Amazon faces Ring video camera privacy violation allegations, U.S. cellphone carriers face location data sale claims, and a retailer pays a hefty fine for a data breach.
Welcome to Cyber Security Today. It’s Monday January 14th. To hear the podcast, click on the arrow below:
Amazon is defending itself against allegations it’s not keeping on top of employees at its new Ring smart doorbell division. Amazon bought Ring, which makes video monitoring cameras hidden in doorbells and homes, last year. Claims made in two news sites, The Intercept and The Information say that in 2016 some staff in Ring’s Ukraine lab and in the U.S. were given full access to video feeds from every Ring camera. That apparently was supposed to end last May in the Ukraine office. But a former employee is quoted as saying staffers got around the restrictions. In a statement to Tech Crunch, Ring said some public video feeds are annotated, but there are systems to restrict and audit staff access to information.
American cellphone carriers have reacted to a Motherboard news story last week that the companies are selling customers’ live location data to third parties. Some of that data ends up in the hands of bounty hunters and others. AT&T said it will stop the practice, T-Mobile says it will end its relations with location aggregators by March and Verizon reportedly said it is winding down its location aggregator contracts with roadside assistance companies. Motherboard discovered location data from three major U.S. wireless carriers goes through a number of companies and can be accessed by almost anyone.
A 34-year old Massachusetts man has been sentenced to over 10 years in prison for launching denial of service attacks against two healthcare organizations in the state in 2014 to protest how a teenager was treated at the centres. He also has to pay nearly $443,000 in restitution for damaging their networks. According to the Hacker News, the convicted man told the court he wished he could have done more.
A data breach can be expensive to a company, not only in picking up the pieces, but also in fines. Last week U.S. retailer Neiman Marcus agreed to pay $1.5 million to 41 states to resolve an investigation into 2013 breach of customer payment card data at 77 stores. About 370,000 payment cards were compromised. At least 9,200 of them were used fraudulently. The company agreed to adopt measures to prevent hacks.
Finally, if you’re a IT pro and interested in cloud security, there’s a Cloud Security Summit in downtown Toronto on Thursday January 17th. I’ll be there to cover it. IT World Canada chief information officer Jim Love will be one of the many speakers. Admission is free. Details and registration can be found here.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.