Game of Thrones' Content Leaks Online After HBO is Hacked*:
- According to HBO, the network experienced a major cyber-attack recently, which allegedly resulted in leaked content from their top series, “Game of Thrones.”
- Hackers have obtained 1.5 terabytes of data from the company and have posted the script for the upcoming fourth episode of “Game of Thrones” Season 7.
- HBO confirmed in a statement that they experienced a cyber-incident, which resulted in the compromise of proprietary information.
- HBO did not share what information was stolen; hackers allegedly sent an anonymous email to some members of the media, bragging about their hacked “Game of Thrones” content.
- HBO CEO Richard Plepler sent an email to employees following the breach saying, “As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully.
*Source: Huffpost, July 31, 2017
The 'Real People' Using Encryption for Privacy Protection*:
- The UK's home secretary has launched an attack on end-to-end encryption.
- Rudd says end-to-end encryption is a problem as officials can't access the content of messages sent via platforms using the mathematical method.
- These include Facebook-owned WhatsApp, which has more than one billion daily users.
- Rudd wants more metadata – the who, what, how, and when – of encrypted messages to be handed to law enforcement officials.
- She also suggested ‘real people’ often prefer flashy features rather than privacy protections.
- Some have criticized her statement as inaccurate; those in sensitive professions and situations – journalists protecting sources, human rights defenders at risk of oppression, and lawyers conducting private discussions – need to keep information safe.
- While WhatsApp’s privacy record is not perfect, the use of the encryption protocol allows for messages to be secret unless a mobile device is directly hacked.
- Here are some groups of 'real people' that regularly use WhatsApp groups to keep their conversations secure: people living under oppressive regimes, protesters, politicians, delivery drivers, doctors, police, threatened residents, and footballers.
*Source: Wired, August 01, 2017
New Anthem Data Breach by Contractor Affects More Than 18,000 Enrollees*:
- A data breach may have exposed personal health information of more than 18,000 Anthem Medicare enrollees after one of the insurer’s consulting firms discovered one of its employees had been involved in identity theft.
- LaunchPoint discovered two months before it notified Anthem that one of its employees had been involved in involved in a case of identity theft, and further investigation discovered that the worker had emailed a file with information about Anthem companies’ members to his personal email address.
- More than 18,500 Anthem Medicare members' Social Security and Medicare identification data may have been exposed.
- This is the second major data breach for Anthem in two years.
- Last month, the health insurer agreed to a $115 million settlement to resolve a class action lawsuit over a 2015 breach that saw hackers gain access to the personal information of nearly 80 million people.
- The contractor from LaunchPoint has been “terminated,” according to Anthem, and is incarcerated on charges unrelated to the Anthem breach.
- Individuals' whose data were exposed will be provided with free credit monitoring and identity theft restoration services for two years.
*Source: CNBC, July 31, 2017
HR Urged to Prepare for New Data Protection Law in Europe*:
- To protect employee and consumer data, organizations that do business in or with European countries must comply with the General Data Protection Regulation (GDPR) by May 25, 2018 or face harsh fines and penalties.
- As hacking increases worldwide, the GDPR mandates how groups gather, store and use sensitive employee data.
- The new regulation's key objectives are to give people control of their personal data and to streamline current laws surrounding the legal use of this information.
- Under the GDPR:
- All companies must document employee consent about the access and use of their data.
- Any organizations that process employee data within the European Union (EU) must comply with the new law – even if those companies aren’t in Europe.
- Organizations that fail to comply with the new law face fines and penalties equivalent to 4 percent of their annual revenue or 20 million euros, whichever is greater.
- The Information Commissioner’s Office in the UK has prepared a 12-step checklist to read organizations that includes making sure that HR departments are prepared to detect, report and investigate data breaches.
- Organizations need to begin educating themselves and working toward compliance now.
- Following are some ways that employers can prepare for compliance:
- Learn where your critical employee data systems are held and for what purpose data is being used.
- Determine who owns the data based on contractual information.
- Set up a system in which employees give explicit permission to the employer regarding their data.
- Find out what your cloud-based software vendors are doing with personal information and if they are taking steps to become compliant.
- Assign an internal data protection officer to oversee all GDPR requirements.
*Source: SHRM, July 31, 2017
Russian Censorship Law Bans Proxies and VPNs*:
- It's going to be much harder to view the full web in Russia before the year is out.
- President Putin has signed a law that, as of November 1st, bans technology which lets you access banned websites, including virtual private networks and proxies.
- Internet providers will have to block websites hosting these tools.
- The measure is ostensibly meant to curb extremist content, but will also prevent Russians from seeing content that might be critical of Putin or communicating in secret.
- The President signed another law requiring that chat apps identify users through their phone numbers after January 2018.
- The measure also demands that operators limit users' access if they're spreading illegal material.
*Source: Engadget, July 30, 2017
Hackers Claim Credit for Alleged Hack at Mandiant, Publish Dox on Analyst*:
- Someone posted details alleged to have come from a compromised system maintained by Adi Peretz, a Senior Threat Intelligence Analyst at Mandiant.
- The leaked records expose the analyst from both a personal and professional level.
- The post claims that sometime in 2016, continuing until recently in 2017, the threat intelligence firm was fully compromised.
- The bulk of the leaked data is a 337MB PST file containing the analyst’s emails.
- In addition to that are images detailing the compromise of their One Drive account, Live account, LinkedIn account, geo-tracking of personal devices for at least a year, billing records and PayPal receipts, credentials for an engineering portal at FireEye, WebEx and JIRA portals, as well as Live and Amazon accounts.
- The leak appears to center on a single analyst, but because of the wide-reaching compromise of both business and personal accounts, the risk is that the attackers have extended their reach beyond a single employee.
- Unless Mandiant confirms the scale and scope of the incident, it’s going to be difficult to determine if the claims made are completely true.
- If the claims are real, it’s a signal to other analysts that they need to take care of their personal security and use caution while working.
*Source: CSO online, July 31, 2017