Izzy Kapnick reports: A $380 million settlement over the 2017 Equifax data breach is hanging in the balance in the 11th Circuit, where a tort-reform attorney argued Tuesday that the deal unfairly lumped all plaintiffs into a single class. During the cantankerous appellate hearing, a three-judge panel weighed whether to preserve the historic settlement arising…
Category: Commentaries and Analyses
Internal Facebook Memo Reveals Company Plan to ‘Normalize’ News of Data Leaks After 500 Million User Breach
Adam Smith reports: A leaked internal Facebook memo has inadvertently revealed the social media giant’s tactics after its recent data scraping controversy. Approximately 535 million accounts, one of which belonged to chief executive Mark Zuckerberg, had their personal information exposed. Online tools allowed anyone to check if their information, which included phone numbers, was revealed. Facebook said it would…
They Hacked McDonald’s Ice Cream Machines—and Started a Cold War
Andy Greenberg reports: Of all the mysteries and injustices of the McDonald’s ice cream machine, the one that Jeremy O’Sullivan insists you understand first is its secret passcode. Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake…
AU: Service NSW kept victims in dark after hackers stole personal data
Jess Malcolm reports: The NSW government has deliberately failed to inform tens of thousands of people that their personal information was stolen in a cyber security attack on Service NSW employee emails, as the agency says it has no obligation to notify affected customers. Documents obtained by The Australian show Service NSW decided not to…
Social-Media Data Leaks Draw Scrutiny From European Regulators
Catherine Stupp reports: Facebook Inc., Clubhouse and Microsoft Corp.’s LinkedIn have stressed that recently reported data leaks involved information from public user profiles, not from security breaches. In the European Union, where privacy laws require businesses to protect even publicly available personal data, that distinction may not relieve them of responsibility. Read more on WSJ.
Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge
Gareth Corfield comments: UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells…