure laws, now federal regulations are proposed. Continue reading Equifax Breach Spurs Call for Federal Laws on Transparency

Equifax’s two cyber breaches, which exposed about 143 million Americans’ personal information, were the work of hackers who took advantage of a flaw in Apache Struts software. The nonprofit Apache Software Foundation and the U.S. Computer Emergency Readiness Team warned of the bug in early March, but Equifax only alerted its end users on September 7, almost five months later. IT experts say the event highlights the challenges in keeping software current and identifying all potentially vulnerable applications. Continue reading Equifax Breaches Spur Businesses to Prioritize Cybersecurity

Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.   Continue reading Equifax Data Breach, Discovered in July, Impacts 143 Million