Tag Archive for GDPR

| January 5, 2019
Comments Off on Marriott Data Breach One Of Biggest Ever

Marriott Data Breach One Of Biggest Ever

Updated July 17, 2019 – The Brits slapped Marriott with a £99m ($124m) fine for “infringements of the GDPR.” The Information Commissioner’s Office said that Marriott failed to undertake sufficient due diligence when it bought Starwood, and should also have done more to secure its systems prior to the data breach.

___

Marriott Data Breach One Of Biggest EverThe internet is a dangerous place for data. Hotel chain Marriott (MAR) proved that once again. Marriott revealed that hackers stole personal information from 500 million Starwood Preferred Guest program participants. The data stolen in the data breach included sensitive personally identifiable information (PII).

Marriott

Marriott said it got an alert on September 8, 2018, about an attempt to access the Starwood database and enlisted security experts to assess the situation. During the investigation, Marriott claims to have discovered that the unauthorized access to the Starwood network started in 2014.

Investigators found that an unauthorized party had copied and encrypted information from the database and had taken steps toward removing it. The company was able to decrypt the information on November 19, 2018, and found that the contents were from the Starwood guest reservation database. The hotel chain then waited until November 30, 2018, to tell its customers of the data theft.

What was lost on the data breach

personally identifiable informationFor about 327 million Marriott customers, the compromised information includes some combination of name, address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Marriott added that the data breach included payment card information. About 170 million impacted Marriott customers only had their names and basic information like address or email address stolen.

Marriott says that about 20.3 million encrypted passport numbers and approximately 8.6 million encrypted payment cards were compromised in the breach.

Chinese hackers Several sources report that state-sponsored Chinese hackers working for the intelligence services and the military were behind the attack. The stolen data would be an espionage bonanza for government hackers. Sources point out that the Starwood attacks began in 2014, shortly after the attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

Sadly, the 500 million records Marriott hack only ranks as the third-largest known data breach to date. This list of fails illustrates, no matter what you’re doing online every time you put your information on the internet, you risk it being stolen.

RankCompanyAccounts HackedDate of Hack
1Yahoo3 BillionAugust 2013
2River City Media1.3 BillionMay 2017
3Aadhaar1.1 BillionJanuary 2018
4Marriott500 Million2014 - 2018
5Yahoo500 MillionLate 2014
6Adult Friend Finder412 MiltonOctober 2016
7MySpace360 MillionMay 2016
8Exactis340 MillionJune 2018
9Twitter330 MillionMay 2018
10Experian200 MillionMarch 2012
11Deep Root Analytics198 MillionJune 2017
12Adobe152 MillionOctober 2013
13Under Armor150 MillionFebruary 2018
14Equifax145.5 MillionJuly 2017
15Ebay145 MillionMay 2014
16Heartland Payment Systems134 MillionMay 2008`
17Alteryx123 MillionDecember 2017
18Nametests120 MillionJune 2018
19LinkedIn117 MillionJune 2012
20Target110 MillionNovember 2013
21Quora100 millionNovember 2018
22VK100 MillionDecember 2018
23Firebase100 MillionJune 2018

rb-

There is something else fishy here. Reports claim that the data was encrypted using AES-128 but not all the stolen data. Attackers were able to steal nearly 20 million passport numbers, and 8.6 million encrypted payment cards.

Marriott says that the attackers were able to gain access to 5.25 million unencrypted passport numbers and 2,000 unencrypted payment card numbers.

I’m sure that regulators (GDPR) and lawyers will ask why unencrypted sensitive info like passports and credit card numbers lying around waiting to be stolen?

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| October 16, 2018
Comments Off on Protect Yourself from Facebook

Protect Yourself from Facebook

Protect Yourself from FacebookJust in case you have been sleeping under a rock the past couple of weeks, social media giant Facebook (FB) was hacked again. In a presser on 10/12/2018, the social networker admitted that nearly 30 million Facebook users were hacked. This is on top of the 50 million user accounts that Mark Zuckerberg’s company allowed Cambridge Analytics to steal.

Facebook did not apologize for exposing its users’ informationDuring the presser, Facebook did not apologize for exposing its users’ information but noted that it was cooperating with the FBI, the US Federal Trade Commission, the Irish Data Protection Commission, and other authorities on the data breach.

The attack involved the capture of Facebook “access tokens,” or digital keys that allow websites to recognize who someone is and keep them logged in. Using accounts they already controlled, the attackers used an “automated technique” to exploit Facebook’s “View As” functionality and steal access tokens for some 400,000 people. Hackers then used friend lists from those 400,000 accounts to obtain access tokens for another 30 million people (Here’s how to find out if you were hacked). Facebook tracked this hack to a change it made to its video uploading feature over a year ago in July 2017, and how that change affected View As.

