The #DataInsecurity Digest | Issue 51

Issue 51 | September 7, 2017

#DataInsecurity Digest: Congress returns from recess with a full cybersecurity agenda

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Welcome back to The #DataInsecurity Digest!

As D.C. reconvenes after a busy August recess, cybersecurity issues continue to garner attention. During the break, an unspecified number of “high profile” Instagram accounts were hacked, and nearly 4 million Time Warner Cable account records were compromised. Relief may be on its way for Delaware data breach victims as the state is set to enact legislation that will require reasonable data security practices and additional breach notifications. Back in Washington, three senior Energy and Commerce Democrats are raising questions as to how consumers should be protected in the wake of a data breaches that compromise personal information like Social Security numbers.

And now, on to the clips!

—————–

Energy and Commerce Democrats: Current solutions for data breach victims may lull consumers into a false sense of security. Reps. Frank Pallone, Jr. (D-NJ), Diana DeGette (D-CO), and Jan Schakowsky (D-IL) sent a letter to the GAO questioning the merits of just offering credit monitoring in the wake of a data breach involving sensitive information. “Such services only existed for a finite amount of time, while Social Security numbers and other sensitive personal information gathered in a breach can be used indefinitely.” (Source: Federal News Radio)

Delaware strengthens state cybersecurity law. The new law expands the types of information that would require a breach notification and requires businesses to notify the Delaware Attorney General in the event of a breach of 500 or more residents. The law also establishes “requirements for Delaware businesses to maintain ‘reasonable’ data security practices.” (Source: Covington)

Breach du jour: “High profile” Instagrammers. While the Facebook-owned photo sharing company believes that only high profile accounts have been compromised, Instagram has alerted all of of its verified users of the data breach. @JonathanVanian reports that “hackers may have obtained the email addresses and phone numbers of some of the impacted users, but not their passwords.” (Source: Fortune)

Breach du jour part deux: Nearly 4 million Time Warner Cable records. An estimated 4 million account records — 600GB of them — were found unsecured on an Amazon server. @dellcam reports that “[t]he leaked data included usernames, email addresses, MAC addresses, device serial numbers, and financial transaction information—though it does not appear that any Social Security numbers or credit card information was exposed.” (Source: Gizmodo)

Quick hit: How safe are our nuclear weapons from hacking? @chathamhouse says we may not be as safe as we hope. Watch the short video here.

White House Advisory Group: “We’re in a pre-9/11 (cyber) moment.” The report issued by President Trump’s advisory group warned that, “There is a narrow and fleeting window of opportunity before a watershed, 9/11-level cyber attack to organize effectively and take bold action.” The report recommended a “bolstering of the (cyber) workforce, improving machine-to-machine information sharing and streamlining the security clearance process to eliminate the backlog…” (Source: FCW)

Hurricane Harvey could lead to more phishing scams. The Department of Homeland Security published an advisory which warned users that cyber criminals may be trying to capitalize on the natural disaster. The alert also reminded users to be on the lookout for scams and phishing attacks as, “Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.” (Source: The Hill)

Events

February 28, 2018 – Privacy Con 2018, Washington, DC
In February, the FTC will host its third Privacy Con, convening a broad array of academics, researchers, consumer advocates, government officials, and industry representatives to address the privacy implications of emerging technologies.

National Consumers League
Published September 7, 2017