At a glance.
- Ransomware at health insurance company?
- Pixels track email activity.
- Opt-in as a privacy policy.
- Cl0p gang doxes bank employees.
Signs indicate health insurance company suffered ransomware attack.
Security Week reports that the recent IT issues experienced by US health insurance provider Pan-American Life Insurance Group (PALIG) might be the result of a ransomware attack. The company’s website is down, displaying a message that explains there has been a “disruption to some of our services.” Meanwhile, researcher Anis Haboubi has discovered that the REvil ransomware group is claiming to be in the possession of 170GB of PALIG’s data, including financial and medical documents. The files were posted on REvil’s website and then later removed, indicating that PALIG might be in negotiations with the threat group. While PALIG has not confirmed the attack, their official statement declares, “We are taking the matter very seriously and investigating the activity quickly and thoroughly with the help of internal and external experts.”
Secret pixels track your email activity.
Hidden tracking pixels embedded in your emails could be keeping tabs on what emails you open. Most of us know better than to open phishing emails from unknown senders, but even emails from trusted sources like social media platforms or favorite stores might be spying on you. Marketing tools help organizations track what emails you open, giving them insight into their audience and helping them determine what advertising measures are most effective. Wired explains that by modifying email settings to prevent images in emails from automatically loading, users can prevent these tracking pixels from ever appearing. There are also browser extensions like Ugly Email and Trocker that will flag emails that contain tracking pixels and even block them from functioning.
Opt-in or opt-out? That is the question.
An opinion piece in the New York Times asserts that an opt-in approach for ad tracking could be the most successful method for protecting consumer privacy. For most websites with ad tracking, unless the user takes the additional step of opting out, the default setting automatically makes user data available for collection. Though many sites must gain user permission before collecting data, the barrage of pop-up messages requesting consent has many consumers clicking “yes” to anything and everything, making it easy for thousands of organizations to track any user’s actions on the web. The California Privacy Rights Act and Virginia’s new Consumer Data Protection Act, as well as the proposed privacy laws of over a dozen other states, aim to preserve user privacy, but the responsibility still remains with the consumer to opt out of data collection, an extra step that some users just aren’t willing or aware enough to take.
Cl0p ransomware gang doxes bank employees.
Vice reports that the Cl0p ransomware gang has exposed what they claim are the social security numbers and street addresses of eighteen employees of Flagstar Bank, based in the US state of Michigan. A message on the gang’s site implies that customer data were also stolen, and the cybercriminals brazenly publicized the act of extortion by informing journalists of their actions and their goal: a ransom from the bank in exchange for the data. Before the data appeared on Cl0p’s site, Flagstar disclosed that it was one of the dozens of organizations impacted by the Accellion data breach. An anonymous source associated with the bank said that the bank had been working with the hackers to negotiate a deal that would allow the bank time to further investigate the breach and determine which individuals were impacted. Flagstar is not the first organization to have their data leaked by Cl0p since the breach; other victims include a law firm affiliated with former US President Donald Trump.