CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Voter data everywhere, and what are we to think?

Voter data everywhere, and what are we to think?
December 31, 2015

sh_voter registration_750

Security bloggers and researchers claim to have uncovered a publicly available database exposing the personal information of 191 million voters on the Internet. The information contains voters’ names, home addresses, voter IDs, phone numbers and date of birth, as well as political affiliations and a detailed voting history since 2000. While in most states, voter registration lists are a matter of public record, many have regulations restricting access and use. Because some states charge high fees for access to voter data, campaigns often turn to third-party vendors to purchase huge swaths of information at a lower price. Such databases can contain deeply personal information, such as whether you’re a gun owner, religious or believe in abortion. Source: The Hill

All aboard for what might be an uneasy ride 

sh_railroad_280Researchers have found holes in the security of railroad systems, according to a report presented at the Chaos Communication Congress, a security, arts and politics conference. Members of the SCADA StrangeLove collective presented a long list of problems with railroad systems that attackers could exploit. For hackers, “it’s absolutely easy,” to abuse some of these vulnerabilities, researcher Sergey Gordeychik said. Many problems revolve around automated systems in railroad networks; that is, parts of the train or infrastructure that previously were driven manually or mechanically—such as signals or locks—and which are now governed by computers. Source: Motherboard

Google gives schools software—and eyes student data

More than half of K-12 laptops or tablets purchased by U.S. schools in the third quarter were Chromebooks, which run Google software. The company freely offers word processing and other software to schools; more than 50 million students and teachers around the world use Google programs, the company says. But Google also is tracking what those students are doing on its services and using that information to sell targeted ads, says a complaint from a leading privacy advocacy group. Because of the arrangement between Google and many public schools, parents often can’t keep the company from collecting their children’s data, say privacy experts such as Nate Cardozo of the Electronic Frontier Foundation. Google says its education apps comply with the law, but acknowledges it collects data about some student activities to improve its products. Source: The Washington Post

Patients might be losing patience with loss of privacy

sh_HIPAA_280Hundreds of health providers nationwide repeatedly violated the federal patient privacy law known as HIPAA from 2011 to 2014, a ProPublica analysis of federal data shows. Well-known repeat offenders include the U.S. Department of Veterans Affairs, CVS, Walgreens, Kaiser Permanente and Walmart. But the agency tasked with enforcing the Health Insurance Portability and Accountability Act took no punitive action against these providers, ProPublica found. The data show the problem goes beyond isolated incidents, carrying few consequences even for those who violate the law the most. “The patterns … make a person wonder how far a company has to go before the Department of Health and Homeland Security recognizes a pattern of noncompliance,” said Joy Pritts, a health information privacy and security consultant. Source: ProPublica

Yeah, sure, we’ll do your taxes; we’ll take your refund, too

Two men pleaded guilty in U.S. District Court for the Middle District of Alabama to aggravated identity theft and conspiring to defraud the government. An indictment says the suspects obtained more than 1,000 stolen identities, filed more than 1,200 false federal tax returns, and claimed more than $4 million in fraudulent returns. The two worked at Jaycal Tax Service in Phenix City, Ala., from 2007 to 2012. Tax refunds issued by the U.S. Department of Treasury would be sent to addresses within the co-defendants control, such as post office boxes they had opened, then deposited into bank accounts opened in the business’ name. Source: The Montgomery (Ala.) Advertiser

A digital dog day afternoon

sh_sniffer dog_280The Federal Bureau of Investigation in New Jersey is getting a “cyber dog,” said special agent Celeste Danzi. “It’ll be an extremely versatile dog; it’ll be used in almost any type of investigation where we intend to search out or collect digital media,” she said. The cyber dog will be able to sniff out thumb drives, hard drives and cell phones. The canine can find such items “if they’re hidden or disguised as a pen or even a tiny chip,” she said. “It could be as small as a fingernail; anything that memory can be stored in, the dog will be able to scent or alert on.” Source: New Jersey 101.5 FM Radio

Why, it’s a perfect fit—and perfectly hackable

Many of the holiday’s hottest gifts—smart watches, drones and fitness trackers—could be susceptible to hackers. Such items made Intel Security’s list of Most Hackable Gifts because of their accessibility to Wi-Fi and Bluetooth. Online safety expert Stacey Conner said, “cyber criminals can impersonate a Bluetooth device or connection to gain access to all the information you might have.” Source: NBC News via WKTV, Utica, N.Y.

Checking out? Check your card for bad charges

sh_hyatt_280Hyatt Hotels is investigating malware it found on computers used to process customers’ payments. The data breach only affected properties managed by Hyatt, not franchise locations, the company said. As of Sept. 30, that included 318 properties. Hyatt Hotels’ current portfolio contains 627 properties in 52 countries. “The malware has been identified on computers that operate the payment processing systems for Hyatt-managed locations, which is a subset of the total Hyatt properties,” the company said. Source: CNN

Best treatment might be shelling out for security

Insurance brokerage the Graham Company reports that nearly three-quarters of business leaders are most concerned about potential risks associated with cybersecurity threats to their organizations. “I do see more employers reassuring employees about (Health Insurance Portability and Accountability Act) focused data security,” says Jennifer Walton-Faifer, an employee benefits attorney. In the end, the cost of maintaining the best security that an employer can usually is significantly less than the cost of a breach, she says, pointing to three main costs of a breach: reputation, financial costs and employee relations costs. Source: Employee Benefits News

Stream of consciousness about a possible breach

livestream_280Web-based video broadcaster Livestream advised registered users to change their passwords following a suspected data breach. The streaming service said it “recently discovered that an unauthorized person may have accessed our customer accounts database.” More than 40 million viewers each month watch thousands of live events online from Livestream from providers including, The New York Times, Facebook, ESPN, SpaceX, and Warner Bros. Records. Livestream says accessed information appears to include names, email addresses, an encrypted version of users’ passwords, date of births and phone numbers. The company does not store credit card or other payment information, and it doesn’t appear passwords had been decoded. Source: SC magazine

Opening another front on the battlefield

The Islamic State is working to launch cyber attacks against U.S. government and civilian targets. Though crippling attacks currently are beyond the reach of the Islamic State of Iraq and the Levant, also known as ISIL, its hackers have tried to penetrate computers that regulate the nation’s electricity grid, U.S. officials say. ISIL sympathizers are posting photos and videos of plane cockpits and discussing a desire to crash passenger jets by hacking into on-board electronics. Fellow extremists debate triggering a lethal radiation release by sending rogue commands to nuclear power plants, according to threat intelligence firm Flashpoint. Source: Politico

Your DNA code is safe with them

sh_DNA_280The Japanese government will revise the country’s privacy laws to clarify protections for personal genetic data. An expert panel decided the country’s privacy laws ought to treat genome data as personal identification codes, akin to fingerprints or digitized facial feature maps. As such, genetic data will be legally classified as highly sensitive personal information, inaccessible to third parties without an individual’s consent. Source: Nikkei Asian Review via Global Legal Post



The post Voter data everywhere, and what are we to think? appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started