Dell Announces Security Breach

weekly cypherThe Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. Here are a few of the headlines you might have missed this week.

Dell Announces Security Breach | ZDNet

US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9. Dell says it detected an unauthorized intruder (or intruders) “attempting to extract Dell.com customer information” from its systems, such as customer names, email addresses, and hashed passwords. The company didn’t go into details about the complexity of the password hashing algorithm, but some of these –such as MD5– can be broken within seconds to reveal the plaintext password. “Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted,” Dell said today in a press release.

Secret Service trials facial recognition system around White House complex | Biometric Update

You’d think the entirety of the “White House Complex,” as it is known inside the “Beltway,” would certainly by now have a biometric facial recognition system in place. But apparently it doesn’t. So, the US Secret Service (USSS) in November began the process of testing deployment of a Facial Recognition Pilot (FRP) program utilizing the existing Crown Closed Circuit Television (CCTV) camera system at the White House grounds “in order to biometrically confirm the identity of volunteer USSS employees in public spaces around the complex,” and, “to test USSS’s ability to verify the identities of a test population of volunteer USSS employees.” That’s according to the November 26 Privacy Impact Assessment (PIA) issued by the USSS Office of Technical Development & Mission Support, and the Department of Homeland Security’s (DHS) Chief Privacy Officer.

Atrium Health data breach exposed 2.65 million patient records | ZDNet

Atrium Health has revealed a data breach which exposed information belonging to roughly 2.65 million patients. “One record accessed is one too many,” Atrium Health told us in relation to the breach, which was caused by the organization’s billing vendor, a third-party known as AccuDoc Solutions. Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances. In addition, roughly 700,000 Social Security numbers were exposed.

Google faces GDPR complaint over ‘deceptive’ location tracking | TechCrunch

A group of European consumer watchdogs has filed a privacy complaint against Google — arguing the company uses manipulative tactics in order to keep tracking web users’ locations for ad-targeting purposes. The consumer organizations are making the complaint under the EU’s new data protection framework, GDPR, which regulators can use to levy major fines for compliance breaches — of up to 4 percent of a company’s global annual turnover. Under GDPR, a consent-based legal basis for processing personal data (e.g. person’s location) must be specific, informed and freely given. In their complaint, the groups, which include Norway’s Consumer Council, argue that Google  does not have proper legal basis to track users through “Location History” and “Web & App Activity” — settings which are integrated into all Google accounts, and which, for users of Android-based smartphones, they assert are particularly difficult to avoid.

Companies ‘can sack workers for refusing to use fingerprint scanners | The Guardian

Businesses using fingerprint scanners to monitor their workforce can legally sack employees who refuse to hand over biometric information on privacy grounds, the Fair Work Commission has ruled. The ruling, which will be appealed, was made in the case of Jeremy Lee, a Queensland sawmill worker who refused to comply with a new fingerprint scanning policy introduced at his work in Imbil, north of the Sunshine Coast, late last year. Fingerprint scanning was used to monitor the clock-on and clock-off times of about 150 sawmill workers at two sites and was preferred to swipe cards because it prevented workers from fraudulently signing in on behalf of their colleagues to mask absences. The company, Superior Woods, had no privacy policy covering workers and failed to comply with a requirement to properly notify individuals about how and why their data was being collected and used. The biometric data was stored on servers located off-site, in space leased from a third party.