Data breach in Oregon, ransomware in Florida, a company goes down and talk about surveillance cameras
Welcome to Cyber Security Today. It’s Friday June 21st. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
Oregon’s Department of Human Services has concluded that personal data of 645,000 people may have been exposed when nine employees fell for a phishing scam in January. The victimized staffers clicked on a link. My bet is the email looked like it came the IT department. Regardless, what those staffers did was give away access to their email. As a result the hacker could read anything years of email, including attachments. And most of the damaging client information available to the hacker was in those attachments, like requested reports. The information included first and last names, addresses, dates of birth, Social Security numbers and personal health information. The state began notifying people this week.
I hate to be repetitive, but toughening email security, including implementing two-factor password authentication, is vital for organizations to improve data protection. Remember, attackers don’t always have to get into the gold mine of company databases. Often they hit paydirt just by hacking email and reading attachments.
Some companies survive after data breaches, like Sony and Home Depot. Others get clobbered because they rely on a few major business customers who have low tolerance for being embarrassed. That appears to have happened at the parent company of a U.S. firm called American Medical Collection Agency, or AMCA. I told you a few episodes ago that AMCA, which is a bill collection agency for medical labs and hospitals, suffered a huge data breach. Well, this week AMCA’s parent company has filed for bankruptcy protection. Why? Because many companies, including AMCA’s biggest customers, cut their relationship with the company. That hit the bottom line. There’s a lesson for CEOs who think data breaches are no big deal.
The Florida city of Riviera Beach is the latest municipality to be unprepared for ransomware. SecurityWeek reports city council voted to pay $600,000 in ransom in the hopes of getting access to its data back after being attacked three weeks ago. It’s also spending $1 million on new computers and hardware. City systems were hit after an employee clicked on a malicious link in an email.
Finally, yesterday was National Surveillance Camera Day in the United Kingdom. Across the country there were events to spark public discussion about the increasing use of surveillance cameras and automatic facial recognition by municipalities, police, transit, retailers, universities and others in public spaces. Some organizations opened their doors to their surveillance camera control centres so the public can see how they work. A number also published factsheets about what their system is designed to do. This day of discussion came about because the U.K. has a National Surveillance Camera Strategy and a Surveillance Camera Commissioner to handle complaints. The strategy, released two years ago, says surveillance cameras in public places should have a legitimate aim and meet a pressing need; be proportionate; effective, and comply with any relevant legal obligations. Having a day of discussion about surveillance devices is a good thing. Think about asking your municipality, state or province about doing the same.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon