Information Security – Data Breach

Adultery Site Ashley Madison to Pay $11.2 Million for User Data Breach

by

Adultery Site Ashley Madison to Pay $11.2 Million for User Data Breach.
The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.
Ruby Corp, formerly known as Avid Life Media Inc., denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis.
A word from our sponsor: Having a hard time growing your agency?
Not with Smart Choice!
Benefit from no start-up fees, no lengthy contracts, bonus and contingency sharing, low volume commitments, and the some of the best rated carriers in the industry.
Start today – join now!
Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan “Life is short.
Last December, Ruby agreed to pay $1.66 million to settle a probe by the U.S. Federal Trade Commission and several states into lax data security and deceptive practices, also without admitting liability.
According to Friday’s settlement, users with valid claims can recoup up to $3,500 depending on how well they can document their losses attributable to the breach.

Russia hacking row: Moscow demands US return seized mansions

by

Russia hacking row: Moscow demands US return seized mansions.
Russia has been pressing demands that the US give it access to two diplomatic compounds seized in the US last year.
In December the US expelled 35 Russian diplomats and shut the compounds over suspicions of meddling in US elections.
He was asked by reporters if the spat over the diplomatic compounds had been settled, and he replied: “Almost, almost.”
US officials did not comment and there has been no official press briefing.
Before the talks Russia made clear it was demanding restored access to the facilities.
Which compounds were seized?
Like the Maryland mansion, its location is ideal for eavesdropping on US communications, US officials say President Donald Trump’s team is under investigation over alleged Russian collusion during last year’s presidential campaign.
Mr Trump had been elected to succeed President Obama just weeks before.
Russia would retaliate if no compromise was reached at the meeting between Mr Ryabkov and Mr Shannon, the Russian newspaper Izvestia reported.

Ashley Madison offers to pay $11.2 million to hacking victims

by

Ashley Madison offers to pay $11.2 million to hacking victims.
Ashley Madison’s parent company has reached a proposed $11.2 million settlement agreement with lawyers representing victims of the cheating site’s 2015 data breach.
The high-profile hack left the personal data of more than 37 million users vulnerable and prompted class action lawsuits against the site’s parent company Avid Life Media and Avid Dating Life, which owned and operated Ashley Madison.
The potential plaintiffs are co-led by law firms Dowd & Dowd, The Driscoll Firm, and Heninger Garrison Davis.
“If the proposed settlement agreement is approved by the Court, ruby will contribute a total of $11.2 million USD to a settlement fund, which will provide, among other things, payments to settlement class members who submit valid claims for alleged losses resulting from the data breach and alleged misrepresentations as described further in the proposed settlement agreement,” it said.
“While ruby denies any wrongdoing, the parties have agreed to the proposed settlement in order to avoid the uncertainty, expense, and inconvenience associated with continued litigation, and believe that the proposed settlement agreement is in the best interest of ruby and its customers,” it added.
The company says that since July 2015, it has implemented “numerous remedial measures” to boost the security of customers’ data.
Security expert Itay Glick, CEO of data breach protection specialist Votiro, told Fox News that the proposed settlement should be viewed within the broader context of the breach. “However, I think they may be able to get away with it, as not all people would like to admit they own an account there.”
Despite the massive 2015 hack, Ashley Madison recently hit 52 million users.

Qatar: Alleged UAE hacking ‘unfortunate,’ violation of law

by

FILE – This June 6, 2017, file photo shows a parked Qatari plane in Hamad International Airport in Doha, Qatar.
The United Arab Emirates orchestrated the hacking of a Qatari government news site in May, planting a false story that was used as a pretext for the current crisis between Qatar and several Arab countries, according to a report Sunday, July 16, by The Washington Post.
In early June, Saudi Arabia, the United Arab Emirates, Bahrain and Egypt cut ties with Qatar and moved to isolate the small, but wealthy Gulf nation, canceling air routes between their capitals and Qatar’s and closing their airspace to Qatari flights.
(Hadi Mizban, File/Associated Press) DUBAI, United Arab Emirates — Qatar, the tiny Gulf state being isolated by its neighbors, said Monday the reported involvement of the United Arab Emirates in hacking its government news site in May is “unfortunate” and a breach of agreements among the Gulf countries.
The Washington Post, quoting unnamed U.S. intelligence officials, reported Sunday that the UAE orchestrated the hacking and planted a false story that was used as a pretext for the crisis between Qatar and four Arab countries.
The UAE along with Saudi Arabia, Egypt and Bahrain cut diplomatic ties and severed air, land and sea links with Qatar in early June over allegations that it supports extremist ideology — a charge Qatar denied.
The crisis has dragged on for more than a month with neither side showing signs of backing down.
Qatar maintained from the beginning that the quotes attributed to its ruler were the result of a hacking.
“This criminal act represents a clear violation and breach of international law and of the bilateral and collective agreements signed between the member states of the Gulf Cooperation Council, as well as collective agreements with the Arab League, the Organisation of Islamic Cooperation, and the United Nations,” he said.
Sheikh Saif said a Qatari government investigation into the hacking is ongoing and that prosecutors will “take all necessary legal measures to bring to justice the perpetrators and instigators of this crime.” Copyright 2017 The Associated Press.

Hackers tried to infiltrate state’s voter registration system almost 150,000 times on US election day

by

Hackers tried to access South Carolina’s voter registration system almost 150,000 times on Election Day alone, a new report from the state’s Election Commission has revealed.
The report plays into a larger pattern of attempted hacking in the 2016 election, in which the Department of Homeland Security (DHS) says more than 20 US states were targeted.
Intelligence officials believe much of the election meddling was carried out by Russian hackers.
In South Carolina, state officials met with the FBI and state law enforcement about the attempted hacking as early as August 2016, according to The Wall Street Journal.
That month, the DHS located 55 different vulnerabilities on devices used by the Election Commission – vulnerabilities that could be used to access the voter registration database and the Commission’s public-facing website.
The private security firm took more than three weeks to patch the majority of these vulnerabilities, DHS reports reveal.
South Carolina officials found no evidence that the voter rolls were actually breached.
“As of right now, we have evidence of election-related systems in 21 states that were targeted,” Jeanette Manfra, the acting deputy undersecretary for cybersecurity and communications at DHS, told the Senate Intelligence Committee.
“It’s stepped up a notch in a significant way in ’16.
They’ll be back.” Reuse content

Reliance Jio data breach: Maharashtra Cyber Cell investigating involvement of ‘antisocial’ elements

by

Reliance Jio data breach: Maharashtra Cyber Cell investigating involvement of ‘antisocial’ elements.
0:00 1:12: 0%: 0%LIVE -0:00No compatible source was found for this media.
The Department of Telecom (DoT) has initiated an investigation into the leaked details of Jio subscribers from Reliance Jio, and will soon seek details of its alleged subscriber data breach.
The Maharashtra Cyber Cell Superintendent of Police, Balsingh Rajput, said that they are currently investigating the possible involvement of “any anti-social elements or or people with criminal antecedents” who assisted the accused to secure the SIM cards, according to Indian Express reports.
Personal details of 120 million Reliance Jio subscribers were recently leaked online via Magicapk.com.
The leaked info included subscriber mobile numbers, email ID, SIM activation date and Aadhaar details of some users.
Also Read: Reliance Jio Lyf 4G phones get up to 60% off: How and where to buy online “They (company) have not come to us but we will seek details from them,” Telecom Secretary Arun Sundararajan told the press in response to a query on DoT’s action over the alleged data breach of Reliance Jio.
After further investigations into the case, the Maharashtra Cyber Police has identified the accused as ‘Imran Chippa’ – a 35-year-old computer science dropout from Sujangarh town in Rajasthan –who has been arrested for his alleged involvement in the case.
On July 16, Mumbai Cyber Police recovered 50 SIM cards from Imran Chippa in connection with the Jio data leak case.
The report also adds that Chippa had received the confidential customer details from a Bihar resident, which had helped him to breach the security system and hack into Jio subscriber details.

V.I.P.D. Ends Collection Of Social Security Numbers Following Identity Theft-Related Data Breach Incident

by

Ends Collection Of Social Security Numbers Following Identity Theft-Related Data Breach Incident.
The Virgin Islands Police Department has ended the practice of requesting the Social Security numbers of persons making incident reports, following a data breach at the department where personal identifying information of four individuals was stolen by a now-fired police officer, who gave the information to someone outside the V.I.P.D., in what has been described as an attempted identity theft crime.
He said anyone found to be in violation of the new policy will be disciplined, with consequences leading to dismissal from the force.
“You got to understand that the federal government has discontinued requesting Social Security numbers,” Mr. Richards said.
“Even most businesses when they need your Social Security number, they request only the last four… As a matter of fact, in most other jurisdictions, when I look at other police reports, they don’t require that you provide that information.” Furthermore, the commissioner said if someone refuses to provide the Social Security number, not much could be done about it.
However, the breach did not include information provided to the V.I.P.D.
The commissioner said once the investigation is completed, other actions will be taken against the officer, whose identity was not revealed.
Explaining the term “cleanup”, Mr. Richards added, “We know that there’s been one perpetrator, we know what was compromised, so we’re just investigating to determine whether there’s anything else that we don’t know of.
For example, everyone with a driver’s license has sensitive information stored in the force’s database.
“By law, if it is determined that there might have been some breach of information within the department, whether it be information such as a police report with the person’s name, address and social security — along that line, once we suspect that there might have been a breach and sensitive information might have been revealed, we have an obligation to report it to the public,” the commissioner told this publication last week.

