Published: January 27, 2023
By Annie articles
A brief history of Data Privacy Day
IAPP: Did you know that Data Privacy Day is on January 28th? This annual national recognition will mark its 14th year since it was established by Congress in 2009. It is “an international effort to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust.” It’s a great time to remind your teams of why privacy is important. Click the link for ideas on how your organization can participate.
T-Mobile says data on 37 million customers stolen
AP News: Another hack for T-Mobile customers. The US wireless carrier reported that its network was breached by an intruder in late November and stole information on 37 million customers. Information included birthdays, addresses and phone numbers. While the malicious activity seems to be contained, the company has been hacked numerous times in recent years and raises serious concerns regarding their cyber governance. It is yet to be seen how the repeated failure will translate into damage to T-Mobile’s brand but one has to assume customers will grow tired of repeated data leaks.
Ransomware Profits Decline as Victims Dig In, Refuse to Pay
Dark Reading: Ransomware profits are declining – research is showing that attackers extorted an estimated $456.8 million from victims in 2022, down from $765.6 million in 2021. As more organizations are becoming better prepared for cyber attacks, fewer need to pay ransoms. Organizations that have better data backup and quicker recovery capabilities are less likely to pay. In addition, the US government has imposed sanctions on cybercriminal groups operating out of other countries so not paying a ransom is the better option for larger enterprises.
We’re adding a bonus link this week for:
TSA investigating how some no-fly list data was exposed on internet
CNN: The Transportation Security Administration (TSA) is investigating a potential cybersecurity incident after a hacker discovered an old version of the agency’s no-fly-list of known or suspected terrorists. The information was sitting on the internet in an unsecured computer server hosted by CommuteAir, a regional airline based in Ohio. A statement by the airline states that the data accessed was “an outdated 2019 version of the federal no-fly list” that included names and birthdates. The hacker shared samples of the data and the list includes names of known or suspected terrorists, such as Viktor Bout, the Russian arms dealer who was recently involved in a prisoner exchange with WNBA star Brittney Griner. TSA is currently investigating these allegations and are working with federal partners.
More than 75% of targeted cybercrimes begin with a malicious email (source)
There are 156,054 people holding the CISSP certification worldwide (source)
A little laugh to end the week:
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.