This Week's InfoSec Newsletter - Nov. 18

Nov 18, 2021 11:45:00 AM | Weekly Report This Week's InfoSec Newsletter - Nov. 18

In this weeks article on breaches this week, we dive into stolen money, compromised systems, and data privacy.

It can be incredibly difficult to effectively analyze large amounts of data in short amounts of time. Things fall through the cracks, money's stolen, and systems are compromised. Many of these challenges could be solved with machine learning, but the field still has a lot of growing pains when it comes to data privacy. Fortunately, some folks out there are on a mission to fix that...

🌐 Change the locks

Aruba Networks, an enterprise network and security solutions provider, and a subsidiary of Hewlett Packard Enterprise, suffered a data breach earlier this week. In its official statement, the company announced that an unauthorized individual used a stolen access key to view customer data stored within the Aruba Central cloud environment. The small amount of data exposed was limited to network and device information, which is routinely collected by Aruba for improving its machine learning algorithms. Aruba is working on changes to its encryption methods in order to prevent this type of incident from happening again.

Read the full story

 

💳 Check your bill

Costco has reported that a credit card skimmer was recently found at one of its stores in the Portland, Oregon area, and has mailed letters to those customers who may have been impacted. It has not been specified which Costco location the skimmer was found in, or when it was found, but it is confirmed that full credit card details were stolen. The issue was first discovered during routine PIN pad inspections by Costco employees. Costco is offering complimentary identity theft protection services to those customers impacted and is working with law enforcement "to prosecute this criminal activity".

Read the full story

 
👀 $92 million

TikTok has agreed to settle a major class-action lawsuit, and if you used the app anytime before September 30th of this year, you might be eligible for a payout. The lawsuit accused the company of leveraging invasive biometric data collection techniques to fuel its machine learning algorithms and make better content recommendations to its users. The problem is that this was all done without proper user content, which is against the law in Illinois where the lawsuit was filed. If you want to take part in the settlement, submit your claim here by March 1, 2022.

Read the full story

 

🇬🇧 Audience choice

The British government is considering changes to its data privacy laws, and has asked the nation's businesses to share their thoughts. Ever since leaving the EU nearly two years ago, the UK has followed privacy laws that nearly mirror the GDPR. But now that they're on their own, they're ready for something different, and there are 4 major proposed changes that UK businesses have until this Friday, November 19th to share their thoughts on. Those changes span from fees for data requests, to cross-border data transfers, and incident response requirements.

Read the full story

 

🤖 Rise of the machines

Researchers at Rice University in Texas have developed a method for better integrating data privacy with machine learning in a way that won't break the bank. Anshumali Shrivastava, an associate professor of computer science at Rice, states that "there are many cases where machine learning could benefit society if data privacy could be ensured" but that "engineers today must either sacrifice their budget or the privacy of their users". This new method, called RACE, aims to ensure that privacy is no longer a compromise. RACE will be unveiled in greater detail this week at the ACM Conference on Computer and Communications Security.

Read the full story

 

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.