Issue 49 | July 6, 2017
#DataInsecurity Digest: Trump's voter fraud commission is potentially massive data security vulnerability
By John Breyault (@jammingecono, firstname.lastname@example.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Editor’s Note: Ransomware makes the news again thanks to a global attack and, while the latest one does not seem to be as serious as the original WannaCry attacks, it nonetheless highlights that the damage from the NSA’s EternalBlue leak is likely to linger for months or years to come. Despite the headlines, the Trump Administration seems blind to the evidence of Russian hacking of the 2016 elections. Instead, the President’s voter fraud commission is doubling down on baseless allegations and creating a potentially massive data security vulnerability in the process. Meanwhile, the nation’s largest health insurer agreed to settle a lawsuit for compromising 80 million of its patients’ medical records to the historic tune of $115 million. Finally, when Ohio Governor John Kasich’s website reads “I love Islamic State,” you know there’s a good chance that someone got hacked.
And now on to the clips!
Another ransomware attack spreads across the globe. A massive ransomware attack powered by leaked NSA code affected companies and government agencies around the world last week for a second time. Victims spanned the spectrum from the Port of Los Angeles to grocery stores to a FedEx subsidiary. According to security researchers, unlike the WannaCry virus, this one “could not randomly trawl the internet for its next victims, limiting its scope to infect.” However, “once unleashed within an organization… the virus could leap from computer to computer.” (Source: Reuters)
Voter records altered in Russia’s hacking of America’s election. @calabresim reports that not only was election hacking more prevalent than originally thought, but that “investigators found there had been a manipulation of voter data in a county database.” Many investigators now believe that, by Election Day 2016, all 50 states’ election systems had been accessed by Russia. (Source: TIME)
Trump voter fraud data request is a security nightmare. The Trump Administration’s request for millions of voter records is generating some serious heartburn for data security experts, writes @ericgeller and @cory_bennett. “The bigger the purse, the more effort folks would spend to get at it,” said Joe Hall, chief technologist at the Center for Democracy and Technology, a digital advocacy group. “And in this case, this is such a high-profile and not-so-competent tech operation that we're likely to see the hacktivists and pranksters take shots at it.” (Source: POLITICO)
Anthem to pay out $115 million to settle data breach class action. The nation’s largest health insurer agreed to a $115 million settlement to close a lawsuit stemming from a 2015 data breach lawsuit that compromised 80 million records. While, “the settlement still has to be approved by US District Court Judge...assuming it's approved, it would be the largest data breach settlement in history,” writes @meymichelle (Source: CNET)
More than half of fraud losses came from data breach victims in 2016. @JavelinStrategy found that “data breach victims are likely to someday become victims of fraud. Of the $16 billion in total fraud loss for 2016, $8.3 billion came from victims who had experienced a breach in the past 12 months and $12 billion arose from victims who had breached in the previous six years.” (Source: Dark Reading)
Quick hit: Average data breach costs $7.4 million. A study conducted by IBM Security and the Ponemon Institute also found that 25 percent of data breaches are caused by human error. (Source: Statista)
Breach du jour: Ohio Governor John Kasich. The website of Governor Kasich was hacked last week. @DevlinBarrett reports that, “the regular homepages of the sites were replaced with a black screen that featured brief statements that ended with ‘I love Islamic State.’’’ (Source: Washington Post)
Healthcare data breaches are the most expensive. A recent study found that, while the average data breach costs $225 per record, compromised healthcare records cost $380 per record. (Source: National Law Review)
National Consumers League
Published July 6, 2017