Privacy News Online | Weekly Review: July 31, 2020
Featured: Privacy News Online – Week of July 31st, 2020
Top EU court sinks main framework for sending personal data across the Atlantic
The Privacy Shield framework, which allowed the large companies like Facebook to send data from Europe to the United States, has been ruled invalid by the Court of Justice. The Court of Justice has previously invalidated another framework, called Safe Harbor, which allowed personal data transfers from the EU to the US. This is a win for the privacy rights of EU citizens and has come to pass in no small part thanks to the work of European privacy activist Max Schrems.
Study confirms companies with poor privacy practices are more likely to suffer data breach
A new study released by Osana has verified something that many of us already suspected: companies that have poor privacy practices are more likely to suffer catastrophic data breaches. Osana looked at the top 11,000 companies and organizations on the internet based on website ranking and gave them all a privacy score based on the company’s established practices. The scores were then compared to reports of data breaches from the last 15 years and the correlation was clear: Companies with poor privacy practices are 80% more likely to suffer a data breach.
US Court rules that cryptocurrency exchanges must give up your private financial data
The U.S. Court of Appeals has ruled that cryptocurrency exchanges like Coinbase need to give up account information when asked by law enforcement – even if there isn’t a warrant. This ruling is due to the third party doctrine. While some digital logs stored with third parties such as text messages do have privacy protections and require the use of a warrant, the government has ruled that there is no such expectation of privacy from cryptocurrency exchanges. Does this make you less likely to use a cryptocurrency exchange? Let us know in the comments.
More Privacy News This Week:
Cisco, Zoom and Others Must Bolster Security, Say Privacy Chiefs
Privacy Commissioners from five countries have joined together to call on video conferencing companies to bolster their security and privacy measures. The Privacy Commissioners from Australia, Canada, Hong Kong, United Kingdom and Switzerland sent a letter to companies such as Zoom, Microsoft, Google, House Party, and Cisco imploring them to adopt standard security and privacy features such as two factor authentication and end to end encryption. The companies have until September 30th to respond to the open letter.
Tech unicorn Dave admits to security breach impacting 7.5 million users
Dave, a digital banking app, has publicly announced a security breach affecting over 7.5 million users. The company was forced to admit that the breach happened after a database full of Dave user credentials were offered for sale on a data breach forum. Dave said that the security breach happened at Waydev, a third party analytics company that had access to the data. Dave has reset passwords for all users and has so far said there is no evidence that the hackers used credentials to place orders on affected accounts.
ACCC alleges Google misled consumers about expanded use of personal data
The Australian Competition and Consumer Commission has opened a lawsuit against Google, alleging that Google did not properly disclose how personal data would be used. In 2016, Google started linking the information they gather when you’re logged into Google apps with non Google activity from elsewhere on the internet to better target advertising. The ACCC emphasizes that the disclosure of this privacy invading move was misleading and didn’t provide the necessary information needed to constitute informed consent.
More than 1,000 people at Twitter had ability to aid hack of accounts
The recent Twitter hack that affected the verified Twitter accounts of the likes of Bill Gates, Elon Musk, Joe Biden, and many many more has revealed the sad state of cybersecurity at Twitter. According to analysis, more than 1000 people had the access to the internal tool that hackers used to hijack the accounts and also read direct messages. That is a very large attack vector for a hacker, and even leaves room for undetected abuse from Twitter employees – which has happened before.
Garmin’s four-day service meltdown was caused by ransomware
GPS service Garmin recently faced a four-day service outage that was caused by a ransomware attack. Specifically, it is thought that the ransomware software WastedLocker was used on Garmin’s servers and hackers were demanding a $10 million USD ransom (in bitcoin). It’s unclear if Garmin paid the ransom to restart their services but Garmin is back in service now.
Brought to you by Private Internet Access
Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service. Sign up now and get 2 months FREE!