The Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. Here are a few of the headlines you might have missed this week.
Uber will pay $148 million to settle a nationwide investigation into a 2016 data breach, in which a hacker managed to gain access to information belonging to 57 million riders and drivers. The breach included names and driver’s license numbers for 600,000 drivers. The investigation, led by state attorneys general across the United States, focused on whether Uber had violated data breach notification laws by not informing consumers that their information had been compromised.
United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet | The Intercept
THE UNITED NATIONS accidentally published passwords, internal documents, and technical details about websites when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs. The mistakes made sensitive material available online to anyone with the proper link, rather than only to specific users who should have access. Affected data included credentials for a U.N. file server, the video conferencing system at the U.N.’s language school, and a web development environment for the U.N.’s Office for the Coordination of Humanitarian Affairs. Security researcher Kushagra Pathak discovered the accidental leak and notified the U.N. about what he found a little over a month ago. As of today, much of the material appears to have been taken down.
Chegg resets 40 million user passwords after breach | TechCrunch
In a filing with the Securities and Exchange Commission, the company said it will reset all user passwords after hackers gained access to the company’s customer database. That database includes users for Chegg’s website but also other products, such as citation service EasyBib, which it owns. The breach occurred in April, but was only discovered a week ago. Hackers stole usernames, email addresses, shipping addresses and hashed passwords, the company said, but doesn’t believe that financial data was taken.
Absentee ballots cast with biometric voting system in West Virginia | Biometric Update
U.S. military personnel and overseas voters registered in West Virginia have begun casting absentee ballots for the upcoming November 6 elections through biometric voting app Voatz, WV MetroNews reports. Absentee ballots can be cast online through Voatz in 24 of the state’s 55 counties. The remaining 31 chose not to implement the online system, which authenticates voter identity with facial recognition and fingerprint scans, and protects vote integrity with blockchain technology.
Another European data protection agency has reported a sharp rise in the numbers of complaints since the EU updated its privacy framework four months ago, when GDPR came into force, updating regional data protection rules and introducing much higher penalties for privacy violations. France’s CNIL agency said today that it’s received 3,767 complaints since May 25, when GDPR came into force, up from 2,294 complaints over the same period last year — which it notes was already a record year.