National Consumers League

The #DataInsecurity Digest | Issue 89

As Feds pursue Facebook, Schiff warns of cyber vulnerabilities in 2020

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: Despite having more than two years to beef up our cybersecurity in the wake of the 2016 elections, House Intelligence Chairman Adam Schiff warned that we are" enormously vulnerable" to hacking in the next election.

Meanwhile, Americans appear to be growing fed up with the constant state of data insecurity as a surprising number (more than a third) feel that executives of breached entities should face prison time when a breach occurs under their watch. Despite the growing disdain for corporate America’s allowing of breaches, a new study found that a breached organization's CEO is actually likely to see a pay increase in the wake of a breach.

And now, on to the clips!

-----------------

Chairman of U.S. House Intelligence Committee: 2020 election is ‘enormously vulnerable’ to hacking, foreign influence. Congressman Adam Schiff (D-CA) further said, “the potential for mischief now is extreme,” and he “is concerned about efforts to undermine U.S. democracy.” (Source: Reuters) 

Federal prosecutors conduct criminal investigation into Facebook’s data deals. The investigation was launched after more than 150 companies, including Amazon, Apple, Microsoft, and Sony, “entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users,” without their consent. (Source: New York Times) 

Suggested reading: Have you ever wondered what it would be like to be responsible for a 230M-person data breach? Steve Hardigree’s small company Exactis achieved undesired fame after they stored the personal information of 230 million Americans on an unsecured server. Hardigree told @a_greenberg that the “stress over the situation was so severe that he broke out in hives and had to go to the hospital for treatment. …" The ordeal has been a grueling lesson for Hardigree, who says that he's learned the hard way how much even a tiny firm like his must prioritize security. “Be careful with your data and be careful with the people who manage your data. I hired some guys that were careless. But at the end of the day it’s the CEO who’s responsible. I take responsibility.” (Source: Wired)  

Future cyber threats keep DHS Secretary Nielson up at night. In a speech on her future security priorities, Kirstjen Nielsen said that she is not worried about what “threat actors have done, but what they have the capability to do — surveilling sensitive secrets and deceiving us about our own data, distracting us during a crisis, launching physical attacks on infrastructure with a few keystrokes, or planting false flags to embroil us in conflicts with other nations." (Source: Politico)  

Quick hit: 38 percent of consumers believe that C-level executives who fail to protect their data should face prison time or a fine. The survey also found that 20 percent of Americans don’t trust anyone with their data. (Source: HelpNetSecurity)  

Data breaches lead to pay raises for CEOs. A new report found that, despite the financial loss a breach inflicts upon a company, organizations actually tend to increase their CEO’s pay in the wake of a breach. Researchers attributed the pay raise to the “idea that the average response [to a breach] is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered.” (Source: PYMTS)  

Beto O’Rourke’s record suggests privacy convictions. After O’Rourke announced his run for president, @timstarks looked into the former House Homeland Security Committee member and found that “he took a few stances on cyber and surveillance issues that put him in company with privacy-oriented Democrats: a vote against a cyber threat information sharing bill, and co-sponsoring legislation meant to curb electronic surveillance. He also co-sponsored an amendment last year to reverse the Trump administration's elimination of the White House cyber coordinator, which House Republicans blocked.” (Source: Politico) 

Senators Wyden and Cotton request congressional breach notification rules. Despite the Senate being a major target for hackers, there is currently very little transparency when a breach occurs. As @alfredwkng reports, "Congress has no legal obligation to disclose breaches, meaning that the public has no idea when elected officials are hit by cyberattacks. ..." Now, Senators Ron Wyden (D-OR) and Tom Cotton (R-AR) are requesting that the Senate Sergeant at Arms help provide more transparency. The Senators have requested the Sergeant at Arms to “provide an annual report on the number of times Senate computers have been hacked, and incidents where hackers were able to access sensitive Senate data,” and “inform the Senate rules committee within 5 days of a breach occurring.” (Source: CNet)

Upcoming Events

June 27, 2019: Federal Trade Commission’s PrivacyCon – Washington, DC
Each year, the FTC convenes a group of privacy experts, academics, policymakers, and regulators to discuss the latest research surrounding consumer privacy and data security. Researchers are encouraged to apply to present at the conference by March 15, 2019. (Source: Federal Trade Commission)

National Consumers League
Published March 21, 2019