Tag Archive for Law suit

| August 13, 2021
Comments Off on How To Make Zoom Pay

How To Make Zoom Pay

How To Make Zoom PayWho can forget the early days of the COVID-19 pandemic lockdowns and the phenomenon of Zoomboming? Many people cannot forget and they responded with lawsuits. The suits claimed that Zoom (ZM) enabled Zoombombing and was sharing personally identifiable information (PII) without proper notice.

Zoombombing

Zoom bombingTechCrunch defines Zoombombing as the disruption of Zoom calls by unapproved attendees. They would join a Zoom call and disrupt it by sharing offensive content. The content included using backgrounds to spread hateful messages, spouting slurs, anti-Semitism profanities, and pornography. Users of Zoom suffered these events during the first half of the COVID-19 lockdowns.

The frequency of Zoombombing prompted the FBI to issue a public warning about the cyber harassment. I wrote about the problems people were encountering with Zoom on the Bach Seat.  Zoom was slow to respond to these threats. But eventually, they put additional security in place to reduce the frequency of Zoombmombing.

Zoom shared users personal data

Zoom logo

Lawsuits in Florida and California accused the firm of sharing personal user data with third parties. Personal user data was sent to Facebook, Google, and LinkedInMotherboard reported that Zoom’s ‘Company Directory,’ feature was leaking leak personal information including email addresses and photos.

The Company Directory feature would automatically add other people to a user’s list of contacts if they sign up with an email address that shares the same domain. However, according to the report, multiple Zoom users say they signed up with personal email addresses, and Zoom pooled them together with thousands of other people as if they all worked for the same company. This exposed their personal information to unknown others.

Settlement

Zoom agreed to settle the court case

In May 2021 the U.S. District Court for the Northern District of California consolidated the many complaints into a single class-action suit. On 08/03/2021 Zoom agreed to settle the court case. It has proposed an $85 million settlement.

In the settlement, Zoom denied it violated any laws. They also questioned if users actually suffered injury or damages. The settlement would see customers receive a refund. Payment amounts are expected to average $34 or $35 for those who subscribed to Zoom’s paid version. Those who used the free version could get $11 or $12 based on estimates in court documents.

Zoom's annual revenue quadrupled during the pandemic to nearly $2.7 billion

Zoom collected approximately $1.3 billion in subscriptions from paid subscribers according to the documents. Zooms’ lawyers called the $85 million settlement reasonable given the litigation risks.  Zoom’s annual revenue quadrupled during the pandemic to nearly $2.7 billion. U.S. District Judge Lucy Koh in San Jose, CA is expected to finalize the settlement in October 2021.

CNet offers a FAQ on the Zoom settlement.

Can I get a payment from Zoom?

If you registered, used, opened, or downloaded the Zoom app for personal use (not through an enterprise or government account) between March 30, 2016, and July 30, 2021, you are potentially eligible for the refund from Zoom. This also includes people who signed up for Zoom’s free tier. 

How much money could I get?

ou could receive 15%If you are eligible based on the date ranges above and you paid for a Zoom account, you could receive 15% of the money paid to Zoom for your subscription during that time or $25 (whichever is greater). If you are eligible but had a free Zoom account, you can claim $15. However, these rates may change depending on how many people file a claim.

How do I claim my settlement money? 

If the settlement is approved at the October hearing, Zoom will provide available names, emails, addresses, and account numbers to the settlement administrator. Those that are eligible for a refund, will be notified by email or mailed postcard and asked to provide your name, mailing address, email, and claim number. If you’re not notified but think you are qualified, you can still file a claim by providing either an email associated with your Zoom account, a Zoom account number, or documentation showing that you were impacted. A new website (ZoomMeetingsClassAction.com) will have more information, but at the time of this writing was not yet live.

Is Zoom going to be safer?

