December was another busy month in the world of Information Security News. Notable events in this month’s Information Security News Roundup include updates on the Uber breach, new proposed legislation that could effect executives who cover up data breaches, international information security news, and more.
- Three senior managers at Uber have resigned in the aftermath of the data breach this year along with the recent accusations of obtaining trade secrets from rival companies.
- An outside security firm that was contracted in the wake of the Uber breach concluded that no rider credit card, Social Security, or bank account information was compromised. This is a silver lining for Uber riders who may have wondered what information of theirs had been accessed.
- PayPal announced that information of roughly 1.6 million users may have been compromised. The incident occurred at a company that PayPal acquired earlier this year. The breach at TIO Networks, a digital bill-payment service, may have included consumers bank account, Social Security, and login information.
- The Chief Digital Officer at Stanford University Graduate School of Business stepped down. This change followed the revelation that he failed to disclose a data breach that affected 10,000 current and former students and employees. The confidential data was left on a shared drive that could be accessed by all students, faculty, and staff.
- The Institute for Safe Medication Practices issued a safety alert calling for the ending of the practice of texting medical orders. The non-profit group says that the practice, while convenient for doctors, creates serious patient safety issues.
- An Edina, MN fertility clinic was faced with a cyber-attack that affected more than 3,000 patients. The clinic was the victim of a ransomware attack.
- A panel of experts got together at Harvard’s T.H. Chan School of Public Health to discuss healthcare’s increased focus on big data and what that means for patient privacy.
International Information Security News
- U.S. tech executives are still troubled by China’s new cybersecurity laws. Fears are centered around concerns regarding the intellectual property of companies and the data that they collect.
- Kaspersky Lab, a Russian cybersecurity firm, has long maintained its independence from the Russian government. Newly discovered court documents call this assertion into question. The documents show an alarming degree of closeness between Kaspersky and the FSB, Russia’s national security service.
- The Trump administration has publically blamed North Korea for the infamous WannaCry attack that affected hospitals, banks, and companies around the globe. The government believes that the Lazarus Group, a group working on behalf of the North Korean government, carried out the attack.
- Businesses are hoarding bitcoin in case they are asked to pay hackers in the wake of a ransomware attack.
- Ernst & Young opened a new cybersecurity facility in Oman. The facility was built in response to an increased demand for Ernst & Young’s digital security services and is the first of its kind in the region.
Information Security in Government
- Local governments who are worried about their network’s security are asking State governments for help. The city of Mill Creek, Washington took up the Washington State Auditor’s Office on their offer for a free evaluation of their cybersecurity systems.
- Mecklenburg County in North Carolina was affected by a ransomware attack earlier this year. The ransomware affected 48 of the county’s 500 servers. Officials were asked to pay $26,000 in ransom for the release of files.
- A new bill was introduced in the United States Senate that would make the nondisclosure of breaches a jailable offense. A failure to report an incident within 30 days could come with a punishment of up to 5 years in jail.
- The U.S. Army launched a new program in order to attract candidates to become officers in its cyber mission force.
- Changes were made to the government’s Framework for Improving Critical Infrastructure Cybersecurity.
Misc. Information Security News
- The popularity of Internet-connected toys raised concerns about their privacy and security implications. Child advocacy, privacy, and consumer groups filed a complaint alleging that these Internet-connected toys violate the Children’s Online Privacy Protection Act (COPPA) and FTC rules.
- HP revealed that nearly 500 of its notebooks dating back to 2012 shipped with a secret keylogger installed. HP also released updates to remove the software on affected laptops.
- Cyber-criminals are exploiting key vulnerabilities in the supply chain of oil and gas companies. Over the past few years, cyber attacks against critical energy infrastructure systems have been on the rise.
- Privacy International believes that car rental companies and car-sharing schemes are falling short and failing to protect the data of customers.
That is all for the Information Security News Roundup for the month of December. Want to get more information security news or share news that you’ve found with us? Check out FRSecure’s Twitter or LinkedIn feeds for updates on what’s going on in the world of information security.