Get Your Affairs In Order: The Ashley Madison Breach
Ashley Madison hackers made good on their initial threat from July this past week, releasing a downloadable database containing the following:
- 33 million accounts with user information, including names, street addresses and phone numbers
- 36 million email addresses
- 9.6 million documented transactions
- 10 GB of compressed data
Regardless of the morality of Ashley Madison’s services, this was an illegal hack of a website whose business depends on the security and confidentiality of user information. The Ashley Madison story is particularly terrifying because it offers a glimpse of how damaging security breaches can be now as more personal user information moves online. Sensitive information, when shared publicly, hits far closer to home and can have long-lasting and seriously detrimental impacts on the victims. As these massive hacks of so-called “secure” websites continue to proliferate, it is more important than ever to ensure that confidential data in the web is as secure as possible.
From Car-Jacking To Car-Hacking: How Vehicles Became Targets For Cybercriminals
In recent years, as technology has become increasingly integrated into cars, the automobile is quickly becoming the realization of our high-tech futuristic fantasies. Automated parking, braking and object detection, although just introduced, already seem to be side notes with autonomous cars on the horizon. Due to all of this new technology, cars are communicating more and more with high-tech devices and the internet. Although this has opened up incredible possibilities and opportunities for the automobile, it has also complicated car security exponentially.
In light of these current developments, the Senate is scrambling to develop policies and standards around cybersecurity that automakers must adhere to. It will also be interesting to observe how entities that manage large fleets, such as UPS, FedEx and Police Departments, will go about developing internal security policies for their cars. The following articles sum up some of the major current news regarding cyber security issues facing cars:
Volkswagen suppressed a paper about car hacking for 2 years
Hackers Remotely Kill a Jeep on the Highway—With Me in It
Senate Bill Seeks Standards For Cars’ Defenses From Hackers
Busting The Biggest Myth of CISA: That the Program is Voluntary
With Senate meetings looming on the horizon, criticisms continue to roll out regarding the Cybersecurity Information Sharing Act (CISA). Opponents of CISA have already noted some significant deficiencies in the act, primarily in its lack of protection regarding personal information and its “overbroad legal immunity for companies.” For these reasons, it is understandable, that many companies may want to forgo participating in the program in order to protect their users. Unfortunately, many believe that such companies will actually not have a choice. Cybersecurity information sharing with the government will only be permitted for program members. This will put non-members at such a disadvantage, critics believe that they will be forced to join CISA by default. This subtlety of the act seems to contradict its “voluntary” nature and advocates of digital security are hard at work, fighting CISA and hoping to sway Congress to pass more reasonable and effective cyber security legislation.
Appeals Court Affirms FTC Authority Over Corporate Data-Security Practices
In a “watershed” decision, the Philadelphia-based Third U.S. Circuit Court of Appeals ruled that the FTC may continue pursuing a lawsuit against Wyndham Corp. The FTC originally filed suit against Wyndham Worldwide Corp., alleging that the hotel chain was partially liable for the three security breaches they suffered in recent years where hackers stole more than 619,000 credit- and debit-card numbers. The FTC has been taking action to “to hold companies accountable for failing to safeguard consumer data,” explained FTC Chairwoman Edith Ramirez. In recent years, the Commission has brought more than 50 data-security cases to court to take action against unfair and deceptive business practices. By ruling in favor of the FTC, the Third U.S. Circuit Court of Appeals has further extended the FTC’s authority to police corporate cybersecurity.
With innovation, technology and legislation moving at such fast rates, securing your sensitive data becomes increasingly complicated on a monthly basis. Ensure your information is protected with the help of ZenGRC!
Photo Credit: Tom Hall