Security & Privacy Weekly News Roundup, Vol. 1, Issue 9

Security & Privacy Weekly News Roundup, Vol. 1, Issue 9

Not so fast: Small banks and credit unions are trying to recoup millions in losses from data breaches at Target and Home Depot by upending a long-standing industry practice in which card networks Visa and MasterCard negotiate settlements with breached merchants, then distribute the proceeds to affected financial institutions. The smaller firms say the process favors big banks, and have filed a motion objecting to terms of a $19 million Target settlement. Small banks and credit unions asked a judge to let them pursue additional compensation. Meanwhile, a court case filed by small card issuers against Home Depot is drawing support from industry trade groups. Source: The Wall Street Journal

That plan won’t fly: A group of senators are worried that an airfare-comparison shopping system under development could lead to discrimination based on data that airlines get from fliers. Six senators sent a letter to Transportation Secretary Anthony Foxx expressing worries about privacy issues that could occur under International Air Transport Association Resolution 787. The system would require the collection, use and storage of sensitive personal information by airlines and travel agents in order to quote prices on flights. The senators say they believe the system could unfairly penalize consumers based on the information they provide the airlines. Source: Consumerist

Common enemies: Cyber crime is one of the top security challenges on the European Commission’s security agenda for the next five years. Some experts estimate that cyber crime costs the global economy more than $400 billion annually. But international law enforcement cooperation in tackling cyber crime is challenging. Anonymity software and ease of committing digital crime from afar has made evidence gathering difficult. Many hackers operate out of Eastern European countries and Asian nations that don’t have extradition treaties with the U.S. Source: The Hill

She bought what? Jenifer Perik, a pregnant hairdresser accused of bilking a client and using the money for purchases from a sperm bank, has pleaded not guilty to identity theft and financial crimes charges, say DuPage County, Ill., prosecutors. Perik is accused of making $6,000 in unauthorized purchases on the credit card of a 94-year-old woman. About half the purchases were for sperm. Perik is accused of paying about $3,000 to have three to five samples shipped to Illinois, Assistant State’s Attorney Diane Michalak said. Source: The Naperville (Ill.) Sun

A lesson in frustration: A cyber attack against the Rutgers University computer network is behind interruptions in Internet service, school officials said. The Rutgers Office of Information and Technology said the outages were related to a distributed denial of service attack. Since Monday, students have reported outages in Wi-Fi service and email. “We are working hard to correct the problem,” said university spokesman Steve Manas. Source: New Jersey Online

Let’s work together: A report on cyber governance commissioned by Zurich Insurance Group calls for the establishment of principles to build strength and “the establishment of supranational governance bodies such as a Cyber Stability Board and a ‘Cyber WHO,’ ” the announcement said. Zurich and ESADE Center for Global Economy and Geopolitics jointly published the report, “Global Cyber Governance: Preparing for New Business Risks.” It proposes new measures to strengthen the global governance framework for managing evolving cyber risks. Source: Insurance Journal

State of the states: Florida, Washington, Oregon and Missouri have the unhappy distinction of being the states with the most identity theft victims. Florida’s senior population may make it particularly vulnerable to identity theft. Elderly Americans often are targeted because they may have more money than younger Americans. They also tend to have more contact with multiple people such as caretakers entering their homes. While identity theft complaints are more common in these states than others, there are no safe states. Steven Toporoff, of the Division of Privacy and Identity Protection at the FTC, said, “Everyone is vulnerable.” Source: 24-7 Wall Street via USA TODAY

Cheap and easy: Hackers who get information in massive data breaches might post bits and pieces of personal data in public to advertise they’ve got more for sale in bulk. Jim Jones, associate professor of computer forensics at George Mason University, says it’s a common practice. “It’s a way to anonymously, but publicly, verify that you, the bad guy, have in fact stolen this set of data,” Jones said. Surveys show a complete identity may be sold for as little as $30. To drum up sales on the Darknet, Jones says, hackers will give potential buyers a taste on public sharing websites. Source: WJLA, Washington, D.C.

Share for safety: Awareness of the potential for a coordinated attack on a specific industry, such as the financial sector, led several industries to run simulations designed to test their response to a coordinated attack. The results showed a need for cyber-threat information to be shared. Otherwise, “it’s almost impossible to detect systemic attacks early enough to contain them,” says Ed Powers, U.S. managing principal of Deloitte & Touche’s Cyber Risk Services practice. Source: CFO Journal

Tough talk: The government should prepare to electronically attack those who threaten U.S. interests, said White House Cybersecurity Coordinator Michael Daniel. “We need to have a larger toolset to go after what the bad guys are doing,” he said. “This is not a tool that’s going to be used on a daily basis for ordinary criminals, but to allow us to go after the worst of the worst.” Such action would require data sharing between government and industry, Daniel said Congress is working on laws to make this possible. Source: The Register

Keepers of the keys: Information technology professionals say the risk and cost associated with managing encryption keys is one of their least favorite duties, citing unclear ownership of keys as the primary reason, says a global survey by the Ponemon Institute. As organizations use more encryption, they get more keys. “In some companies, you might have millions of keys,” said Richard Moulds of Thales e-Security, sponsor of the report. Source: CSO

Get ready, get set … The pain of a data breach can be lessened if an organization has a response plan in place. Emily Mossburg, of the Cyber Risk Services Resilient Practice with Deloitte & Touche, said staffers should know their roles and responsibilities. “It’s beyond just a technical investigation,” she said. “It’s about having a staff that knows this is a business issue … and preparing them in advance for what this might mean.” Source: Search Security

This article originally appeard on