On this Privacy Monday:
US Attorney General Puts Pressure on Congress for Data Breach Disclosures
Today, US Attorney General Eric Holder urged Congress to pass legislation requiring retailers to make significant customer data breaches known in a timely manner. This push follows Congressional hearings where members of Congress expressed dismay over the Target and Neiman Marcus data breaches, along with what the members of Congress deemed mixed communications from breached retailers.
Target, the highest profile victim of malware hacking, did notify customers on its own through emails and other means, but the disclosure was seen as somewhat slow-footed and not entirely forthright. Neiman Marcus, another victim of the same malware, was widely criticized for failing to disclose its breach until the news broke elsewhere.
See the AG’s statement here:
http://www.cbsnews.com/news/eric-holder-consumers-must-be-notified-about-data-breaches/
Update Your Apple Devices – STAT
“It’s as bad as you could imagine….” That is the description of Johns Hopkins crypto expert Matthew Green when asked about the flaw discovered late last week in the operating systems that run Apple’s mobile devices and computers. The iOS flaw could allow hackers to circumvent encrypted connections and capture all of the electronic data being communicated by users. Apple has offered a software update for mobile devices (GET IT NOW!) and will release a patch for Mac computers “very soon.”
The bug has apparently been present for months.
Read more here:
http://uk.reuters.com/article/2014/02/22/uk-apple-flaw-idUKBREA1L02320140222
Dating Site Security Flaw Exposed
Security researchers have reportedly found a flaw in dating app Tinder‘s security that might have put users’ location data to risk for months.
Security consulting firm Include Security said that the popular ‘swipe-right-to-like’ dating app exposed members’ most private information without their knowledge due to a vulnerability in its geolocation feature. That geolocation bug allowed a user to get the exact latitude and longitude — within 100 feet — for another user, without the knowledge of the located user.
The app, launched in 2012, has made more than 500 million matches based on telling users how far away their potential date is located.
Read more here:
http://www.theguardian.com/technology/2014/feb/20/tinder-app-dating-data-location-sharing
http://www.businessweek.com/articles/2014-02-19/new-tinder-security-flaw-exposed-users-exact-locations-for-months