At a glance.
- T-Mobile settles data breach lawsuit.
- Uber admits to 2016 data breach cover-up.
- The Netherlands limits use of Google Chrome in schools due to privacy concerns.
T-Mobile settles data breach lawsuit.
Leading mobile phone company T-Mobile has agreed to a $350 million settlement for a class action lawsuit brought by customers impacted in a recent data breach. SecurityWeek explains that last August T-Mobile disclosed that personal data including Social Security numbers of nearly 80 million Americans had been exposed in a cyberattack. According to a filing with the Securities and Exchange Commission, the settlement contains no admission of wrongdoing, but the funds will pay for claims by class members and other legal costs. The mobile phone giant has also pledged to devote $150 million over the next year to shore up its data security and other technologies.
Uber admits to 2016 data breach cover-up.
As part of a settlement with the US Department of Justice, ride-sharing giant Uber has admitted to covering up a 2016 cyberattack that exposed the data of 57 million individuals. To avoid prosecution, the company confessed “that its personnel failed to report the November 2016 data breach to the [Federal Trade Commission] despite a pending FTC investigation into data security at the company.” In a data breach that was only revealed a year later, threat actors stole credentials to infiltrate a private source code repository and acquire a proprietary access key, which was used to copy large quantities of personal customer and driver data, 600,000 driver’s license numbers. The Verge notes that Uber allegedly paid the hackers a $100,000 ransom to delete the data and keep the breach under wraps. Now ousted CEO Travis Kalanick learned of the incident just a month after it occurred but neglected to disclose it with the Federal Trade Commission as required. Joe Sullivan, Uber’s chief security officer at the time, has been charged with obstruction of justice and is set to go to trial this September. Uber has agreed to pay $148 million to settle civil litigation connected to the breach.
The Netherlands limits use of Google Chrome in schools due to privacy concerns.
Bleeping Computer reports that the Dutch Ministry of Education will be imposing restrictions on the use of the Chrome OS and Chrome web browser amidst concerns about data privacy. The worries stem from Google’s collection of user data for ad tracking, as officials are concerned the practice could put student data at risk and possibly violate the General Data Protection Regulation. In a letter to Dutch parliament, the Netherlands' Minister of Education and the Minister of Primary and Secondary Education explained that they held conversations with Google, Microsoft, and Zoom regarding data protection, and the companies pledged they would make future versions of their software more transparent and compliant with EU data protection laws. However, Google says their updates won’t be available until next year, so schools using their software in the interim will be required to perform additional actions outlined by SURF, a Dutch cooperative association of educational and research institutions. The guidelines include implementing specific Group Policies and disabling services that could leak user data, setting the geographical location for data storage of the Google Cloud service to Europe, turning off ad personalization settings, and avoiding all use of the Google search engine.