Dec 132018
 

Janene Pieters reports:

A data leak affecting the municipality of Amsterdam revealed the names and addresses of residents upset about the city’s home share policy. In one case a phone number was also leaked, AT5 reports.


The data was not recorded on the municipality’s website in an unrecognizable way, according to the Amsterdam broadcaster. Around 10 Amsterdam residents were affected by the leak. Whether the data was misused is unclear. 

Read more on NL Times.

Dec 122018
 

Donita Taylor reports:

Rhode Island is suing the parent company of Google for hiding a security breach that affected 52.5 million users, state General Treasurer Seth Magaziner stated in a news release Tuesday.


“Google had an obligation to tell its users and investors that private information wasn’t being protected,” Magaziner stated in the release.

[…]

A motion to combine Rhode Island’s suit and two others into a class-action suit and to name the Rhode Island pension fund as lead plaintiff was filed Monday by a San Diego class-action law firm engaged by Magaziner’s office. 

Read more on Providence Journal.

Here is the text of the state’s press release, published December 11:

Rhode Island General Treasurer Seth Magaziner today announced that Employees’ Retirement System of Rhode Island filed a motion with the court to lead a shareholder class action lawsuit against Alphabet Inc., parent company of Google, after it was revealed that Google executives had hidden privacy breaches that compromised the personal information of 52.5 million users. 

“Google had an obligation to tell its users and investors that private information wasn’t being protected,” said Rhode Island General Treasurer Seth Magaziner. “Instead, Google executives decided to hide the breaches from its users and continued to mislead investors and federal regulators. This is an unconscionable violation of public trust by Google, and we are seeking financial restitution on behalf of the Rhode Island pension fund and other investors.”

The underlying action is pending in the U.S. District Court for the Northern District of California and accuses the company of misleading shareholders and federal regulators when they failed to disclose ongoing breaches in private user information from its social media platform Google+. 

In October, Google announced it was shutting down the Google+ social media platform, after whistle blowers came forward with claims that the company had hidden vulnerabilities in its security measures. On Monday, Google announced that personal information for 52.5 million users had been compromised.

Dec 102018
 

David Thacker of G Suite writes that Google is abandoning Google+ even sooner than it had originally planned. A recent bug affecting more than 50 million users seemed to be the death knell for the product.

In October, we announced that we’d be sunsetting the consumer version of Google+ and its APIs because of the significant challenges involved in maintaining a successful product that meets consumers’ expectations, as well as the platform’s low usage.


We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.


With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. 

Read more on Google’s blog.

Dec 102018
 

Stephen Jewkes reports:

Italian oil services company Saipem said it had identified a cyber attack out of India on Monday that had primarily affected its servers in the Middle East.

[…]

Saipem’s head of digital and innovation, Mauro Piasere, told Reuters the attack had originated in Chennai, India. 


Servers in Saudi Arabia, the United Arab Emirates and Kuwait had been attacked as too, partially, had infrastructure in Aberdeen in Scotland, he said.

Read more on Reuters.

Dec 102018
 

From the good folks at EPIC.org:

In a report released today, the House Committee on Oversight declared that the Equifax breach, which affected 148 million U.S. consumers, was “entirely preventable.” The breach, one of the largest in U.S. history, compromised the authenticating details, including dates of birth and social security numbers, of more than half of American consumers. The House report concluded that Equifax “failed to fully appreciate and mitigate” the cybersecurity risks and placed corporate growth over data security. Despite several agencies, such as the CFPB and the FTC, pledging to take action against Equifax, nonehave done so. The House Committee recommended that Equifax “provide more transparency to consumers” about data use and security practices and reduce the use of social security numbers as identifiers, longstanding priorities of EPIC. Following the Equifax data breach in 2017, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft.