ABC's of Privacy This Week - Jan 16, 2020

Welcome to our weekly privacy newsletter to read the latest privacy-related news from across the globe. We classify our weekly privacy newsletter into three parts namely Applause, Breaches and Current News (ABC's) of Privacy news. For any feedback on our weekly newsletter, please feel free to send your comments to social@oneDPO.com.  

Applause

Washington Privacy Act to Be Reintroduced

Washington lawmakers are making another push to pass privacy regulations that govern companies' collection and sale of people's private digital information. The Washington Privacy Act would give state residents the right to know who is using their data, the right to correction and the right to opt-out of certain forms of data processing.

For more info: https://www.govtech.com/policy/Washington-State-Takes-Another-Pass-at-a-Privacy-Law.html

Breaches

US Data Broker Limeleads Data Put Up for Sale Online

A hacker claims to have hacked LimeLeads, a San Francisco-based business-to-business (B2B)leads generator, which makes its money by renting access to an internal database containing business contacts that can be used for pitches and sales. The danger from this data being sold is that it provides hackers and malware operators with an ideal base to launch spear-phishing attacks against verified companies and their appropriate contact.

For more info: https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/

Medical Images Exposed Online

Hundreds of hospitals, medical offices, and imaging centers are running insecure storage systems, allowing anyone with an internet connection and free-to-download software to access over1 billion medical images of patients across the world. Despite warnings from security researchers who have spent weeks alerting hospitals and doctors' offices to the problem, many have ignored their warnings and continue to expose their patients' private health information. Patients are unaware that their data could be exposed on the internet for anyone to find.

For more info: https://techcrunch.com/2020/01/10/medical-images-exposed-pacs/

Current News

Equifax Settles Mega-breach Lawsuit

The U.S. District Court of Georgia has signed off on Equifax's $1.38 billion class-action settlement over its 2017 data breach. The Government Technology reports affected Equifax customers have a Jan. 22 deadline to file for damages under the FTC's settlement with the credit bureau.

For more info: https://www.bankinfosecurity.com/equifax-settles-mega-breach-lawsuit-for-138-billion-a-13608

Verizon Launches Privacy-focused Search Engine Onesearch

Verizon Media launched a search engine called OneSearch, which works on both desktop and mobile. OneSearch offers an "Advanced Privacy Mode," which provides search results that "self-destruct" inan hour. The company also says it won't store users' search history nor will it share users' data with advertisers.

For more info: https://mashable.com/article/verizon-media-launches-privacy-search-engine-onesearch/

Amazon Fires Employees for Leaking Customer Information

Amazon has fired several employees after they shared customer email addresses and phone numbers with a third-party in violation of their policies. In a separate incident, Amazon said this week that it fired four employees at Ring, one of the retail giant's smart cameras and doorbell subsidiaries.

For more info: https://techcrunch.com/2020/01/10/amazon-employees-email-address/

National Retailer Fined Half a Million Pounds for Failing to Secure Information

The Information Commissioner's Office (ICO) has fined DSG Retail Limited (DSG) '500,000 after a 'point of sale' computer system was compromised as a result of a cyber-attack, affecting at least 14 million people. The company's failure to secure the system also allowed unauthorized access to 5.6 million payment card details used in transactions. The attack went on for nine months before it was detected.

For more info: https://www.tripwire.com/state-of-security/dsg-retail-limited-fined-500k-by-ico-following-malware-attack

TikTok Security Flaws Expose User Videos to Hackers

A cybersecurity firm has called attention to security holes in TikTok that would have allowed hackers to infiltrate the accounts among its billion-plus users. The firm's research shows they were able to manipulate code to mess with accounts' contents, delete and upload videos without the account owner's consent, make previously "hidden" videos public, and access personal information like email addresses. The revelations may intensify the scrutiny over a social media service that's exploded in popularity globally in past years.

For more info: https://www.bloomberg.com/news/articles/2020-01-09/tiktok-security-flaws-may-have-exposed-user-videos-to-hackers