At a glance.
- COVIDSafe data exposure.
- A retrospective on spycraft and data security.
- Legal updates on the Blackbaud ransomware incident.
COVIDSafe data extraction reported by IGIS.
Private data from the COVIDSafe COVID-19 monitoring app were “incidentally” collected by Australia’s Inspector-General of Intelligence and Security (IGIS) agencies, according to a report submitted by IGIS to the Office of the Australian Information Commissioner, reports iTnews. Australia’s Privacy Act states that use of the app’s data for purposes other than contact tracing is illegal, but the collection of data is considered merely “incidental” when it is inadvertently obtained as part of the law enforcement process. IGIS did not specify exactly which of its six agencies were involved, but groups under its jurisdiction include the Australian Security Intelligence Agency and the Australian Signals Directorate. The report indicates that the agencies used proper data handling protocol and that none of the data were decrypted.
From hieroglyphs to quantum computers.
The UK Science Museum‘s recent exhibit Top Secret demonstrates how modern cybersecurity was shaped by early spywork, reports Computer Weekly. The roots of modern data security practices can be traced back millenia, when ciphers were used in ancient hieroglyphs. “Randomness has always been used to disguise messages,” said exhibit curator Elizabeth Bruton. “Though the technology today is radically different, the basic principles of encryption using long strings of random characters...have changed very little over the past one hundred years.” Encryption keys were created manually with randomly selected letter tiles during World War II, while today cybersecurity agencies like Cloudflare use pendulums and lava lamps. Demonstrating how one day quantum computing will require quantum-resistant encryption, the exhibit highlights the fact that cybersecurity must always innovate to stay one step ahead of cybercriminals.
Updates on the Blackbaud breach.
Over one hundred organizations and ten million individuals globally have been impacted by the ransomware attack that compromised the data stores of cloud software company Blackbaud earlier this year, and the American Dental Association (ADA) Foundation is one of the latest entities to disclose that their data were exposed in the breach. The ADA asserts that because it appears only unencMeanwhile, Blackbaud is facing yet another class action lawsuit as a result of the attack, reports HealthITSecurity. So far over twenty-three lawsuits have been filed in relation to the breach, the newest from Heidi Imhof, a graduate from Stetson University College of Law in the US state of Florida. The suit claims that the breach was the result of Blackbaud’s inadequate data protection practices, and that the repercussions were worsened by Blackbaud’s delay in disclosing the breach to the impacted victims, as well as by Blackbaud’s inaccuracy in determining what data were compromised. The lawsuit’s goal is to secure monetary compensation for the time and funds the victims must spend to ensure their data are not misused.