Skip to main content

Friday Five: 1/31 Edition

by Amanda Brown on Friday January 31, 2020

Contact Us
Free Demo

The state of New York may ban ransomware payments, NFL Twitter accounts get hacked, and Facebook releases a new data privacy tool for users - catch up on the week's news with the Friday Five.

1. New York Senators Proposes Bill to Ban Ransomware Payments by CISOMAG

For the first time ever, state authorities have proposed a law that bans paying the ransom demanded by hackers in ransomware attacks. There are two bills under discussion in committee in the state of New York, one proposed by Senator Bill Boyle and the other by Senator David Carlucci, that would ban government agencies and local municipalities from using public money to pay ransom to cybercriminals. To counteract the damage that this bill could possibly cause businesses, the proposal also recommends the creation of a state fund that would help government entities improve their cybersecurity capabilities. The “enhancement fund” would make grants and financial assistance available to villages, towns, and cites with a population of one million or less. These bills come after New York state legislature passed the SHIELD Act that was also meant to strengthen the state's data breach policies. The SHIELD Act holds companies accountable in terms of proper cybersecurity measures while providing more transparency to consumers in terms of their data privacy. New York is taking steps in the right direction, and as state senator Kevin Thomas said, “It is critical that our laws keep pace with the rapidly changing world of technology.”

Read more

2. US County Suffers Two Cyber-Attacks in Three Weeks by Sarah Coble

In just three weeks, Albany County in New York has been hit with two separate cyber-attacks. We touched on the first attack a couple weeks ago involving Sodinokibi ransomware infecting the network of Albany County Airport. The Airport reportedly ended up paying a five-figure ransom in Bitcoin to restore their system. Now, just three weeks later, the Albany County town of Colonie has been hit by a cyber-attack that took down the town’s computer system and email offline. Although the nature of the attack has not been determined, it sounds like Colonie has experienced what many other U.S. municipalities have of late: falling victim to ransomware. Many town departments were still experiencing problems over the weekend, and the town was forced to send a news release about the attack via fax. The release assured residents that there was no indication that any personal data had been compromised and that the town’s health and safety services were still fully functioning. Luckily, town spokesperson Sara Wiest said that the town’s data had been backed up prior to the incident, so many departments were able to continue working.

Read more

3. Twitter and Facebook Accounts for 15 NFL Teams Hacked by BBC News

With the Superbowl coming up this Sunday, the San Francisco 49ers and the Kansas City Chiefs have lots to worry about, and that now includes dealing with hackers. More than a dozen NFL teams had their Twitter and Facebook accounts hacked this week by the hacking group OurMine. Most accounts had the same tweet posted that read, “Hi, we’re back (OurMine). We are here to show people that everything is hackable." Some accounts had their profile pictures/headers changed or deleted. The first attack occurred on Sunday on the Chicago Bears Twitter account, when the group tweeted out that the team had been sold to a Saudi Arabian official and they would be trading a prized player for just $1. The hacking group took responsibility and claimed the purpose behind the attacks was to show that internet security was “still low” and had to be improved. They have attacked many Twitter accounts in the past, including Netflix, Marvel, Google’s CEO Sundar Pichai, and more. A representative from OurMine told the BBC that the group had actually reached out to the NFL before the attack to offer their services in improving the league’s security but received no response. The NFL did not respond to a request for comment.

Read more

4. New Facebook Feature Show You All Your Data That’s Been Shared by Outside Apps by Audrey McNamara

It has been a challenging year for Facebook rebuilding its reputation after many scandals involving users’ privacy were brought to light – most specifically the Cambridge Analytica scandal. The U.K.-based political consulting firm obtained the private information of tens of millions of Facebook users and used it to help clients analyze voters and target them with ads during the 2016 election. This scandal was the first time Facebook users realized the platform was gathering information about them even when they weren’t using the app. The social media giant is now making strides to give users more control over their privacy. CEO Mark Zuckerberg announced a new tool that will do just that in a blog post on Tuesday. The new tool, coined Off-Facebook Activity, lets users see how much – and what – data about them other apps are sharing with Facebook. That information is used by Facebook to cater relevant adds to every user. Now users have the authority to clear that data from their account if they so wish. The visibility that Facebook is now providing users can help them understand how and why the app and other large data firms target them. If users really want to take a deep dive into their stored data, the tool allows them to download and browse the list of websites and apps that shared their information.

Read more

5. Facebook Will Pay $550 Million to Settle Class Action Lawsuit Over Privacy Violations by Devin Coldewey

Keeping the focus on Facebook – The social media platform has decided to settle a class action lawsuit that alleged a systematic violation of an Illinois consumer privacy law. The $550 million settlement is definitely a large one - it’s actually the largest all-cash privacy class action settlement to date - but it’s just a small fraction of the $35 billion maximum the company could have faced. The suit was filed back in 2015 on the claims that Facebook collected facial recognition data without disclosure, through the images of users, and in doing so, violated the state’s 2008 Biometric Information Privacy Act (BIPA). In 2016, Facebook pushed back on the grounds that their facial recognition process did not count as biometric data, and the Illinois law does not apply to a California company. The judge rejected these arguments, and after five years of back and forth between the app and the state, Facebook decided to settle. As a Facebook representative told TechCrunch, “it was in the best interest of our community and our shareholders to move past this matter.” Although Facebook is not admitting to any wronging, the legal team for the state of Illinois believes that these decisions involving biometrics and geolocation could define our privacy rights for the next generation.

Read more

Tags:  Ransomware hacking Privacy Data Privacy Cybersecurity

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business