ABC's of Privacy This Week - April 8, 2020

Applause

• Zoom bolsters privacy, security safeguards

The Verge reports, Zoom, the video conferencing platform, has added privacy and security aimed at halting efforts to hack or “Zoombomb” meetings. The new policies include a password-by-default safeguard that automatically requires passwords to gain entrance to any meeting or waiting room. Notwithstanding the upgrades, Zoom is still experiencing backlash for new & previously reported privacy concerns; and New York City schools have banned students from using the platform.

For more info: https://www.theverge.com/2020/4/3/21207643/zoom-security-privacy-zoombombing-passwords-waiting-rooms-default

Data Breaches

• Researchers: Data leak exposes card details

Finextra reports, researchers have discovered 44 million images of card details uploaded by users to the Key Ring app were exposed online. According to Key Ring, the app is designed for members and loyalty cards, but the users are storing copies of relevant documents, according to vpnMentor.

For more info: https://www.finextra.com/newsarticle/35571/key-ring-data-leak-exposes-millions-of-user-details-say-researchers

• Data leak exposes 337k Maltese voters’ records.

According to Times Malta, a database containing personal information of 337,384 Maltese voters has been exposed online. The exposed data included names, addresses, ID card information, and phone numbers. A Maltese IT company reportedly exposed the database without a password or any other form of authentication; however, it has now been secured. Deputy Data Protection Commissioner Ian Deguara said an investigation would be conducted “to establish all the facts surrounding this security incident.”

For more info: https://timesofmalta.com/articles/view/massive-data-leak-leaves-more-than-377000-voting-records-exposed.782483

• Australian court website breach exposes hundreds of asylum seekers.

ABC News reports, the Federal Court of Australia has acknowledged a data breach involving the names of at least 400 asylum seekers. The court’s searchable database exposed the real names of 400 or more protection visa applicants. Following notice about the breach, the court has disabled the database after years of open access.

For more info: https://www.abc.net.au/news/2020-03-31/federal-court-in-protection-visa-data-breach-published-names/12102536

• App breach exposes sensitive voter data.

InfoSecurity Magazine reports sensitive data belonging to U.S. voters was exposed online due to a data breach of voter contact app Campaign Sidekick, which was used by the Republican party in election campaigns. The cybersecurity company UpGuard found that an unprotected copy of the app’s code was available on its website on February 12th, 2020. While the breach was finally secured on February 15th, 2020, the already downloaded files contained some sensitive data.

For more info: https://www.infosecurity-magazine.com/news/voter-data-exposed-app-us-elections/

• Marriott discovers a new data breach.

According to Marriott Officials, Marriott International has experienced another data breach. The hotel chain revealed that they discovered important information was accessed using the login credentials of two of its employees. The intrusion was caught in February. However, the activity started mid-January, according to Marriott. The compromised data included customers’ contact details, loyalty account details, and personal data.

For more info: https://mysupport.marriott.com/

Current News

• CSIS moves forward with data set system plans

According to CTV News, the Canadian Security Intelligence Service is moving forward with a dataset system, collecting, using, and maintaining databases containing citizens’ personal information. Documents show that the CSIS had requested the Public Safety Minister Ralph Goodale last July to approve proposed classes of datasets. Civil liberties advocates have expressed concerns about the protection of Canadians’ rights, which the CSIS said enables the agency to “crunch large volumes of information and detect previously unseen patterns.”
For more info: https://www.ctvnews.ca/politics/canada-s-spy-service-moves-quietly-ahead-with-data-crunching-plans-documents-1.4874548