National Consumers League

The #DataInsecurity Digest | Issue 87

Facebook reportedly nears hefty FTC settlement; national cybersecurity at risk from external hackers and internal ineptitude

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: As Facebook and the Federal Trade Commission (FTC) reportedly near a record-setting privacy settlement, Chinese and Iranian hackers are beefing up their efforts to steal military and trade secrets from the United States. Meanwhile, both the Census Bureau and Federal Housing Finance Agency received bad publicity for failing basic cybersecurity best practices. Amid this storm of bad data security news, the Senate Homeland Security Chairman finds himself on the receiving end of condemnation from both sides of the aisle for blocking key cyber bills during his tenure as chairman of the Senate Homeland Security Committee.

And now, on to the clips!

-----------------

Chinese and Iranian hackers take aim at U.S. companies and military. @nicoleperlroth reports that the “Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit. ...” Meanwhile, cyber watchers have observed a “renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies.” (Source: New York Times)

Chairman Johnson stalls efforts to enact cybersecurity legislation. @timstarksand @ericgellerreport that,while cyber threats have grown, Senate Homeland Security Committee Chairman Sen.Ron Johnson (R-WI) has “derailed many of the most significant cybersecurity-related bills in the past four years, including legislation to secure elections, study whether the growing use of encrypted apps hampers law enforcement and hold companies accountable for the proliferation of insecure connected devices.”@MiekeEoyangcommented that @RonJohnsonWI’s committee “is the place where legislation goes to die on cybersecurity.” Former Chairman Michael McCaul (R-TX) also publicly lamented Johnson’s leadership stating that "[t]he record speaks for itself." Source: Politico)

Facebook reportedly negotiating multi-billion fine with FTC for privacy violations. @tonyromm reports that, while a deal has not yet been reached, the fine “would be the largest the agency has ever imposed on a technology company. ... If talks break down, the FTC could take the matter to court in what would likely be a bruising legal fight.” (Source: Washington Post)

Census Bureau finds data collected in the 2010 Census to be vulnerable. While a breach is not thought to have occurred, the age, gender, location, race, and ethnicity data collected from millions of Americans was found to be improperly secured. “The Census Bureau is now scrapping its old data shielding technique for a state-of-the-art method that [Census Bureau Chief Scientist John] Abowd claimed is far better than Google's or Apple's.” (Source: New York Times)

Quick hit: Patient healthcare data breaches nearly triple. The Protenus 2019 Breach Barometer found that patient record data breaches surged from 5 million records in 2017 to 15 million in 2018. (Source: Health IT Security)

Breach du jour: Dating app notifies users of Valentine’s Day breach. The breach at“Coffee Meets Bagel” is believed to have compromised a partial list of user details, including names and email addresses. Thankfully, users' financial information and passwords do not seem to be at risk in this breach. However, the breach is still troubling as “dating apps run a risk of leaving users'most intimate communications vulnerable.” (Source: Axios)

Stolen Equifax data has yet to surface. Seventeen months after the historic breach, the records of 143 million Americans "never appeared on any [of the] hundreds of underground websites selling stolen information. Security experts haven't seen the data used in any of the ways they'd expect in a theft like this — not for impersonating victims, not for accessing other websites, nothing.” The lack of movement of the valuable data has led many researchers to suspect that the Equifax breach was the work of an international spy agency. (Source: CNBC)

One in three FHFA employees fail phishing test. An audit found that one-third of tested employees at the Federal Housing Finance Agency (which oversees Fannie Mae, Freddie Mac, and the Federal Home Loan Bank Systemfailed to properly handle suspicious emails. (Source: FCW)

Upcoming Events

June 27, 2019: Federal Trade Commission’s PrivacyCon – Washington, DC
Each year, the FTC convenes a group of privacy experts, academics, policymakers, and regulators to discuss the latest research surrounding consumer privacy and data security. Researchers are encouraged to apply to present at the conference by March 15, 2019. (Source: Federal Trade Commission)

National Consumers League
Published February 21, 2019