Carnival Cruise Line hit with US$5 million fine over data breaches, an FBI warning to HR departments over deepfake videos, and more.
Welcome to Cyber Security Today. It’s Friday July 1st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Happy Canada Day to listeners. Thanks for taking the time to tune in on this holiday.
Carnival Cruise Line will have to pay a US$5 million fine as a result of data breaches involving the theft of personal information of passengers and employees. New York State’s financial regulator noted that Carnival companies suffered four cybersecurity events between 2019 and 2021, including two ransomware attacks. Among the problems: Carnival violated state financial services regulations by not implementing multifactor authentication to protect access to IT systems. It also failed to report the first of the four hacks and failed to adequately train staff about cybersecurity. Because Carnival companies sold insurance it had to follow state cybersecurity regulations. As part of the settlement with the state Carnival companies have to stop selling insurance in New York State. Separately, Carnival reached a US$1.2 million settlement with 46 states involving the 2019 data breach.
Book publisher Macmillan is trying to recover from what it describes as a security incident. According to Publishers Weekly, the incident started last Saturday at Macmillan’s U.S. division and the impact has spread to the British division. The company was forced for a time to stop processing, receiving, placing or shipping orders. As of Thursday, Macmillan’s U.S. web site was up.
The FBI is warning organizations to be careful handling digital job applications. It has seen an increase in complaints of crooks using deepfake video or audio, as well as stolen ID by people applying for remote work or work-at-home positions. In particular these impersonators are applying for jobs in IT, computer programming, database management and software development. Some sharp-eyed organizations who do live video job interviews have noticed clues from applicants using these tricks. These clues include un-coordinated lip movements of the on-screen applicant with the voice of the person speaking. Coughing and sneezing may also be out of sync. The pandemic has made it hard to have in-person interviews with people so many organizations do recruiting online. Trying to hire online for positions where an employee would never come into the office, such as for a remote or foreign office, also falls into this category. Organizations have to take security precautions with online interviews.
Norway’s National Security Authority has alleged a pro-Russian threat group has recently launched denial of service attacks against several large companies that offer what are called important services to the country’s residents. The sites have been knocked offline. Meanwhile Ukraine said it has suffered 796 cyber attacks since it was invaded by Russia on February 24th.
That’s it for now. But later today the Week in Review edition will be out. Guest David Shipley of Beauceron Security will join me to discuss whether regulators should force internet providers to block botnets and more.
Links to details about stories mentioned in my podcasts are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon