There is never a shortage of news coming out of the information security world. The month of November was no exception. Key stories from this month include breach disclosures, or breach cover-ups if you’re Uber, more updates on the fallout of the massive Equifax breach, vacancies in key government cybersecurity positions, and revelations about phishing and what you can do to protect yourself from phishing scams. All of these stories, and more, to be covered in our latest Information Security News Roundup.
Uber under fire for breach and cover-up
- In October of 2016 hackers were able to steal personal data pertaining to 57 million customers and drivers from Uber. Data included names, email addresses, and phone numbers of customers as well as license plate numbers of registered Uber drivers.
- Instead of doing the right thing and disclosing the breach Uber covered it up. They paid the hackers $100,000 to destroy the data and did not tell customers or drivers that their data had been stolen.
- Newly installed CEO Dara Khosrowhahi revealed the existence of the hack in a statement to the public.
- Rough year for Uber. Between legal troubles, infighting, an allegedly toxic workplace, and now this, Uber could not be looking forward to 2018 more. Unfortunately for them, a majority of consumers are likely to stop doing business with a company in the wake of a data breach. Imagine how many will stop giving Uber their business after they find out that they had a breach and then covered it up.
- The Attorney General for the State of Washington, Bob Ferguson, has already filed a multi-million dollar lawsuit against the ride-sharing company.
- This incident further reinforces what we’ve been preaching for a while now. How you handle disclosing a breach is just as important as how you handle protecting yourself from one in the first place.
Equifax still dealing with fallout after data breach
- Equifax has incurred $87.5 million in expenses in the wake of their massive data breach that occurred earlier this year.
- It remains to be seen what the hackers will do with the data that was stolen in the Equifax breach. This article from Forbes offers some insight into what could be coming.
‘Tis the season, for phishing
- “Less than 24 hours after the Uber hack news broke, the phishing attacks started,” according to Troy Hunt. Many of the phishing attempts are the same sort that comes in the aftermath of many major data breaches. Targets will receive an email that seems to be a legitimate source encouraging them to change their password as part of a “security precaution” or something similar. Of course, the password change isn’t valid and results in the criminals receiving the targets email address and password.
- This is the time of the year when many of us start looking for holiday gifts for friends and family. As you go about this, be on the watch for phishing emails promising great deals or discounts. These emails promise time-sensitive gift cards or limited time offers that require an email or credit card. Rather than being the one who receives the gift cards, targets of these phishing emails gift wrap their information for hackers to use. Remember to practice safe shopping this holiday season.
- Google has released the results of a long investigation into hacking attempts on its Gmail accounts. The results indicate that phishing is far riskier than data breaches for users due to the additional information that hackers are able to gain.
- Be careful about clicking that “unsubscribe” button in emails. According to IT security company Sophos, you may actually be validating your email address and setting yourself up for more unwanted emails and phishing attempts.
- According to DomainTools, a leader in domain and DNS-based cyber intelligence, two out of five U.S. consumers have been the victim of an online phishing attack. This was despite the fact that 91% of consumers know about phishing scams and how they can seem like legitimate websites.
Misc. Information Security News
- New York State Attorney General Eric T. Schneiderman proposed a new piece of information security legislation in November. The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) would fill gaps in New York’s outdated data security laws.
- Multiple top cybersecurity and technology positions remain vacant 10 months into the Trump administration. They include the federal CIO and CISO, along with numerous CIO’s and CISO’s of government agencies.
- The practice of “cryptojacking” is on the rise. Cryptojacking involves hackers breaking into computers and harnessing their processing power for Bitcoin mining.
That is all for the Information Security News Roundup for the month of November. Want to get more information security news or share news that you’ve found with us? Check out FRSecure’s Twitter or LinkedIn feeds for updates on what’s going on in the world of information security.