Facebook confirmed on Friday that the hack compromised the personal and contact information of 30 million users. The compromised personal data includes:

  • Information sharingName
  • Phone number
  • Email address
  • Username,
  • Gender,
  • Locale/language,
  • Relationship status,
  • Religion,
  • Hometown,
  • Self-reported current city,
  • Birthdate,
  • Device types used to access Facebook,
  • Education,
  • Work,
  • The last 10 places they checked into or were tagged in,
  • Website,
  • People or Pages they follow and,
  • The 15 most recent searches.

rb-

Mozilla Firefox web browserI have been warning about the dangers of Facebook since 2011. I use the Facebook Container extension for Firefox to helps prevent Facebook from tracking me around the web. The Facebook Container is an extension to the Desktop Firefox 57 and higher (it does not work on Firefox for mobile).

The Facebook Container is a tool to limit what data others can obtain from you. It works by isolating your Facebook identity into a separate container that makes it harder for Facebook to track your visits to other websites with third-party cookies.

When you install the extension it deletes the Facebook cookies on the computer and logs you out of Facebook. The next time you navigate to Facebook it will load in a new blue-colored browser tab (the “Container”).

Facebook containerYou can log in and use Facebook normally when in the Facebook Container. If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container.

Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from.

Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity.

Facebook Share buttons passes information to Facebook about the website that you shared fromIn addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected.

It is important to know that this extension doesn’t prevent Facebook from mishandling the data that it already has, or permitted others to obtain, about you. Facebook still will have access to everything that you do while you are on facebook.com, including your Facebook comments, photo uploads, likes, any data you share with Facebook connected apps, etc.

It is important to remember that other ad networks will try to correlate your Facebook activities with your regular browsing.

In addition to using the Facebook Container extension, you can further protect yourself from Facebook by changing your Facebook settings, using Private Browsing, enabling Tracking Protection, and blocking third-party cookies.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| August 9, 2018
Comments Off on The Truth About Cyber Security Jobs

The Truth About Cyber Security Jobs

The Truth About Cyber Security JobsSites like Monster and CSO.com are predicting a massive wave of new cyber security jobs. Some industry pundits claim there will be up to 3.5 million unfilled cybersecurity positions by 2021. Despite this euphoria. a recent survey by Computer Economics found that security staffing is declining despite security being a top priority for organizations.  The research firm’s annual IT Spending and Staffing Benchmarks study found that after two years of increases, IT security personnel have declined as a percentage of total IT staff.

Cyber Security staff members declined

The Computer Economics report found that IT security staff members declined to 2.9% of the total IT staff in 2018. This is on par with the percentage in 2016, It is down slightly from 2017. Previously, the ratio was stable from 2013-2015 at 2.6%.

IT Security Staffing Ratios

Computer Economics – IT Security Staffing Ratios

A net 75% of organizations that responded to the survey are increasing their spending on security. However, the researchers found that increases in spending do not necessarily lead to headcount growth. Improved technology continues to allow IT staff to be more productive.

Technologies reduce IT security staff count

Major growth areas in IT security include using artificial intelligence (PDF) and machine learning to track anomalies before humans can detect them. Other technologies reducing the IT security staff are Software-defined networking, better awareness around application development to ensure better security from the start. The reduction of in-house infrastructure due to software as a service (SaaS) and the public cloud also contributes to staff numbers holding steady.

However, despite these trends, the need for increased and improved security may eventually lead to increases in security staffing, especially as cloud usage decreases the need for other types of in-house IT support personnel.

In the presser announcing their new report, David Wagner, vice president of research at Computer Economics said, I’d still expect to see slow and steady increases over the next few years, But it is unlikely we will see major jumps. Beyond the efficiency aspects, it is still difficult to find skilled IT security personnel. We’ve seen it before that when a job requires skills that are difficult to find, technology is quickly built to fill in the gaps.

In the face of these challenges, IT executives must ensure that their IT organizations have the proper skills to respond to the latest security threats. For instance, IT security experts are realizing that intrusion-prevention measures must be complemented by the ability to quickly detect an intrusion, stop it from spreading, and remediate it. Privacy must also be top of mind, in the wake of the European Union enacting the General Data Protection Regulation.

rb-

Based on these findings, it seems likely that the cybersecurity boom just went bust. For those who still want to try o change careers into cybersecurity, take a look at the Cybersecurity Supply/Demand Heat Map from CyberSeek. This tool could help you make some good decisions about how to crack the hiring game. According to CyberSeek data, there is an over 500% over-supply of CompTIA Security+ credential holders in metro Detroit. As one would expect, the CISSP credential has the most demand and has a shortage of holders.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| June 9, 2018
Comments Off on PC’s Meh

PC’s Meh

PC's MehWe are almost midway through 2018 Q2 and the 2018 Q1 PC sales numbers were meh. The good news is that IDC called the PC market flat. That’s good news because they had predicted a 1.5% decrease for the quarter. IDC reports worldwide 60.4 million PC’s sold in the January-to-March period driven mostly by businesses moving to Windows 10. 

PC market experienced a 14th consecutive quarter of declineGartner (IT) is less meh and more blah. Gartner saw slightly more PC’s shipped in 2018 Q1 at 61.7 million units for a 1.4% decline. The PC market experienced a 14th consecutive quarter of decline, dating back to the second quarter of 2012.

