1. UK consumers threaten data breach backlash by Warwick Ashford

Are all these data breaches scorning users? A recent survey that looked at consumer reactions to breaches in the UK suggests that's the case. 93 percent of respondents to the study, carried out by Gemalto, said they'd blame a business for exposing their data and would consider acting against them. 82 percent of consumers interviewed want orgs to implement greater online security measures, an even higher percentage, 91 percent, said they believe there are sites and apps that pose a risk to their personally identifiable information.

Read more

2. Quora data breach exposes 100 million users' personal info by Tucker Reals and Aimee Picchi

Another week, another breach, right? This week's largest was suffered by Quora, a site not everyone may be familiar with. The site, which allows users to ask and answer questions, is fairly popular; in September it reported to have hit 300 million monthly users. If that figure was legitimate then a third of them had their data exposed in a breach last Friday. The service announced on Monday that users' names, email addresses, encrypted passwords, along with content from the site - questions, answers, etc. - may have been compromised. Quora didn't say exactly how but said a third party was able to gain access to one of its systems which led to the breach. Quora deserves some credit here; it’s rare that breached companies specify how the breached data was encrypted but Quora did just that, at least after some prodding from users: “We’ve received a number of questions about our password encryption. To clarify: the Quora passwords that may have been breached were hashed using bcrypt with a salt that varies with each user, consistent with industry best practices,” the company tweeted Tuesday:

We’ve received a number of questions about our password encryption. To clarify: the Quora passwords that may have been breached were hashed using bcrypt with a salt that varies with each user, consistent with industry best practices.

— Quora (@Quora) December 4, 2018

Read more

3. This Company Wants to Use The Blockchain to Stop Phishing by Klint Finley

Blockchain probably won't save the world but it's not stopping companies from using it for good. We don't cover startup news too often in this space but Wired had an interesting read on Thursday about a new company that's looking to leverage the seemingly ubiquitous technology to eradicate phishing. The company, MetaCert, is hoping to use blockchain to encourage users to submit and categorize phishing links they encounter. It remains to be seen how successful the practice will be but the company is hoping users will trust the service as it will operate around a decentralized database.

Read more

4. Scottish GP practices to be supplied with free data protection officer by Emma Wilkinson

Doctors in Scotland got a pleasant surprise last week: The government there told general practitioners at a conference last week that health boards in the country would supply each with a data protection officer, free of charge. The news should help assuage any fears around complying with GDPR legislation. "‘We have been concerned for some time about the impact of GDPR legislation and what the extra requirements to manage substantial amounts of data might mean both for GPs and wider primary care teams – and have been asking for DPO officers to be put in place," Dr Andrew Buist, chair of the Scottish BMA GP Committee, told Pulse, a site and magazine dedicated to British primary care.

Read more

5. FBI: Watch out for Iranian SamSam malware by Justin Lynch

A week after it unsealed a six-count indictment against two men behind the SamSam ransomware, the FBI and DHS are urging industries, especially those within critical infrastructure, to be aware of the threat. An alert posted to the Department of Homeland Security's (DHS) US-CERT site on Monday provided technical details and mitigations that organizations can take to strengthen their security posture. Hopefully the alert isn't too little, too late for organizations like hospitals; according to the DHS last week the SamSam ransomware campaign began years ago, in December 2015.

Read more