WEEK OF APRIL 04, 2022
U.S. and European leaders reach deal on trans-Atlantic data privacy
- President Biden said the agreement included “unprecedented protections for data privacy and security for our citizens”.
- American and European Union leaders said on Friday that they had reached an “agreement in principle” to assure that it is legal to transfer personal data across the Atlantic, after a previous pact was struck down when a court found it did not do enough to shield Europeans from American surveillance programs.
- The deal includes a way for Europeans to object if they feel that their privacy has been violated, including through an “independent Data Protection Review Court,” the White House said in a fact sheet released after the news conference.
- The deal still needs to be made final, the United States and the European Commission said in a joint statement, adding that the White House would put its commitments in an executive order.
Anonymous hacks Central Bank of Russia; Leaks 28GB of data
- The hack was conducted under Operation “OpRussia” to mark a protest against the Russian attack on Ukraine.
- The group, particularly one of the Anonymous affiliate groups who goes by the Twitter handle of @Thblckrbbtworld, has leaked 28GB worth of Central Bank’s data which is now available for public download.
- It is worth noting that on March 23rd, 2022, Anonymous had claimed to hack the Central Bank of Russia and steal 35,000 files. The group went on to claim “We have your economic secrets now, you will tremble with fear, Putin.” To verify their initial claims the group had also tweeted copies of banking documents in the Russian language.
Data of 820,000 NYC students compromised in hack of online grading system: Education Dept.
- Personal data for roughly 820,000 current and former New York City public school students was compromised in the hack of a widely-used online grading and attendance system earlier this year, city Education Department officials said Friday, revealing what could be the largest-ever breach of K-12 student data in the U.S.
- Furious city Education Department officials are accusing Illuminate Education, the California-based company behind the popular Skedula and PupilPath platforms, of misrepresenting its cybersecurity measures by certifying that it encrypts all student data when in fact the company left some of it unencrypted.
- The breach prompted a weekslong shutdown of grading and attendance systems in January, causing chaos at city schools.
- The hackers gained access to a database with the names, birthdays, ethnicities, home languages and student ID numbers of current and former public school students going back to the 2016-17 school year, Illuminate told the Education Department. They also extracted information about whether students get special education services, class and teacher schedules, and whether kids receive free lunch, according to the Education Department.
Internet provider to Ukrainian military hit with major cyberattack
- Attack fuels fears that Russia, with ground war stalling, could launch destructive cyber campaign.
- The attack on Ukrtelecom PJSC was described by some experts as among the most harmful cyberattacks since the Russian invasion of Ukraine on Feb. 24. About 3:30 p.m. ET on Monday, Ukrainian officials said that they had repelled the attack, and that the company could restore services, according to a statement from Ukraine’s State Service of Special Communication and Information Protection, which is responsible for cybersecurity in the country.
- The Ukrainian cyber agency’s statement didn’t say who was responsible for the cyberattack. Security experts have said Russian-linked hackers have launched a variety of cyberattacks against financial services companies, internet service providers and government agencies since this February, in the run-up to the Feb. 24 invasion and after.
Payments to begin for UPMC employees who fell victim to data breach
- Employees were notified via an email on Monday that they will receive a payment notification with a link to claim it electronically. They are expected to receive between $10 and $20.
- Several employees filed a class-action lawsuit against UPMC in February 2014 after they learned that the health care giant’s payroll system had been breached and their personal data stolen. They alleged negligence and breach of contract, claiming that UPMC had a duty to protect the information.
- A federal investigation showed that Justin Sean Johnson, an expert in the PeopleSoft software used by UPMC, was able to hack their employee database. He took the employees’ personal information and sold it on the dark web. Ultimately, according to the U.S. Attorney’s office, hundreds of false tax returns, totaling more than $1.7 million, were filed based on the breach.
Apple and Meta shared data with hackers pretending to be law enforcement officials
- The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.
- Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account.
- While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.