Close on the heels of Quora’s data breach just two days ago, online florist 1-800-FLOWERS has announced that they have been subject to a data breach that has been going on for 4 years. The breach was of payment data including credit card number, expiration date, card security code, and the first and last name of the card holder. As many as 75,000 1-800-FLOWERS customers have been affected.
Quora has just announced that it discovered a data breach on Friday, November 30th. Taking a move from the playbook of, apparently, nobody else, Quora did not wait weeks or months or even days to announce the breach – going from discovery to notifying their users in no more than 72 hours. Thank you for that, Quora!
The Marriott hotel chain announced today that their Starwood property has suffered a massive data breach of as many as 500 million guest records. Note that even though the breach was discovered days earlier, they are announcing it on a Friday morning; Friday is known to be the day to announce things if you want them to get the least amount of attention.
Last year (in fact almost a year ago exactly) we told you about the U.S. Post Office’s new ‘Informed Delivery’ service. For those of you not familiar with the USPS Informed Delivery service, well, count your blessings. Because the postal service has experienced a serious breach, making the personal information of all 60 million plus Informed Delivery vulnerable.
Countless Amazon customers woke up this morning to an email from Amazon telling them that “our website inadvertently disclosed your name and email address due to a technical error.” And, in fact, that’s just about all the email said, other than “the issue has been fixed” and that there is no need for the customer to take any action.
Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).
Oh, the irony! Identity theft protection service LifeLock has exposed millions of their customers’ email addresses. And according to Krebs on Security, the exploitable vulnerability was so basic that it seems “that whoever put it together lacked a basic understanding of Web site authentication and security”!
At the end of last week, on or around Friday, July 27th, 2018, Walgreens sent out a seemingly innocent email notice of Walgreens updated terms and conditions of use. But some people noticed that it contained a hidden message saying “Walgreens values your privacy. We recently became aware of fraudulent activity.”
In a hack that the New York Times is calling “one of the largest known breaches of a retailer”, Saks 5th Avenue and Lord and Taylor have had the credit card and debit card information of millions of customers compromised by an ongoing hack that lasted for months before it was terminated a few weeks ago.
Can’t log into your account via an app, or via the web, when you know that you are using the right password? In fact, when you try to log in using the exact same password on the web, or via the app, respectively (whichever one is not the one you are having trouble with) the password works perfectly? We may have the answer.
As news of the Intel chip security flaw has started to permeate public awareness, people are asking themselves two main questions: “Do I have to worry about it, and if so what do I need to do?” and “Just what is speculative execution?” (The issue with the chips has to do with the speculative execution function.) This flaw is said to affect millions of Windows, Mac, and Linux computers around the world. “Major flaw in millions of Intel chips revealed” screams the BBC headline. “A Critical Intel Flaw Breaks Basic Security for Most Computers,” banners Wired. Even Popular Mechanics is getting in on it, stating that “Horrific Security Flaw Affects Decade of Intel Processors.” Although, others are starting to say that it’s not limited to Intel chips, as pointed out by the Axios story, “Massive chip flaw not limited to Intel.”
I was recently interviewed, in my capacity as an Internet law and policy attorney, and head of the Institute for Social Internet Public Policy, for an article sponsored by RSA about the impact that GDPR (the EU’s General Data Protection Rules), which goes into effect in the European Union in May 2018, is going to impact, well, everything. And, in particular, about how it will impact U.S. based businesses, because, trust me, it will.
Amazon isn’t the only company looking to come into your home, literally, when you aren’t there. Walmart also has announced what they have nicknamed “in-fridge delivery”, a service where their employee, nicknamed a “Deliv driver” (seriously, Walmart, who is coming up with these things?) comes into your home to make deliveries, when you’re not home, even putting your groceries away in the fridge for you. To which we say not only “no”, but “hell no!”