38 governors sign cybersecurity compact

by

As leadership of the National Governors Association changes hands, state leaders pledge commitment to bolstering cybersecurity defenses in their states.
The announcement came Friday after a yearlong initiative spearheaded by Virginia Gov.
Alongside the compact signing, Nevada Gov.
Brian Sandoval, a Republican, took the reins from McAuliffe, a Democrat, as the new chair of NGA. “I am proud that, throughout the last year, we have successfully engaged governors and their states on strengthening their cyber protocols and recognizing that cybersecurity is a technology issue, but it’s also a health issue, an education issue, a public safety issue, an economic issue and a democracy issue.” On April 24, at the National Association of State Chief Information Officers, McAuliffe said his push to standardize cybersecurity measures across states was driven by the federal government’s “poor job” of designing a national strategy for states.
The lack of a federal framework, he said, was the result of legislators’ seeking to maintain authority on the issue across all of the many House and Senate committees.
“Which has made Congress very ineffectual.” McAuliffe said the Meet the Threat initiative prompted work that includes 12 executive orders, 14 signed bills, and 17 initiatives led by governors.
Lastly, our incoming [NGA] chair, Gov.
Sandoval, recently signed a bill to create a cyber defense center to lead all their cyber projects in Nevada.” McAuliffe’s cybersecurity initiative will continue as part of the NGA’s Resource Center for State Cybersecurity, which McAuliffe co-chairs with Republican Michigan Gov.
Rick Snyder, and as part of the NGA’s Governor’s Guide to Cybersecurity, an outline for state officials on steps to improve cybersecurity.

US government bans use of Kaspersky Antivirus software

by

US government bans use of Kaspersky Antivirus software.
Russian Cyber security firm Kaspersky Lab removed from approved list of software vendors by the Trump government Russian cyber security firm Kaspersky Lab suffered a jolt from the Donald Trump administration on Tuesday when it announced that it had removed the former from two lists of approved vendors used by state departments and government agencies in the United States to purchase technology equipment, amid worries about the company’s links to intelligence services in Moscow.
The news comes as a surprise when several reports floated by the US-based media, including Bloomberg News, suggested that the security firm had powerful ties than initially believed with Russian intelligence agency FSB.
The General Services Administration (GSA) who confirmed the news to AFP said that “GSA’s priorities are to ensure the integrity and security of US government systems and networks and evaluate products and services available on our contracts using supply chain risk management processes.” Denying all allegations in a statement on its website, Kaspersky said that the company does not have what it described as “inappropriate” ties with any government.
It also added that the company only operates with agencies to fight cyber crime.
“Kaspersky Lab is very public about the fact that it assists law enforcement agencies around the world with fighting cyberthreats, including those in Russia, by providing cybersecurity expertise on malware and cyberattacks,” the firm says.
“When assisting in official Russian cybercrime investigations, in accordance with Russian law, we only provide technical expertise throughout the investigation to help them catch cybercriminals.
Concerning raids and physically catching cybercriminals, Kaspersky Lab might ride along to examine any digital evidence found, but that is the extent of our participation, as we do not track hackers’ locations.
Disputing Bloomberg’s claim on Tuesday, Kaspersky said that “the communication was misinterpreted or manipulated,” but did acknowledge that it “regularly cooperates with law enforcement agencies, industry peers and victims of cybercrime.” It also added that “the company is being unjustly accused without any hard evidence to back up these false allegations.” In an earlier post written by Kaspersky on June 30 mentioned that, “For some reason the assumption continues to resonate that since we’re Russian, we must also be tied to the Russian government.
But really, as a global company, does anyone seriously think we could survive this long if we were a pawn of ANY government?”

UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials

by

UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials.
U.S. intelligence officials say the UAE orchestrated the hacking of Qatari government sites and placed false quotes attributed to the emir, sparking a regional crisis.
Officials became aware last week that newly analyzed information gathered by U.S. intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation.
The false reports said that the emir, among other things, had called Iran an “Islamic power” and praised Hamas.
a common place.” Qatar has repeatedly charged that its sites were hacked, but it has not released the results of its investigation.
During his two-day visit to Riyadh, Trump met with the six-member Gulf Cooperation Council — Saudi Arabia, the UAE, Kuwait, Bahrain, Oman and Qatar — and held individual closed-door meetings with several GCC leaders, including the Qatar emir.
The statements attributed to the emir first appeared on the Qatar News Agency’s website early on the morning of May 24, in a report on his appearance at a military ceremony, as Trump was wrapping up the next stop on his nine-day overseas trip, in Israel.
The UAE shut down all broadcasts of Qatari media inside its borders, including the Qatari-funded Al Jazeera satellite network, the most watched in the Arab world.
is actually very easy for me.” For his part, Trump agreed in the Christian Broadcasting Network interview that he and Tillerson “had a little bit of a difference, only in terms of tone” over the gulf conflict.
Qatar, Trump said, “is now a little bit on the outs, but I think they’re being brought back in.” Asked about the U.S. military base in Qatar, Trump said he was not concerned.