At a glance.
- Canadian doughnut chain under scrutiny for privacy issues.
- UnityPoint Health reaches settlement; deadline approaches for making a claim against Yahoo.
- Up to 14 million may be affected by PII for sale on the dark web.
- Promethium APT is newly active in the Middle East.
- Alt-coin scam exploits privacy failures.
Canadian Privacy Commissioner investigates Tim Hortons.
The popular Canadian doughnut chain Tim Hortons is under investigation by privacy authorities at both federal and provincial levels, the CBC reports, following reports that the company may be improperly collecting customer data. As has so often been the case, the issue turns on monitoring user geolocation. The Financial Post claimed that Tim Hortons was using its app to silently track its users' activities even when the app was turned off, and that the users themselves were typically unaware of the tracking.
Two privacy settlements.
Health IT Security reports that UnityPoint Health after two years of litigation, has reached a $2.8 million settlement over two data breaches it sustained in 2018. A total of 1.4 million patients were affected. The breaches were both induced by phishing.
And, if you were among those affected by the data breaches Yahoo disclosed in 2016 or 2017, Nerdwallet reminds you that you have until July 20th to put in a claim for part of the $117.5 million settlement fund the company established. You could be eligible for up to $358.80, but it's unlikely in the extreme you'd get anything near that amount.
A large quantity of PII, origins unclear, appears on the dark web.
Lucy Security says it's found data from nine-hundred-forty-five websites for sale in dark web souks. Up to fourteen-million victims may be affected. The information includes “usernames, full names, phone numbers, hashed and non-hashed passwords, IP and email addresses as well as physical addresses.” It’s contained in two databases that together amount to roughly a hundred-fifty gigabytes of unpacked SQL files. They were released this month, on June 1st and June 10th. The contents of the databases, and remember they represent material culled from almost a thousand sites, appear to have been procured by different hackers. Investigation is proceeding.
Promethium APT deploys cyberespionage tools against individuals.
The Promethium APT (also known as StrongPity, although that name has also been used for one of the group's tools) is back, ZDNet and others report. This time around StrongPity is active against targets in Turkey and Syria. The latest wave of attacks features new Trojanized installers. It also shows a capability to search for and exfiltrate files from victims’ machines. It’s been employing watering hole tactics to selectively target victims in Turkey and Syria using pre-defined IP list, and it has adopted a three-tiered command-and-control infrastructure that’s enabled it to mask, to a certain extent, its operations and escape forensic investigation.
Promethium is a cyberespionage and surveillance operation believed to have been active since 2012, although it came to public attention in October 2016 with a watering hole campaign against targets in Belgium and Italy. Researchers at Bitdefender and Cisco Talos believe it to be state-sponsored, and that represents a consensus view. Which state does the sponsoring, however, is unclear, and the answer may not be a simple one. Cisco Talos believes, for example, that it's possible that Promethium could be a crew of hired guns, cyber mercenaries working under contract for a nation-state or a set of nation-states. It's had an extensive target list. While Middle Eastern and North African nations have figured prominently among its targets, Promethium has also been active in Europe, Asia, and the Americas. It has recently been implicated in surveillance of Kurdish populations.
Promethium has been known to use both internally developed tools and lawful intercept products in its operations.
A Bitcoin scam with privacy implications.
Group-IB reports a widespread Bitcoin scam that's used the exposed personal data on thousands of victims. The victims are distributed over twenty-one countries, but by far the most have been in the UK and Australia.
Group-IB explained that “Victims’ phone numbers, which in most cases came with names and emails, were contained in personalized URLs used to redirect people to websites posing as local news outlets with fabricated comments of prominent local personalities about [a] cryptocurrency investment platform that ‘helped them build a fortune’.”
The scam begins with an SMS text message with a shortened link, often a message that spoofs a well-known media outlet. Following the link takes the victim to a page tailored to their geographical region; the content purports to be exclusive media content of interest to an alt-coin speculator. The final stage redirects the unwary to enroll in a fraudulent Bitcoin investment scheme.
The losses to people gulled into fraudulent speculation are obvious. Less obvious, but equally real, is the reputational damage the spoofed celebrities and media outlets suffer as their names are hijacked into the service of crime.