At a glance.
- Reticence in SMS, social media.
- CNA confirms data exposure in ransomware attack.
- Data exposure at Acquirely.
Protecting your texts from prying eyes.
The Washington Post asks just how vulnerable our private text messages are to very public scrutiny. Several recent court cases, like the trial of alleged fraudster Elizabeth Holmes, former CEO of Theranos, have shown how texts, group chats, emails, and social media messages can be trotted out to expose discussions the defendants’ most likely thought the public would never see. The Post offers several suggestions for protecting your messaging life, including turning off cloud backup storage, auto-deleting past messages, avoiding group chats, and resisting the urge to slide into someone’s DMs. And for our text-reliant society, the simplest solution might also be the most challenging: just say it in person.
CNA confirms data exposure after ransomware attack.
American insurance giant CNA suffered a ransomware attack in March, and the company’s filing with the Securities and Exchange Commission (SEC) this week reveals that the incident exposed the personal data of over 75,000 employees, contractors, and policyholders. The Chicago Tribune recounts that at the time of the attack, CNA claimed there was “no indication that the data was viewed, retained or shared,” despite the fact that the hacker’s intrusion caused a network disruption that shut down CNA’s website and corporate email, compelling CNA to pay the attackers $40 million to restore their systems. In the SEC filing, CNA acknowledged that the data exposure could lead to penalties or legal repercussions that the company might not be able to cover with their insurance: “Costs and expenses incurred and likely to be incurred by the company in connection with the March 2021 attack include both direct and indirect costs and not all may be covered by our insurance coverage.”
Unsecured Acquirely database exposes private data.
The misconfiguration of an Amazon Web Services (AWS) S3 bucket owned by Australian marketing software firm Acquirely resulted in the exposure of the data of more than 200,000 individuals. According to the researchers at vpnMentor, who discovered the leak, the compromised data appears to have been provided by Australian residents entering competitions run by Acquirely, and it includes email and street addresses, names, dates of birth, and phone numbers, all private info that could be used by crooks looking to commit fraud. The researchers say the database was easily accessible to anyone with a web browser and basic computer skills. vpnMentor reached out to Acquirely, AWS, and Australia’s Computer Emergency Response Team (CERT) before receiving confirmation from Acquirely that the database was secured a few weeks after discovery.