Gartner Principal Analyst Ms. Mikako Kitagawa affixed the blame primarily to the Chinese market. “The major contributor to the decline came from China, where unit shipments declined 5.7 percent year over year.” Ms.Kitagawa continued, “This was driven by China’s business market, where some state-owned and large enterprises postponed new purchases or upgrades, awaiting new policies and officials’ reassignments after the session of the National People’s Congress in early March.”

Dell logoThe top three Gartner vendors — DellHP, and Lenovo — accounted for 56.9% of global PC shipments in Q1 of 2018. Up slightly compared with 54.5% of shipments in Q1 of 2017. Dell experienced the strongest growth rate among the top six vendors worldwide, as its shipments increased 6.5%.

HP‘s (HPQ) worldwide PC shipments increased 2.8% in the first quarter of 2018 versus the same period last year. In EMEA, HP Inc. recorded double-digit growth in both desktop and mobile PCs. Gartner says HP Inc. was adversely affected by declining demand in the U.S., which generally accounts for one-third of its total shipments.  

Lenovo’s (LNVGY) global PC shipments remained flat in the first quarter of 2018. Lenovo achieved 6 percent growth in EMEA and double-digit shipment growth in Latin America. However, in Asia/Pacific (its largest market), PC shipments declined 4 percent.

After record holiday sales for consumer and gaming products in the fourth quarter of 2017, Dell continued to do well in the first quarter of 2018. With double-digit shipment increases in EMEA, North America, and Latin America, Dell grew in all regions except Asia/Pacific. Desktop and mobile PCs grew in equal measures, showing Dell’s strength in the business segment according to Gartner.

HP logoIn the U.S., PC shipments totaled 11.8 million units in the first quarter of 2018, a 2.9% decrease from the first quarter of 2017 according to Gartner. Dell moved into the No. 1 position in the U.S. based on shipments, as its market share increased to 29.1%. HP Inc. moved into second place as its shipments declined 4.8%, and its market share totaled 28.4%in the first quarter of 2018.

2018 Q1 - Gartner Global PC Shipments

Company2018 Q1 Shipments2018 Q1 Market Share (%)
Dell3,44029.1
HP Inc.3,36328.4
Lenovo1,63213.8
Apple1,49112.6
Acer Group3212.7
Others1,58613.4
Total11,833100.0
Notes: Data includes desk-based PCs, notebook PCs and ultramobile premiums (such as Microsoft Surface), but not Chromebooks or iPads. All data is estimated based on a preliminary study. Final estimates will be subject to change. The statistics are based on shipments selling into channels. Numbers may not add up to totals shown due to rounding.. Thousands of Units.Source: Gartner (April 2018)

PC shipments in EMEA totaled 18.6 million units in the first quarter of 2018, a 1.7% increase. driven by Enterprise shipments increased as many Windows 10 projects and the fast approach of the compliance deadline for the General Data Protection Regulation (GDPR) in Europe.

PC shipments in Asia/Pacific totaled 21.9 million units in the first quarter of 2018, a 3.9% decline from the first quarter of 2017. As previously mentioned, the PC market in China drove the decline in Asia/Pacific.

IDC says the U.S. market saw a promising opening quarter for the year with almost all major vendors reporting increases in notebook sales. Overall, total PC shipments for 2018 Q1 stood at 13.5 million units.

IDC reports that HP Inc. maintained a comfortable lead over all others in the market with its eighth consecutive quarter of overall growth (up 4.3% year on year) and growth in all regions except Latin America.

Lenovo saw a flat quarter in 2018 Q1, the third consecutive quarter in which the company saw year-on-year volume stabilize with flat global growth and a slower pace of decline in the U.S. Dell Inc. posted the strongest year-on-year growth out of all the major companies, growing 6.4% and buoyed by strong performances in nearly every region.

Acer (TPE:2353) held onto fourth place. Its ongoing expansion into gaming and continued investments in Chromebooks have paid dividends for the company but also caused some tough going in other areas. Apple (AAPL) finished the quarter in fifth place with a year-on-year decline in shipments of 4.8%.

2018 Q1 - IDC Global PC Shipments

Company2018 Q1 Shipments2018 Q1 Market Share (%)
HP Inc.13,67622.6
Lenovo12,30520.4
Dell Inc.10,19016.9
Acer Group4,0856.8
Apple4,0006.6
Others16,12826.7
Total60,383100.0
Preliminary results. Shipments are in thousands of units. Source: IDC Quarterly Personal Computing Device Tracker, April 11, 2018

rb-

PC’s used to be a leading indicator of the health of the tech sector. That is not the case anymore. Economic stress has lengthened the life span of PCs from 3 years to nearly 5 years in many firms and even longer in the home market. Increased smartphones capability and cloud-based applications and storage have taken another bite out of the PC market.

But looking into the tea leaves, many think PCs are on the rebound. Driving the PC market is a demand for premium notebooks in the mainstream and commercial markets. Gaming systems are also part of the equation. IDC expects overall smartphone shipments to decline by 0.2% in 2018 after falling 0.3% last year, the thought is that those dollars would be used to upgrade their PCs.

Mmmm – we’ll see. I say not likely. Can you say “new normal?”

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,