At a glance.
- Privacy risks associated with distance learning.
- Data breach in Warner Music e-commerce sites.
- Marketing firm's misconfigured AWS bucket exposes PII.
Academic year opens with privacy risks attendant on remote learning.
The academic year in many countries is beginning with distance learning, and this has been adopted as a measure of protection against COVID-19 during the continuing pandemic. Distance-learning brings with it an expanded attack surface and a correspondingly heightened risk to privacy. While the attack that's drawn the most attention so far has been the distributed denial-of-service attack that crippled the opening of school in the Miami-Dade School District (the apparent motive was truancy as opposed to extortion, and a sixteen-year-old high school junior has been arrested, the New York Times reports), the risk isn't confined to denial-of-service, nor is it confined to the United States. The UK’s Department for Education has told schools to be on the lookout for cyberattacks in the young academic year.
There are privacy risks to home networks implicit in distance learning. The student who learns from home exposes the home to whatever badness is going on in the schools’ networks. KNX 10.70 News Radio in Los Angeles points out that “Hackers attacking school districts could end up in your living room via remote learning.”
Warner Music discloses a data breach in e-commerce sites.
Warner Music Group has disclosed a data breach in several e-commerce sites it operates. The data were potentially vulnerable to unauthorized access between April 25th and August 5th of this year. The exposure is also a potentially serious one, since the potentially compromised information included "name, email address, telephone number, billing address, shipping address, and payment card details (card number, CVC/CVV and expiration date)." Warner Music is investigating, but the company says that customers who paid via PayPal are apparently safe. BleepingComputer says it looks like a Magecart caper, and Warner’s disclosure throws some shade in the general direction of a third-party it works with to run the sites. Warner is offering its affected customers, whom it's contacted in the course of disclosure, twelve months of free identity protection through Kroll. Those services include credit monitoring, fraud consultation, and identity theft restoration.
View Media sustains data exposure incident.
Online marketing company View Media has inadvertently exposed millions of individual records pertaining to US citizens, according to CyberNews. It's another case of a misconfigured AWS S3 bucket. The data included full names, email and street addresses, phone numbers and ZIP codes. These were contained in more than five-thousand files, which included some seven-hundred statements-of-work for targeted email and direct mail advertising campaigns as well as CSV and XLS files that held 23,511,441 unique records. These were the ones that held the personally identifiable information.