Monday, July 29, 2019

Capital One’s breach was inevitable, because we did nothing after Equifax

Another day, another massive data breach.

This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005.

That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.

The FBI already has a suspect in custody. Seattle resident and software developer Paige A. Thompson, 33, was arrested and detained pending trial. She’s been accused of stealing data by breaching a web application firewall, which was supposed to protect it.

Sound familiar? It should. Just last week, credit rating giant Equifax settled for more than $575 million over a date breach it had — and hid from the public for several months — two years prior.

Why should we be surprised? Equifax faced zero fallout until its eventual fine. All talk, much bluster, but otherwise little action.

Equifax’s chief executive Richard Smith “retired” before he was fired, allowing him to keep his substantial pension packet. Lawmakers grilled the company but nothing happened. An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine — which amounted to about 20% of the company’s annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly.

Legislatively, nothing has changed. Equifax remains as much of a “victim” in the eyes of the law as it was before — technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.

Mark Warner, a Democratic senator serving Virginia, along with his colleague since turned presidential candidate Elizabeth Warren, was tough on the company, calling for it to do more to protect consumer data. With his colleagues, he called on the credit agencies to face penalties to the top brass and extortionate fines to hold the companies accountable — and to send a message to others that they can’t play fast and loose with our data again.

But Congress didn’t bite. Warner told TechCrunch at the time that there was “a failure of the company, but also of lawmakers” for not taking action.

Lo and behold, it happened again. Without a congressional intervention, Capital One is likely to face largely the same rigmarole as Equifax did.

Blame the lawmakers all you want. They had their part to play in this. But fool us twice, shame on the credit companies for not properly taking action in the first place.

The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine. We watched and waited to see what would happen as the canary’s lifeless body emerged — but, much to the American public’s chagrin, no action came of it. The companies continued on with the mentality that “it could happen to us, but probably won’t.” It was always going to happen again unless there was something to force the companies to act.

Companies continue to vacuum up our data — knowingly and otherwise — and don’t do enough to protect it. As much as we can have laws to protect consumers from this happening again, these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously.

We had an opportunity to stop these kinds of breaches from happening again, yet in the two years passed we’ve barely grappled with the basic concepts of internet security. All we have to show for it is a meager fine.

Thompson faces five years in prison and a fine of up to $250,000.

Everyone else faces just another major intrusion into their personal lives. Not at the hands of the hacker per se, but the companies that collect our data — with our consent and often without — and take far too many liberties with it.

India to approach the EU seeking 'adequacy' status with the GDPR

The EU Commission and Japan signed a similar deal of equivalency to enable safe data transfers, based on a high level of protection of personal data. https://ift.tt/2KcPUcb https://ift.tt/eA8V8J

Qualcomm and Tencent Games announce strategic partnership to create digital entertainment, including Snapdragon-based mobile gaming devices, AR/VR, and 5G games (Patrick Moorhead/Forbes)

Patrick Moorhead / Forbes:
Qualcomm and Tencent Games announce strategic partnership to create digital entertainment, including Snapdragon-based mobile gaming devices, AR/VR, and 5G games  —  I write about disruptive companies, technologies and usage models.  —  Today, Qualcomm announced a sweeping …



Women bag frontline roles in gig economy, but lag behind in wages

What works in their favour: Lower attrition, fewer customer plaints & higher productivity https://ift.tt/2ynNhyO https://ift.tt/eA8V8J

NBFC liquidity crunch is putting the squeeze on fintech

Banks are traditionally cheaper sources of capital, but their credit checks tend to be more rigorous. So, most new-age lenders source funds from larger traditional NBFCs. https://ift.tt/2YcZvtj https://ift.tt/eA8V8J

Capital One hacked, over 100 million customers affected

Capital One was hacked earlier this month, the company has disclosed.

A notice about the data breach is currently being broadcast from the company’s home page.

Here’s what we know so far:

  • Capital One believes the breach exposed credit card application data for those who’d applied between 2005 and 2019.
  • The company says this works out to roughly 100 million individuals in the US, and 6 million in Canada.
  • The data leaked potentially includes “names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income” of those who’d applied, as well as information like “credit scores, credit limits, balances, payment history, contact information”
  • Capital One is estimating that roughly 140,000 social security numbers were potentially compromised in the US, as well as 80,000 linked bank account numbers. In Canada, roughly 1 million Social Insurance Numbers were compromised.
  • Transaction data for “a total of 23 days” spread across 2016/2017/2018 was obtained

A notice from the US Department of Justice says that Seattle engineer Paige A. Thompson was arrested in connection with the breach this morning.

Story developing..

Capital One says data breach likely compromised ~100M credit card applications, ~77K bank account numbers, and more; the FBI has arrested the suspected hacker (Devlin Barrett/Washington Post)

Devlin Barrett / Washington Post:
Capital One says data breach likely compromised ~100M credit card applications, ~77K bank account numbers, and more; the FBI has arrested the suspected hacker  —  Capital One, the Virginia-based bank with a popular credit card business, announced Monday that a hacker had accessed …



Sunday, July 28, 2019

Amazon's Lord of the Rings Series Sets Full Creative Team

Amazon Prime Video has announced the full creative team of its Lord of the Rings prequel series. It includes Bruce Richmond, Gene Kelly, Lindsey Weber, Gennifer Hutchison, Jason Cahill, Justin Doble,... https://ift.tt/2K9Jxq5

Poco F1 128GB, 256GB Variants Receive Discount, Other Offers on Mi.com

The Poco F1 sees its higher-end variants discounted during the latest Poco Days sale, with the 128GB variant now priced at Rs. 18,999. https://ift.tt/32UdL9j

All Three New iPhone Models in 2020 Will Support 5G: Ming-Chi Kuo

The latest research note by Ming-Chi Kuo states that Apple will add 5G support to all three 2020 iPhone models to compete with low-cost 5G-enabled Android smartphones. https://ift.tt/2K98sdx

Flipkart Launches Its First 'Furniture Experience Centre'

Flipkart has said that it has launched its first "furniture experience centre", in Bengaluru. The company said that it is also working with Google to enhance customers' overall viewing experience at... https://ift.tt/2K1UTxH

YouTube Needs 'New Set of Rules and Laws', Company's Product Chief Says

YouTube is striving to block those who would use it to promote racism, hate speech, violence and disinformation, its number two executive has told AFP, as the Google-owned company comes under... https://ift.tt/2YtgMd0

Tesla to Soon Get Netflix, YouTube Streaming Support: Elon Musk

Elon Musk has announced that people would be soon able to stream videos on digital platforms like Netflix and YouTube in parked Tesla electric vehicles. https://ift.tt/2Kbtic2

Facebook's Instant Games Migrating From Messenger to Main App

Facebook Instant Games will no longer be playable directly in the new version of Messenger on iOS starting later this summer. https://ift.tt/32ZF4ic

The Lion King's Weekend Box Office Helps Disney to a Record Year

The Lion King is now set to cross a billion dollars at the worldwide box office after it added $218.3 million this weekend. In the process, it helped Disney set a new all-time global annual box office... https://ift.tt/32XBsNN

Arizona's Maricopa County is set to have the second largest concentration of US data centers by 2028, as the state races to increase electricity production (Pranshu Verma/Washington Post)

Pranshu Verma / Washington Post : Arizona's Maricopa County is set to have the second largest concentration of US data centers by 202...