|
Cyber Daily: Social-Media Data Leaks Draw Scrutiny From European Regulators
|
|
|
|
|
|
Welcome to a new week. Facebook, Clubhouse and LinkedIn say recent data leaks involved information from public user profiles, not from security breaches. In Europe, however, that distinction might not relieve them of responsibility, WSJ Pro's Catherine Stupp reports.
Also today: How President Biden's sanctions on Russia break a mold and how Russia responded; chicken producer OK Foods discloses phishing incident; digital intrusion at Codecov under investigation; Medtronic moves to protect pacemakers; and more.
Follow us on Twitter: @WSJCyber.
|
|
|
|
|
Audio-only social network Clubhouse said only public profile information had been posted online in a recent incident. PHOTO: PATRICK VAN KATWIJK/ZUMA PRESS
|
|
|
Public or private, data must be protected, European authorities say. Facebook, Clubhouse and LinkedIn say recent data leaks involved information from public user profiles, not from security breaches. In the European Union, where privacy laws require businesses to protect even publicly available personal data, that distinction might not relieve them of responsibility.
The Irish data protection commissioner opened an investigation into Facebook’s data leak, in which information about 533 million users was posted online. The Italian privacy authority has started a probe of a LinkedIn leak, in which data about members was put up for sale. Information about 1.3 million Clubhouse users was posted online, according to media reports; the data protection regulator in Hamburg said it sent questions to Clubhouse in February asking for details about how it protects user data.
Read the full story.
|
|
|
More Cyber and Privacy News
|
|
|
|
The Austin, Texas, headquarters of SolarWinds Corp., whose software was exploited by Russia to break into scores of computer networks at government agencies and companies. PHOTO: SUZANNE CORDEIRO/AGENCE FRANCE-PRESSE/GETTY IMAGES
|
|
|
Breaking the mold: President Biden’s decision to punish Russia for the SolarWinds hack broke with years of U.S. foreign policy that has tolerated cyber espionage as an acceptable form of 21st century spycraft, analysts and former officials said. The administration also highlighted what it said was Russia’s yearslong meddling in U.S. elections. (WSJ)
👉 Both the Obama and Trump administrations sought to forge international agreement that cyberattacks that stole intellectual property, damaged computer systems or interfered in elections were out of bounds—while generally accepting espionage as fair play.
👉 Some U.S. officials advised the Biden administration not to justify sanctions specifically on the SolarWinds operation, as that move could open up the U.S. to foreign censure for its own activities, said people familiar with the situation.
|
|
Related: Russia to expel 10 U.S. diplomats from embassy in Moscow. The move is a response to U.S. measures against Moscow over alleged election interference, cyberattacks and other damaging actions. (WSJ)
|
|
|
-
President Biden's executive order also sanctioned 28 cryptocurrency addresses said to be linked to Russian actors. (Bleeping Computer)
|
|
Phishing at chicken company: Some 34,654 customers and other individuals associated with poultry producer OK Foods Inc. are learning that their personal data, including Social Security numbers, were exposed about a year ago. An employee's email account was compromised in a phishing scheme, leading to unauthorized access to internal systems between April 22 and April 30, 2020, according to the Fort Smith, Ark.-based company, which is owned by Industrias Bachoco in Celaya, Mexico. The breach was discovered March 18.
|
|
Suspicious activity: Federal officials are investigating an intrusion at Codecov LLC, which makes tools for testing code. The company said a customer reported something amiss about a Codecov tool in January. Codecov has 29,000 customers. (Reuters)
|
|
|
|
|
Medtronic moves to protect pacemakers. Medical device maker Medtronic PLC said it is working with Israeli cyber firm Sternum to improve the security of remote systems used to update pacemakers. (TechCrunch)
|
|
|
|
|
|
|
|
|