As part of the settlement, Zoom also said it would continue to take new measures to prevent Zoombombing, such as alerting people when hosts or meeting participants use third-party apps in meetings. They will offer (rb- but not mandate) specialized training to employees on privacy and data handling.

rb-

Of course, you could also delete your zoom account. There is no way to use Zoom and not agree to their privacy terms. If you do use Zoom, you’re giving up a lot of your personal information. By deleting your Zoom account and no longer using the application, you’re stopping it from collecting your data. 

How do I delete my Zoom account?

  1. Sign in to your Zoom account.
  2. Go to the navigation menu at the top of the page.
  3. Click Account Management, and select Account Profile.
  4. Select Terminate My Account.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| December 30, 2015
Comments Off on Target Wish List Leaking Your Data

Target Wish List Leaking Your Data

Target Wish List Leaking Your DataThe holiday shopping season has not been merry for mega-mart Target. You would think the mega-retailer that leaked info on 110 million customers would learn how to keep their customers’ info secure but NOOOO. The anti-virus firm AVAST has discovered the Target (TGT) Wish List app is leaking your data, your personally identifiable information (PII).

Data leakThe Avast Blog says that if you created a Christmas wish list using the Target app it is leaking your data.  it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and email addresses.

Alarmingly, for a firm that has privacy issues, the Target app’s backend interface is not secured. This allowed the database to be accessed over the Internet. The author reports that the Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer. Also, the Target API does not require any authentication. The only thing you need to parse all the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file.

Leaking your data

while developers investigate

The JSON file that the AVAST researchers requested from Target’s API leaked lots of interesting data. The leaked data included: users’ names, email addresses, shipping addresses, phone numbers, the type of registries, and the items on the registries. The AVAST researchers did not store any PII, but they did aggregate data from 5,000 inputs for statistical analysis.

The AVAST researchers took the sample and looked at which some of the data they got. It included; brands, states the Target app users are from, and the most common names of people using Target’s app.

Leasked info

This appears to be a classic case of security by obfuscation. The app developers created the online API for data that is uploaded by Target. They also set up a separate API in tandem so that the retail chain could download and process the uploaded data – but without any security measures in place.

Target has reached a $39.4 million settlementIn a post on Ars Technica, a Target spokesperson said that it has suspended elements of the app while developers investigate. Hopefully, this should mean that the data-leaking has stopped while the backend has been disabled.

In other Target data breach news FierceITSecurity reports that Target has reached a $39.4 million settlement with banks and credit unions over claims they lost millions of dollars as a result of the massive 2013 data breach at the retailer. The massive data breach at Target exposed the credit and debit card numbers of 40 million customers to hackers and personal information on another 70 million.

The settlement, if accepted, will resolve class-action lawsuits by the banks and credit unions seeking reimbursement for fraudulent charges and issuing new cards. Of the $39.4 million, $20.25 million will be paid to banks and credit unions, and $19.11 million will be paid to reimburse MasterCard card issuers.

cautionary taleThis follows settlements that Target reached with Visa card issuers for $67 million and with customers for $10 million. Target estimated that the breach so far has cost it $290 million, with insurers picking up $90 million, according to a filing with the Securities and Exchange Commission last week. Target is not out of the woods yet. It still has to deal with shareholder lawsuits and a probe by the Federal Trade Commission and state attorneys general related to the data breach.

Fred Donovan at FierceITSecurity says Target is a cautionary tale for any enterprise. Despite handling billions of dollars in credit card transactions, the retailer did not have one person responsible for IT security at the time of the breach. While it had a network security system in place, it did not have IT security personnel skilled enough to recognize an alarm the system set off months before Target discovered the breach.

rb-

Cash is king, especially at Target.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 20, 2011
Comments Off on Tablet Notes

Tablet Notes

Tablet NotesiPad sold three million units in the first 80 days after its April 2010 release. Its current sales rate is about 4.5 million units per quarter, according to Bernstein Research. This sales rate is blowing past records. iPad is outselling iPhone and the DVD player, the most quickly adopted non-phone electronic product.

