Security News
Trezor issued a security alert after identifying a data breach that occurred on January 17 due to unauthorized access to their third-party support ticketing portal. A subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorized party.
One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals may have stolen their personal information. "As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access to a portion of the Company's IT network and deployed ransomware," it said in a letter mailed to 21,184 people [PDF].
MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million. According to an 8K filing with the Securities and Exchange Commission on Thursday, MGM Resorts said less than $10 million has also been spent on "One-time expenses" such as legal and consultancy fees, and the cost of bringing in third-party experts to handle the incident response.
Data you don't control is open to causing you harm. The fact that nearly everyone in the US apparently likes "Instant gratification convenience over their long term security" suggests they have not yet had a piece ripped out of them.
The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto," the Indian government said.
Roid-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts," LetMeSpy said in an announcement on its website, noting the incident took place on June 21, 2023.
People reveal more personal information when you ask them the same questions a second time - according to new research from the University of East Anglia. The research team say that understanding why people disclose personal data could help inform measures to address the problem.
Windows 10 already has two flavours of encryption - BitLocker and Windows Device Encryption - and as of the 22H2 release, Windows 11 Enterprise and Education adds Personal Data Encryption. Personal Data Encryption doesn't replace either of them because it doesn't encrypt a whole drive; instead, it protects individual files and folders using 256-bit AES-CBC encryption keys that are protected by Windows Hello for Business, but only through applications that are built to use it.
The Public Prosecution Service in the Netherlands has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people. The suspect is being investigated for multiple offences: possessing or publishing "Non-public" data, possessing phishing software and hacking tools, computer hacking, and money laundering.
The study finds a significant disconnect between data privacy measures by companies and what consumers expect from organizations, especially when it relates to how organizations apply and use artificial intelligence. The survey showed 60 percent of consumers are concerned about how organizations apply and use AI today, and 65 percent already have lost trust in organizations over their AI practices.