The Risk Report - Feb. 26

Russia invaded Ukraine this week in the largest military attack on a European country since World War II. Many Ukrainian citizens are now scrambling to protect their privacy with VPNs and encrypted messaging services. But what does "encrypted" really mean, and how can you tell if what you're using is safe enough? Read on for more.

BREACHES OF THE WEEK

🚔 Not OK

The personal information of sexual assault victims may have been compromised in a recent data breach involving the Oklahoma City Police Department (”OKCPD”). In an email statement released to a local news channel, OKCPD explained that DNA Solutions Inc, a third-party previously used by the department for forensic testing, had been hacked last November, and that “sensitive personal and health-related information” from OKCPD forensic test kits may have been taken as a result. No Social Security or driver’s license numbers were compromised. DNA Solutions is offering one free year of identity protection to those impacted.

Read the full story

🍳 Kitchen disaster

Meyer Corporation, the world’s second-largest distributor of cookware, has suffered a ransomware attack. In its letter to affected employees, Meyer outlined that the attack occurred in October 2021, though it wasn’t until December when investigations discovered that employee PII may have been compromised, including Social Security numbers, medical information, driver’s license numbers, and more. Meyer has made it clear that there is no evidence such employee PII was taken, but that it is taking every step necessary to report on, and recover from, this incident. Meyer is offering 2 years of free identity protection to those impacted and has reported the attack to the California Attorney General’s office.

Read the full story

🏦 Criminal Capital Group

A massive whistleblower leak of over 18,000 Credit Suisse bank accounts totaling more than $100 billion has exposed dirty money that the Swiss bank has managed for corrupt politicians, drug traffickers, and human rights abusers. Swiss banks are known for their high levels of privacy and stability, which has attracted clients with unusual dealings for decades, but knowingly accepting money from criminals is forbidden under Swiss law. Credit Suisse went on the defensive, writing in a statement that it “strongly rejects” the reports, claiming they are “based on partial, inaccurate, or selective information taken out of context”. It remains unclear exactly who was behind the leak.

Read the full story

NOTEWORTHY THIS WEEK

🇺🇸 Americans want laws

Privacy legislation is gaining considerable momentum in the United States. California has brought about amendments to the CCPA, and Virginia and Colorado have passed laws that will both take effect next year. In total, there are now 22 states that have proposed privacy laws of their own. It can be a bit daunting to track and compare all the differences, which makes this US State Privacy Legislation Tracker a nifty website to bookmark. How does your home state stack up?

Read the full story

🇺🇦 Stay safe

Russia invaded Ukraine this week in the largest military attack on a European country since World War II. Many Ukrainian citizens are now scrambling to protect their privacy. Usage of encrypted messaging apps Signal and Telegram soared, and VPN apps are being offered for free. But in all of this, it’s important to understand which apps and services actually are encrypted and safe. In a Twitter post, Moxie Marlinspike, founder of Signal, wrote that while Telegram has gained popularity as a safe app for encrypted messaging, the reality is that all communication is stored in an online database which could easily be compromised by the Russian government. Asked in a follow-up tweet by Elon Musk if Signal itself was secure, Marlinspike defended his app, explaining how its end-to-end encryption design leaves no data stored online for hacking. Is this all well-intended advice, or poorly-timed shameless self promotion?

Read the full story

‍

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.