3 Interesting Articles

A brief history of Data Privacy Day 

IAPP: Did you know that Data Privacy Day is on January 28th? This annual national recognition will mark its 14th year since it was established by Congress in 2009. It is “an international effort to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust.”  It’s a great time to remind your teams of why privacy is important. Click the link for ideas on how your organization can participate.

T-Mobile says data on 37 million customers stolen

AP News: Another hack for T-Mobile customers. The US wireless carrier reported that its network was breached by an intruder in late November and stole information on 37 million customers. Information included birthdays, addresses and phone numbers. While the malicious activity seems to be contained, the company has been hacked numerous times in recent years and raises serious concerns regarding their cyber governance. It is yet to be seen how the repeated failure will translate into damage to T-Mobile’s brand but one has to assume customers will grow tired of repeated data leaks.

Ransomware Profits Decline as Victims Dig In, Refuse to Pay 

Dark Reading: Ransomware profits are declining – research is showing that attackers extorted an estimated $456.8 million from victims in 2022, down from $765.6 million in 2021. As more organizations are becoming better prepared for cyber attacks, fewer need to pay ransoms. Organizations that have better data backup and quicker recovery capabilities are less likely to pay. In addition, the US government has imposed sanctions on cybercriminal groups operating out of other countries so not paying a ransom is the better option for larger enterprises. 

We’re adding a bonus link this week for:

TSA investigating how some no-fly list data was exposed on internet 

CNN: The Transportation Security Administration (TSA) is investigating a potential cybersecurity incident after a hacker discovered an old version of the agency’s no-fly-list of known or suspected terrorists. The information was sitting on the internet in an unsecured computer server hosted by CommuteAir, a regional airline based in Ohio. A statement by the airline states that the data accessed was “an outdated 2019 version of the federal no-fly list” that included names and birthdates. The hacker shared samples of the data and the list includes names of known or suspected terrorists, such as Viktor Bout, the Russian arms dealer who was recently involved in a prisoner exchange with WNBA star Brittney Griner. TSA is currently investigating these allegations and are working with federal partners.  

2 Stats You Should Know

More than 75% of targeted cybercrimes begin with a malicious email (source)

There are 156,054 people holding the CISSP certification worldwide (source)

1 More Thing 

A little laugh to end the week: