This Week's InfoSec Newsletter - Oct. 28

Oct 28, 2021 10:00:00 AM | Weekly Report This Week's InfoSec Newsletter - Oct. 28

Mobile apps were under the spotlight this week.

Legislation is being passed around the world to improve everything from the protection of minors on social media to predatory lending practices within online banking. Let's get into it.

🚑 Bleeding data

Nearly 30,000 current and former students of the University of Colorado Boulder have been impacted by a data breach. In its official statement, the university reported that the breach came as a result of "a vulnerability in software provided by a third-party vendor, Atlassian, impacted a program used mostly by the Office of Information Technology to share resources, such as support and procedural documents, configuration files and collaborative documents." Identity monitoring services have been offered at no cost to those affected, and an incident helpline has been set up.

Read the full story

 

🦬 Boulderdash

This one we just can't leave out. Last week, a journalist reported a vulnerability in a Missouri Department of Elementary and Secondary Education website that left the Social Security Numbers of its teachers publicly accessible in the HTML source code. Missouri Governor Mike Parson, in response, accused the journalist of hacking the website, when, in reality, anyone can view any website's source code with just the click of a button. Governor Parson has committed to taking legal action against the journalist, and has budgeted $50 million in state funds for recovery efforts. That's one expensive "hack".

Read the full story

 
🇦🇺 13 going on 16

Australia's federal government has unveiled new privacy legislation that would require social media companies to "take all reasonable steps" to verify the age of their users and require parental consent for users under the age of 16. If made into law, the Online Privacy Bill would impose fines of up to 10% of a violating company's annual revenue in Australia; three times higher than the current maximum. While most social media providers currently have an age minimum of 13, legislators argue that that process is enforced by "self-attestation", rather than by independent verification.

Read the full story

 

🇰🇪 Money problems?

A new law passed by Kenya's National Assembly aims to put an end to malicious debt collection and shaming techniques frequently used by online banks. Kenyan banking apps have traditionally demanded access to a users' contact and message history before distributing funds. When the debts aren't paid, predatory lenders then use that collected information to their advantage, contacting friends and family to put more pressure on the borrower to pay up. Kenyans have had enough of the lack of regulation, and now there's a law to help. Lenders that are found to debt shame will be stripped of their banking licenses, and even the process of becoming a bank in Kenya has now become more stringent.

Read the full story

 

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.