Apple iPad Will Fail in the Enterprise

Dell logothe Apple (AAPL) iPad would ultimately fail in the enterprise. That is what Andy Lark, Dell‘s (DELL) global head of marketing for large enterprises and public organizations told CIO Australia.

… longer term, open, capable and affordable will win, not closed, high price and proprietary [Apple has] done a really nice job, they’ve got a great product, but the challenge they’ve got is that already Android is outpacing them.

Apple is great if you’ve got a lot of money and live on an island. It’s not so great if you have to exist in a diverse, open, connected enterprise; simple things become quite complex.

Mr. Lark claimed Dell had taken an enterprise approach toward tablet PCs. This approach will ultimately give Dell an edge. Dell has a major stake in Microsoft Windows and the desktop PC market. “We’ve taken a very considered approach to tablets, given that the vast majority of our business isn’t in the consumer space,” he said.

The cost of Apple products was another deterrent to iPad deployments. Dell’s Lark claims that the economics on a fully loaded iPad did not add up. “An iPad with a keyboard, a mouse, and a case [means] you’ll be at $1500 or $1600; that’s double of what you’re paying,” he claimed. “That’s not feasible.

Despite the company’s history with Microsoft, it had embraced both Windows Phone 7 and Android operating systems “…Our strategy is multi-OS,” Lark said. “We will do Windows 7 coupled with Android Honeycomb, and we’re really excited. We think that giving people that choice is very important.

Outlook on the iPhone and iPad

Pst Mail an iPad appHelp has arrived for Apple (AAPL) iPhone and iPad owners who need access to their Microsoft (MSFT) Outlook e-mail. AppScout says users can check their email even when they don’t have an Internet connection.Pst Mail from Arrow Bit is an iPad app that provides offline access, potentially saving money on the user’s data plan. With the app, you can carry around a year’s worth of messages with you. Pst Mail can interact with the Mail app on your iPhone or iPad to reply to or forward messages. It can also open pst files created with any version of Microsoft Outlook.

AppScout says to find messages in large pst files, Pst Mail includes an advanced search feature. You can search by sender, recipient, subject text, message body, or even attachment name. You can also limit the search to a particular time frame. The developers offer a free lite version of the app in the iTunes Store, which has all the same features as the full version but is limited to the number of messages a user may open in each folder. The full version costs $9.99 in the iTunes app store.

GoToMyPC: iPad App

GoToMyPC Citrix (CTXS) has launched an Apple (AAPL) iPad version of GoToMyPC, a remote desktop application that lets you log in to your computer and control it on the go. Up until recently, you needed a PC to log in to a remote PC using the service. But the iPad app lets you do it anywhere you can get an internet connection on an iPad.

Mobilputing says GoToMyPC is hardly the first app of its type for the iPad. LogMein, TeamViewer, Parallels, and Splashtop all offer similar apps. But the GoToMyPC app has tight security features including 128-bit AES encryption, user authentication, and dual passwords, oriented for business.

Apple Sued Over Apps Giving Information to Advertisers

Apple is being sued over the collection and sharing of user data with outside companiesApple (AAPL) and Apple app developers have been sued over the collection and sharing of user data with outside companies (which I wrote about here). Two suits were filed in the Northern District of CA against the iPhone and iPad manufacturer. Apple is named in Lalo v. Apple, 10-5878.

Lalo seeks class action and claims that iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they’re used, and for how long. “Some apps are also selling additional information to ad networks, including users’ location, age, gender, income, ethnicity, sexual orientation, and political views,” reports Bloomberg’s BusinesWeek.

According to Wired the second suit, Freeman v. Apple seeks both monetary damages and a court order to stop the profiling by app makers being sued are Pandora and Dictionary.com, Toss It, Text4Plus, The Weather Channel, Talking Tom Cat, and Pimple Popper Lite.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,