At a glance.
- Egregor ransomware updates.
- Pluto TV data breach.
- EU regulations exhibit tension between privacy and law enforcement.
Egregor strikes again...and again.
As the CyberWire noted last week, Forbes reported US retailer Kmart was breached by Egregor ransomware. Now, the Egregor operation has claimed two more victims. BleepingComputer reports the threat actors published a 32.7 MB archive including business documents stolen from Randstad, the largest staffing agency worldwide. Meanwhile, Forbes reports that mass transit in the Canadian city of Vancouver, British Columbia has been interrupted due to an attack on public transportation operator Translink.
Pluto TV hits mute button on recent breach.
Motherboard reports the data of 3.2 million users of free online TV service Pluto were stolen by threat actors and have been released on the dark web, but Pluto has made the unconventional choice not to officially inform its users of the breach. The compromised data include email addresses and passwords, but perhaps because the passwords are hashed and no credit card information is involved, Pluto stated they do not feel the data are sensitive enough to require a proactive statement. “As we continue to investigate this matter, we are communicating with users who have reached out to us directly to address any questions or concerns," Pluto said. However, at least one user who spoke to Motherboard said Pluto had ignored their requests for information.
EU rule sparks debate over monitoring for online sexual abuse.
As part of Europe’s ePrivacy Directive, on December 20 a rule is set to take effect that will drastically limit monitoring of online communications and the use of automated scanning software used to detect online child sexual abuse and grooming, the New York Times reports. While the measure is an effort to protect user privacy, European officials are concerned it will allow online sexual offenses such as child pornography to go unchecked.
Automated scanning can be credited for detecting the majority of the over 2.3 million photos and videos from the EU that are flagged as child sexual abuse-related. Platforms like Facebook would have to cease proactive scanning in the EU entirely, and as the social media app is the number one reporter of online child pornography imagery worldwide, this would be a huge loss. Defenders of the rule feel that child protection groups have not proven the invasion of privacy is worth the result. “We don’t open every letter in the mail to see if there is something illegal,” said Diego Naranjo of European Digital Rights in Brussels.
With the December 20 deadline fast approaching, officials are scrambling to find a compromise. One suggestion: continue video and image scanning, but remove the grooming scans, which search written communications for keywords and are not always as accurate. However, some argue that the grooming scans are essential, as they often prevent the abuse before it escalates. “There is this balance between the privacy of the user and the privacy of the child victim,” stated Ylva Johansson of the European Commission. “The role for politicians is to find the right balance.”