News Bites for April 9, 2015
The FBI is warning people to be wary of fake federal web sites which both take their PII and also steal money from them. The web sites rank high on the search engine page, ask for PII and collect a fee. Sometimes they ask people to send their birth certificate or other information. People are then told to wait a few weeks, by which time the scamsters, web site and phone numbers are all gone. See link for more details.
###############
White Lodging provided more details in a breach at 10 properties that they manage for Marriott, Sheraton and other chains (list of properties in this article) across the country. The breach only affected food and beverage outlets in the properties. This follows a breach, earlier in 2013 (see here) that apparently was never completely cleaned up. People should be watching their credit card activity closely anyway, so if you see any fraudulent activity, contact your bank right away and ask for a new card. Unlike many forms of cyber theft, this one is relatively quick and easy to fix.
###############
The Privacy lawsuit brought by Max Schrems (see earlier posts) against Facebook got its first hearing today in the Vienna Regional Court. Schrems, who has been a thorn in Facebook’s side for years says that Facebook is collecting and using data in violation of EU privacy laws and participated in the NSA PRISM data collection program, again in violation 0f EU law. Schrems is suing Facebook Ireland, the EU subsidiary of Facebook. This trial and appeals will likely go on for years, but it will certainly be interesting to watch. Because this is happening outside the U.S., the U.S. government will likely have a harder time invoking national security to stop Facebook Ireland from disclosing information that they would prefer remain secret.
###############
AT&T agreed to a consent decree with the FCC (not the FTC as is normally the case). Since they are a regulated common carrier, the FCC has jurisdiction. The decree comes as a result of employees in Mexico, Columbia and the Phillipines stealing customer information and selling it. AT&T agreed to pay a $25 million civil penalty, the largest ever assessed by the FTC, and make a number of privacy and security process changes. The actual decree, very readable by normal legalese standards, is available here. This is a worst case scenario of insider risk.