eBay forces users to change passwords following cyber attack 

The California-based company has urged users to change their passwords following the finding that its databases have  become compromised by a cyber attack. The database was hacked between late February and early March, and included  customers’ names, email addresses, physical addresses, encrypted passwords and phone numbers but apparently no  financial data or other confidential personal information. The attack was discovered a fortnight ago but only after an extensive forensic investigation has the tech giant announced the attack. eBay claims that it had no evidence of there  being any unauthorised activity on its 128 million members’ accounts but that changing user passwords was “best  practice and will help enhance security for eBay users”. However, eBay have also warned that members who use the same  login details on eBay for other sites, should also update them. Concerns remain that the hackers will utilise the personal  information gathered for further attacks.

HMRC forced to rethink plan to sell tax data

Privacy campaigners have handed in a petition of 300,000 signatures to the government demanding HMRC to reconsider  plans to share millions of people’s personal tax data with private companies and researchers. Julian Huppert, a Lib Dem  MP, has supported the opposition by stating that HMRC would “seriously undermine the confidentiality” expected if it  relaxed restrictions on sharing taxpayer data. HMRC have responded by saying that it is “committed to protecting its  customers’ information” and will only take forward measures if a clear public benefit can be identified. 

Retailers join forces to target cyber crime

The Retail Cyber Intelligence Sharing Centre has been launched in the U.S. to share information and analyse data to help combat cyber crimes. According to trade group Retail Industry Leaders Association, Gap, Nike and Target are amongst the companies participating in the initiative. Through the centre, retailers can share cyber threat information amongst themselves and, via analysts, with public and private stakeholders, including the US Department of Homeland Security, US Secret Service and the FBI. The centre also promises to provide advanced training and education, and research resources to prevent retailers suffering a fate worse than Target. 

US charges Chinese officials

With tensions between the US and China over allegations of economic espionage escalating, the US Justice Department has indicted five Chinese military officers with stealing data from six US companies and unions. Attorney general Eric Holder announced that the US for the first time would seek to bring officials of a foreign government to the US to face charges of infiltrating American computer networks to steal data beneficial to US trade competitors. The Justice Department even printed “wanted” posters to reflect the significance of the trade secrets and other sensitive business information stolen. 

Google, Facebook and Microsoft come out top with 6 stars

Digital rights advocate Electronic Frontier Foundation (EFF) has released a privacy report covering major tech companies’ policies toward government data requests. Nine companies including Apple, Facebook, Yahoo and Google have received credit in all 6 categories measured, including requiring warrants for content, informing users about data requests and publishing transparency reports. Whereas fledging messaging app, Snapchat, received just 1 out of 6 stars in its first appearance in the report which was the lowest ranking out of the companies assessed. However, improvements have been made as in EFF’s first report, 4 companies received 0 stars, while this year every company was awarded at least 1. 

French inspection targets for 2014 released

The French Data Protection Authority (the CNIL) has announced its 2014 inspection targets, with the goal of reaching 550 inspections for the year compared to last year’s 414. The inspections will consist of 200 on-line inspections and 350 onsite. Particular focus will be upon on-line services, on-line payment, social media and data breach reporting by electronic communication service providers. Given recent events, of particular priority to the CNIL is the personal data gathering by online social networks, including sensitive personal data such as sexual orientation, ethnic origin and religious belief. Online payment processing and banking data retention are also set to be closely inspected.