The Risk Report - April 2

Apr 2, 2022 9:00:00 AM | Weekly Report The Risk Report - April 2

Just because someone says they’re a cop, doesn’t mean you have to believe them. Unfortunately, that didn’t occur to some folks at two of the world’s biggest tech companies, who willfully handed over user data without double-checking the identity of the so-called cops.

👮 Trust me, I'm a cop

Apple and Meta were duped into handing over user data to hackers impersonating as law enforcement officers in a series of blunders that only be described as criminal. The attacks, which took place in mid-2021, came in the form of “emergency data requests” from legitimate, compromised law enforcement email addresses. The user data taken included customer addresses, phone numbers, and IP addresses. Early reports are linking the Recursion Team hacking group to the attack, with some signs also pointing to Lapsus$.

Read the full story

📸 Hide your pics

Shutterfly, the popular website for ordering prints of personal photographs, disclosed a ransomware attack on employee data that took place in December 2021. In its letter to impacted employees, the company outlined that full names, compensation data, as well as medical leave and workers’ comp claims, were among the information accessed. The hackers responsible have since been identified as the Conti Group. It remains unknown whether or not Shutterfly paid any ransom.

Read the full story

🍎 School's out forever

The personal data of around 820,000 New York City public school students was compromised after an attack on its online grading and attendance system in January of this year. Department of Education (”DOE”) officials were quick to deflect the blame to outside vendor Illuminate Education, which manages the Skedula and PupilPath platforms. The hackers were able to access hoards of student information dating back as far as 2016. The grading and attendance systems were left inoperable for one week, wreaking administrative havoc across the world's largest school system. The DOE has since requested a full-fledged investigation to be carried out by the New York Police Department, the FBI, and the state Attorney General’s office.

Read the full story

🤝 Across the pond

Two years in the making, a replacement for the EU-US Privacy Shield is finally here. In a joint press conference, US President Biden and EU Commission President Ursula von der Leyen introduced the Trans-Atlantic Data Privacy Framework. According to a White House fact sheet, this new framework will introduce new mechanisms to better handle EU resident data within the US, particularly as it relates to US intelligence activities. To go into law, this new framework will now require an Executive Order by President Biden as well as a more thorough approval process by the EU Commission.

Read the full story

🇺🇸 Work for Utah?

The Utah state government is ramping up its privacy and data security infrastructure with a new goal of hiring 50 certified InfoSec specialists across the state’s 36 different agencies. Utah’s first Government Operations Privacy Officer, Christopher Bramwell, is leading the initiative. Hiring aside, Utah is making big moves overall when it comes to data privacy, enacting its own state-wide consumer privacy law just last week.

Read the full story


New from Trustpage
Email

 

🆚 Compare security policies for thousands of companies

Every week we highlight the top breaches of the week. And then the next week, it's the same thing, more data breaches. So how can you understand how companies are actually protecting your data?

The Trustpage Directory gathers public information from around the web to create the most comprehensive and up-to-date InfoSec profiles for thousands of companies. You can quickly discover trusted vendors and compare their security posture to make more informed decisions on the vendors you're evaluating.

Check it out →

 

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.