It's been confirmed, by ComputerWeekly, that foreign exchange service Travelex was indeed hit by Sodinokibi ransomware. And, as Bleeping Computer reports, the gang has threatened to dump data it stole during the attack should Travelex fail to pay the $3 million in ransom demanded. Thus ransomware attacks are now reasonably treated as threats to privacy as well as to data availability.
And so the city of Pensacola, Florida, which continues to recover from a Maze ransomware attack it sustained on December 6th, 2019, says that, while it doesn't believe any personally identifying information was compromised in the incident, it's nonetheless hedging its bets by offering free LifeLock identity protection to some fifty-seven-thousand people whose data the attack might have touched. The News Journal points out that the Maze gang, in what's become the new normal for ransomware operators, published more than two gigabytes of data taken from the city in an effort to induce Pensacola to pay up.
Google may have restored the widely mistrusted ToTok chat app to the Play Store (Vice notes, in reporting the chat app's reappearance in Play, that ToTok has been called an Emirati spyware tool), but Mountain View has taken action against another product for privacy issues. According to Naked Security, Google has revoked the access Xiaomi cameras had enjoyed to Google's Home Hub service. The IP cameras were reported in some instances to have shared still images from other people's homes to some of its users. This seems to be a glitch and not a malign plot on the part of Xiaomi, which says it's working to address the issue, but for now at least the cameras won't be connecting to Home Hub.
YouTube, pursuant to agreements that accompanied the $170 million fine it received from the US Federal Trade Commission in September 2019, is now limiting both ad targeting and data collection associated with content produced for children. TechCrunch has the story.
The US Office of Personnel Management (OPM) still has issues with the identity and credit protection measures it contracted for in the wake of two breaches it sustained during 2015. In one incident personal data of some 4.2 million current and former Federal employees were lost. The other breach, which affected "current, former, and prospective" employees, 21.5 million records of security background investigations were stolen. An OPM inspector general's report says that, while the companies hired to provide those services to the breach victims (Experian and ID Experts) are indeed performing in accordance with their contract, OPM's Contracting Officer's Representative (COR) is not providing adequate oversight to ID Experts. Specifically, the COR isn't preparing and maintaining records of meetings with the contractor, nor has the COR conducted site visits to evaluate contractor performance, nor has the COR documented reviews of the contractor's performance reports.
A Wall Street Journal piece marvels at the ways in which novel biometric modalities (like gait, which isn't new but which is still unfamiliar to most) and even implants are likely to pervade the workplace. One might wake up at 3:00 AM with nightmares about the mark of the Beast, but if you're responsible for corporate privacy compliance, you're likely to wake up in a cold sweat a couple of hours earlier than that: the data the Journal imagines organizations collecting include individual human health, activity, presence, absence, and so on. Effectively, that's everything.