eBay forces users to change passwords following cyber attack
The California-based company has urged users to change their passwords following the finding that its databases have become compromised by a cyber attack. The database was hacked between late February and early March, and included customers’ names, email addresses, physical addresses, encrypted passwords and phone numbers but apparently no financial data or other confidential personal information. The attack was discovered a fortnight ago but only after an extensive forensic investigation has the tech giant announced the attack. eBay claims that it had no evidence of there being any unauthorised activity on its 128 million members’ accounts but that changing user passwords was “best practice and will help enhance security for eBay users”. However, eBay have also warned that members who use the same login details on eBay for other sites, should also update them. Concerns remain that the hackers will utilise the personal information gathered for further attacks.
HMRC forced to rethink plan to sell tax data
Privacy campaigners have handed in a petition of 300,000 signatures to the government demanding HMRC to reconsider plans to share millions of people’s personal tax data with private companies and researchers. Julian Huppert, a Lib Dem MP, has supported the opposition by stating that HMRC would “seriously undermine the confidentiality” expected if it relaxed restrictions on sharing taxpayer data. HMRC have responded by saying that it is “committed to protecting its customers’ information” and will only take forward measures if a clear public benefit can be identified.
Retailers join forces to target cyber crime
The Retail Cyber Intelligence Sharing Centre has been launched in the U.S. to share information and analyse data to help combat cyber crimes. According to trade group Retail Industry Leaders Association, Gap, Nike and Target are amongst the companies participating in the initiative. Through the centre, retailers can share cyber threat information amongst themselves and, via analysts, with public and private stakeholders, including the US Department of Homeland Security, US Secret Service and the FBI. The centre also promises to provide advanced training and education, and research resources to prevent retailers suffering a fate worse than Target.
US charges Chinese officials
With tensions between the US and China over allegations of economic espionage escalating, the US Justice Department has indicted five Chinese military officers with stealing data from six US companies and unions. Attorney general Eric Holder announced that the US for the first time would seek to bring officials of a foreign government to the US to face charges of infiltrating American computer networks to steal data beneficial to US trade competitors. The Justice Department even printed “wanted” posters to reflect the significance of the trade secrets and other sensitive business information stolen.
Google, Facebook and Microsoft come out top with 6 stars
Digital rights advocate Electronic Frontier Foundation (EFF) has released a privacy report covering major tech companies’ policies toward government data requests. Nine companies including Apple, Facebook, Yahoo and Google have received credit in all 6 categories measured, including requiring warrants for content, informing users about data requests and publishing transparency reports. Whereas fledging messaging app, Snapchat, received just 1 out of 6 stars in its first appearance in the report which was the lowest ranking out of the companies assessed. However, improvements have been made as in EFF’s first report, 4 companies received 0 stars, while this year every company was awarded at least 1.
French inspection targets for 2014 released
The French Data Protection Authority (the CNIL) has announced its 2014 inspection targets, with the goal of reaching 550 inspections for the year compared to last year’s 414. The inspections will consist of 200 on-line inspections and 350 onsite. Particular focus will be upon on-line services, on-line payment, social media and data breach reporting by electronic communication service providers. Given recent events, of particular priority to the CNIL is the personal data gathering by online social networks, including sensitive personal data such as sexual orientation, ethnic origin and religious belief. Online payment processing and banking data retention are also set to be closely inspected.