Week ending Jan. 12th. Fast Company is reporting that meddling in the U.S. presidential election isn’t the whole story; Russia continues to try to hack into U.S. critical infrastructure. Meanwhile, Trump may be keeping Americans in the dark. Journalist Sarah Kendzior recounts how Sen. John McCain (R-AZ) last summer grilled Attorney General Jeff Sessions about how the Kremlin’s efforts to map the United States telecommunications infrastructure. Session was unable to point to any strategy to counter Russia’s attacks.
True to form, Trump continues to largely ignore probing and hacking that became increasingly aggressive. Kendzior’s reporting raises these questions: will anything substantive be done, not just to stop Valdmir Putin from meddling in the 2018 mid-term elections, but also deter Putin from gaining a foothold to cripple vital infrastructure, potentially causing massive financial and humanitarian consequences. “In this formulation,” Kendzior writes, “an entire government could ostensibly be held hostage to another government’s whim out of fear of triggering a cataclysmic attack.”
Hacking state elections
With midterm elections 10 months away, states are trying to address the threat of malicious meddling. Tampering with voting systems as well as manipulative propaganda, fueled by social media are two big concerns. Ars Technica’s Timothy Lee reports that a bipartisan group of senators has introduced legislation that would help bring the entire system up to par.
Meanwhile, given our dysfunctional Congress, it’s unclear whether whatever passes, if anything does, can make a material upgrade in time for November’s elections. For a drill down listen to the accompanying podcast, a discussion featuring Lily Hay Newman, security reporter for Wired, and Marian Schneider, president of Verified Voting, an election-integrity advocacy group.
New data breach bill
Kudos to Sens. Mark Warner (D-Va.) and Elizabeth Warren (D-Mass.) – if you’re like me and feel that returning control of personal data to individual consumers is a good idea. Warner and Warren introduced the Data Breach Prevention and Compensation Act, which would hold credit reporting agencies (CRAs)–like Equifax–accountable for data breaches. Multichannel news reports that the proposal seeks to give the Federal Trade Commission more authority over CRA data security, including the power to mandate penalties to “incentivize” more online protections of consumer data, and compensate consumers “robustly” for stolen data. Yes! It will may take a couple more Equifax-class data breaches to elevate this to serious consideration by the current Congress. Or a different Congress.
Canadian piles on Equifax
Thinkpol reports that a British Columbian has filed a provincial class action suit against Equifax, confirming that some of the 143 million or so people for whom the credit rating giant lost personal data were Canadian.
The lawsuit, filed this week by Joshua Temple of Tofino, BC, cites, among other things, breach of Canada’s Privacy Act, negligence, negligent misrepresentation, breach of contract, and unjust enrichment by Equifax. Two other Canada-wide class actions against Equifax, by Sotos or Merchant Law Group, are currently working their way through the Ontario courts.
Equifax’s 50-state woes
Meanwhile, after being hit by 240 individual class-action lawsuits here in the U.S, Equifax may have welcomed a rare 50-state class-action lawsuit filed in late November. That court battle plods also on. Next step is for the credit rating giant to compile a master consolidated list of complaints stating the cases of consumers and financial institutions. It will be interesting to see what happens first: Equifax agrees to a record settlement; or Congress takes action, as outlined by Senators Warner and Warren.
VTech invades kids’ privacy
The Federal Trade Commission has whacked Chicago-based VTech Electronics with a $650,000 slap-on-the wrist to settle charges that the electronic toy maker collected personal information on hundreds of thousands of children without their parents knowing.
I call it a slap on the wrist, because corporations like Disney and Viacom, who are being sued for the exact same predatory marketing practices, are not likely to be deterred. For these billion-dollar giants, who are richer than ever thanks to recent tax cuts, this is an immaterial cost of doing business. Nonetheless, kudos to the FTC for penalizing VTech in this first-ever case involving internet-connected toys. Tom Pahl, acting director of the FTC’s Bureau of Consumer Protection, said he hopes it shines a light on the growing market, which is expected to reach $15.5 billion by 2022, according to a report from England-based Juniper Research. Yep, slap on the wrist.
Meet Xerox CISO Alissa Johnson
It’s terrific to see Alissa Johnson, leveraging her stint as former deputy CIO in Barack Obama’s White House as a thought-leader and influencer in the global cybersecurity community. Johnson is now CISO at Xerox and a high-visibility speaker at cybersecurity conference. She surfaced earlier this month at Gartner’s Symposium/ITxpo in Orlando, Fla., championing the encouraging trend of applying machine learning and data analytics to protecting enterprise networks.
(Editor’s note: This weekly aggregation of news reports is sourced via the underlying stories linked in each summary.)
This is a Security Bloggers Network syndicated blog post authored by bacohido. Read the original post at: The Last Watchdog