At a glance.
- Accounting firm discloses data breach.
- Methods of securing academic integrity during distance learning raise privacy questions.
- Scammers seek personal data with COVID-19-themed phishing.
Accounting firm discloses data breach.
Accounting firm Squar Milner sustained a data exposure incident that affected an unknown number of accounts, the firm disclosed in letters to clients last week. The data at risk of compromise may have included "name, address, Social Security number or Tax ID number, as well as information pertaining to your prior filings with the IRS and state taxing authorities." They've reported the breach to the FBI and California authorities, and the firm is offering affected customers "theft restoration services" from ID Experts. The theft restoration services include credit monitoring for twelve months, "dark web monitoring, $1 million identity fraud loss reimbursement, and fully managed identity recovery services." TechNadu says that Squar Milner discovered the problem on March 25th when they encountered difficulties processing a client's tax return and determined that someone had stolen, then changed, the client's login credentials. The firm found that the same thing had happened with other clients' accounts. It's not clear yet whether the incident involved a breach of Squar Milner's systems or whether individual accounts were compromised by credential stuffing.
Students resent privacy implications of teleproctoring.
ZDNet reports that students and the Australian National University find themselves in conflict over university plans to install remote monitoring tools--the specific software package is Proctorio--onto students' devices, the better to detect and deter academic dishonesty. Universities are concerned about cheating during exams administered online. Students resent the invasion of privacy. The dispute under discussion is going on at the Australian National University, but it's reasonable to expect it to crop up elsewhere.
Proctorio does promise some extensive security for online learning. The company's slogan is "Not just proctoring. A Comprehensive Learning Integrity Platform." Its platform, which the company claims is used by some four-hundred universities, is said to offer "ID verification, automated invigilation, content protection, secure browser settings, computer lock down" (that is, preventing the student from leaving the task to, say, look for information that might help on a closed book test), "originality authentication" (screening for plagiarism), "administrative and faculty controls, and deep, instantaneous analytics." It uses biometric identification and, ZDNet says, includes behavioral analysis functionality, and here they include physical behavior, like eye movement.
COVID-19 phishbait seeks to obtain personal information.
The UK's Coronavirus Job Retention Scheme is also being used as bait by criminals prospecting individual victims. Less than twenty-four hours after the program opened yesterday, ComputerWeekly reports, bogus emails sporting Her Majesty’s Revenue & Customs branding and claiming to be from HMRC chief executive Jim Harra were already hitting in-boxes. Demand for relief under the Scheme is expected to be heavy, Computing says, and that will lend urgency to the scams as well as tend to reduce the victims' skepticism and resistance.
The Australian Cyber Security Centre's regular Threat update: COVID-19 malicious cyber activity outlines a set of problems similar to those seen in the UK and elsewhere. Since March 10th, ACSC has received roughly two reports a day of Australians losing money to coronavirus-themed online scams, and note that these are actual losses, not mere attempts. With their private-sector partners (including Google and Microsoft) ACSC has "disrupted" more than one-hundred-fifty COVID-19-themed websites that had been engaged in malicious activity.
Chicago-based Keeper Security warns that US citizens should expect to see a wave of scams as the Federal Government makes emergency assistance available under the CARES Act.
Singapore is offering the Self-Employed Person Income Relief Scheme. Applications open on April 27th, but the National Trades Union Congress (NTUC) is already warning people that emails that appear to originate with them are in fact the work of scammers.