The #DataInsecurity Digest | Issue 98

/by

Settlement with Equifax, Capital One hack put spotlight back on financial breaches 

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: This week Capital One announced a massive breach affecting 100 million accounts. The full details of the breach are not yet known, but we know that at least 140,000 Social Security numbers and 80,000 bank account numbers have been compromised. Meanwhile, regulators continued to strike back against the seemingly endless string of data breaches when they announced a settlement for the Equifax breachwhich will provide consumers with either free credit monitoring or access to a settlement fund.

And now, on to the clips! 

—————–

Breach du jour: 100 million Capital One accounts and credit applications. Investigators believe that the breach has compromised “140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information[.]” (Source: CNN)  

Hackers take aim at schools. Data rich, yet financially strapped, educational institutions make for a tempting target for hackers. Unfortunately, “it may be a while before schools’ defenses are able to catch up with the abilities of the hackers who target them,” commented George Washington University’s Eva Vincze. “Most school systems, especially in small communities, do not have the resources to keep up with each generation of threats that bad actors come up with[.]” (Source: New York Times)  

String of laboratory data breaches grows to 22+ million accounts. Clinical Pathology Laboratories joins the list of laboratories affected by a breach at payment processor American Medical Collection Agency. “LabCorp was first hit with 7.7 million patients affected, then 11.9 million Quest Diagnostics patients were next. BioReference Laboratories pushed the breach over the 20 million mark.” (Source: TechCrunch

Equifax reaches $575-$700 million settlement with FTC. Last week, in addition to agreeing to reimburse victims for time and expenses incurred because of the breach, Equifax also agreed to provide four years of credit monitoring and identity protection from the three major credit bureaus. “After those four years, Equifax is offering six extra years of credit monitoring. If consumers in the class action already have credit monitoring, they can be paid $125.” (Source: Market Watch)  

Quick reminder: ‘Deidentified data’ can easily be reidentified. (Source: New York Times

Facebook’s record-breaking $5 billion fine: FTC wanted more. @tonyromm reports that the Federal Trade Commission attempted to fine “Facebook not just $5 billion, but tens of billions of dollars, and imposing more direct liability for the company’s chief executive, Mark Zuckerberg. Facebook, however, fiercely resisted…” and with a revenue of $55 billion, which amounts to “200 times the budget afforded to the federal regulators, [the FTC] settled for less.” (Source: Washington Post

Suggested reading: One data breach forced a victim to change their name and move their family to a new home. (Source: ZD Net

As demand for cyber insurance increases, insurance agencies getting cold feet. @jeffstone500 reports that “despite all the demand… insurers are now re-thinking whether it’s in their best interest to keep offering the plans that help clients recover from devastating cyberattacks… it’s just difficult to gather the information necessary to build the mathematical models that determine how to assign risk.” (Source: Cyber Scoop)  

National Consumers League
Published August 1, 2019