The #DataInsecurity Digest | Issue 104

Senator Wyden introduces bill empowering consumers to control their data, hold companies responsible for breaches

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: Senator Wyden (D-OR) made headlines last week when he introduced the cheekilynamed “Mind Your Own Business Act.” The bill would increase the financial penalties companies face for compromising consumers’ data and force executives to face prison time if they lie about misusing consumers’ data. 

In other news, today the National Consumers League released a major report that documents the fallout and limited options consumers have to secure their data in the aftermath of the Spectre/Meltdown security vulnerabilities, which weakened the security of nearly every computer on the planet. You can read the full report here. 

And now, on to the clips! 

—————–

Senator Wyden introduces new privacy legislation. The “Mind Your Own Business Act” would provide “consumers the ability to optout of data collection and sale with a single click. It also demands that corporations be transparent as to how consumer data is collected, used, and who it’s sold to, while imposing harsh fines and prison sentences upon corporations and executives that misuse consumer data and lie about it.” (Source: Vice 

NCL releases new report: ‘Data insecurity: How one of the worst computer bugs ever sacrificed security for speed.’ The report outlines how a hardware issue has compromised nearly every computer on the planet, and what consumers can do about it. You can find the full paper here. 

Amazon-owned Zappos offers meek restitution to 24 million customers affected by leaked data. “In January 2012, the Amazon-owned online retailer Zappos suffered a major data breach that exposed personal information of about 24 million of the site’s customers, including names, addresses, passwords, and the last four digits of their credit card numbers.” Today, nearly 7 years later, the online retailer is offering victims “a 10-percent-off code for one Zappos order. ... The deal has already received preliminary approval and is likely to be finalized in the coming weeks.” (Source: Slate 

Nearly 3,000 potentially compromised surveillance cameras still used by U.S. military and government. Last year, after fears grew that the Chinese government may have the ability to compromise certain Chinese-made surveillance systems used by the U.S. government, Congress “passed legislation that prohibits federal agencies from buying equipment made by several Chinese firms.” While the legislation doesn’t “require removal of already installed cameras … experts suggest that was the spirit of the legislation.” (Source: Wall Street Journal 

Suggested reading: @a_greenberg provides a riveting play-by-play of the 2018 Olympic cyberattack and what it means for the future of cybersecurity. (Source: Wired 

26 million stolen payment card numbers leaked after massive fraud bazaar hack. @dangoodin001 notes that “[f]ortunately for the card owners, the database is now in the hands of affected financial institutions, who can invalidate and replace the cards.” (Source: Ars Technica 

Breach du jour: Consumer Product Safety Commission (CPSC) breach compromises information o30,000 consumers. The breach, which was disclosed in a new report issued by the Senate Commerce Committee, compromised the “data of around 30,000 consumers, including street addresses, age and gender, along with information on 10,900 manufacturers.” (Source: The Hill 

Video de jour: Watch what happens when @donie asks hacker to use social engineering to steal his identity. (Source: CNN) 

National Consumers League
Published October 24, 2019