The #DataInsecurity Digest | Issue 56

Issue 56 | November 16, 2017

#DataInsecurity Digest: Voter data exposed; major Hilton payout from 2015 breaches

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Election insecurity was back in the news this week with reports that President Trump’s election integrity commission made voting data of nearly 100 million citizens vulnerable to hackers. Meanwhile, the potential financial fallout from past data breaches became apparent with Hilton Hotels paying out $700,000 to settle charges from two of its 2015 data breaches. There were also reports that Equifax’s data breach could cost the company $110 million. And, not surprisingly, a new Gallup poll found that Americans are more worried about cyber crime than any other type of crime.

On to the clips!

—————–

Election integrity commission leaves the records of nearly 100 million citizens exposed to hackers. @dellcam reports that “multiple sets of login credentials, which could be used by virtually anyone to directly access the Crosscheck system—as well the encrypted voter data it contains—have been compromised.” @dellcam also reports, “It would be difficult to overstate the carelessness with which Crosscheck handles the personal data of US voters. At the heart of the program… there does exist the illusion of security. But it is a lie, a myth, a mirage. It is the creeping thought of a warm blanket entering the mind of stranded mountain climber, shortly before he freezes to death, buried in ten feet of snow.” (Source: Gizmodo)

Gallup: Americans more worried about cyber crime than any other type of crime. The study found that 67 percent of Americans worry about hackers stealing their information. “Additionally, major data breaches over the past several years have affected hundreds of millions of people in the U.S. and around the world, contributing to the overall anxiety concerning cybercrime.” (Source: Gallup

Hilton pays $700,000 to settle 2015 data breaches. The settlement, a consequence of two data breaches that affected nearly 350,000 credit cards, was announced by New York Attorney General Eric Schneiderman last week. In addition to the hefty sum, Hilton must “provide immediate notice to consumers affected by a breach, maintain comprehensive information security programs, and conduct data security assessments.” (Source: Reuters)

Data breach projected to cost Equifax $110 million. While Equifax has already set aside $87.5 million to cover costs related to the breach, @joe_r_curtis reports that the firm admitted that “the total cost of the hack could hit $110 million.” (Source: ITPro

DHS nominee Kirstjen Nielsen moves on to the next round. After several delays over concerns regarding Nielsen’s lack of leadership experience, close ties to the Trump Administration, and possible ethics questions, the Senate Homeland Security and Governmental Affairs Committee approved her nomination in an 11-4 vote. @MatthewDalyWDC reports, “Democrats complained that she lacked the experience needed to run a major agency with 240,000 employees. They also cited concerns about possible White House interference in a recent DHS decision to send home thousands of Nicaraguans long granted U.S. protection.” Chairman Ron Johnson (R-WI) hopes to have Nielsen confirmed by the full Senate chamber by the end of the month. (Source: Washington Post

195 Trump-affiliated URLs compromised. The Associated Press reports that, over the past five years, more than 100 websites owned by the Trump organization were hacked. “Computer users who visited the Trump-related addresses were unwittingly redirected to servers in St. Petersburg, Russia, that cybersecurity experts said contained malicious software commonly used to steal passwords or hold files for ransom. Whether anyone fell victim to such tactics is unclear.” @latams reports that, “it was not until this past week, after the Trump camp was asked about it by the AP, that the last of the tampered-with addresses were repaired.” (Source: Associated Press)

Senate grills former Equifax and Yahoo CEOs. Last week, ousted CEOs Marissa Mayer (Yahoo) and Richard Smith (Equifax) faced the Senate Commerce Committee for questioning on mismanagement, which led to record-setting data breaches of both their companies. Sen. Richard Blumenthal (D-CT) said more needs to be done to prevent this behavior. “The Equifax breach in particular exposed the limits of the Federal Trade Commission’s ability to protect consumers and impose civil penalties on companies that treat our data with negligence and recklessness… Under current law, even some of the most egregious examples of lax security can be met only with apologies and promises to do better next time, not fines or other penalties or real deterrents,” said the Connecticut Senator. (Source: The Street)

Events

February 28, 2018 – Privacy Con 2018, Washington, DC
In February, the FTC will host its third Privacy Con, convening a broad array of academics, researchers, consumer advocates, government officials, and industry representatives to address the privacy implications of emerging technologies.

National Consumers League
Published November 16, 2017