Connect with us

Cyber Security

FTC Approves Settlement with Travel Company that Exposed Database of Customers’ Information

The agency ordered SkyMed International to shore up its information security practices.  Travel services company SkyMed International Inc. agreed to design, implement and maintain an information security plan that, among other things, at least includes encryption of sensitive data, annual employee training and access controls that require authentication, according to a final settlement the company met with […]

Published

on

The agency ordered SkyMed International to shore up its information security practices.

Travel services company SkyMed International Inc. agreed to design, implement and maintain an information security plan that, among other things, at least includes encryption of sensitive data, annual employee training and access controls that require authentication, according to a final settlement the company met with the Federal Trade Commission.

The company “failed to employ reasonable measures to secure the personal information it collected from people who had signed up for its travel emergency membership plan, and as a result, the company left unsecured a cloud database containing 130,000 membership records,” the FTC alleged, according to a press release Friday. “The unsecured database contained members’ personal information stored in plain text such as names, dates of birth, home addresses, health information, and membership account numbers.”

The FTC complaint describes a series of misrepresentations SkyMed made to consumers before and after a security researcher alerted the company to a cloud database of sensitive information, including health data, that anyone could easily access, alter, download or delete. It also said the company was unaware of the database.

“Before respondent received the security researcher’s notification, respondent had no idea that the publicly accessible cloud database even existed, let alone that it contained consumers’ personal information stored in plain text,” the complaint reads.

SkyMed, which requires members to share health information such as medical conditions, prescriptions and recent hospitalizations, marketed itself as secure. The FTC noted its display of a logo connoting compliance with the Health Insurance Portability and Accountability Act—which spells out reasonable information security practices—on every page of its website.

“Respondent signaled to consumers that a government agency or other third party had reviewed respondent’s information practices and determined that they met HIPAA’s requirements,” the complaint reads. “In reality, no government agency or other third party had reviewed respondent’s information practices for compliance with HIPAA, let alone determined that the practices met the requirements of HIPAA.”

The company admitted it shouldn’t have displayed the seal, and removed it in April 2019 after the security researcher’s outreach, according to the complaint.

The FTC said SkyMed also deceived its customers after it learned of the exposed database.

The security researcher had sent the company screenshots showing that personal information was exposed in plain text, and notified the company that the fields included the sensitive health information they had collected.

But in a May 2019 notice informing its current and former customers of the security incident, SkyMed emphasized in bold, that “there was no medical or payment-related information visible and no indication that the information has been misused.”

“Our investigation learned that some old data may have been exposed temporarily as we migrated data from an old system to a new system,” the notice read. “At this time, the exposed data has been removed and appears to be limited to only a portion of our information and was restricted to names, street and email addresses, phone and membership ID numbers.”

Under the settlement, SkyMed must now resend notices to consumers disclosing the extent of the breach. It must also have a third party conduct biennial assessments of its new comprehensive information security program and refrain from misrepresenting its security practices or endorsements in the future.

Now that the consent order is final, the FTC notes each instance of its violation may result in a civil penalty of up to $43,280.

Source: https://www.nextgov.com/cybersecurity/2021/02/ftc-approves-settlement-travel-company-exposed-database-customers-information/171905/

SkyMed, which requires members to share health information such as medical conditions, prescriptions and recent hospitalizations, marketed itself as secure. The FTC noted its display of a logo connoting compliance with the Health Insurance Portability and Accountability Act—which spells out reasonable information security practices—on every page of its website.

Source: https://newsworthy-news.com/2021/02/06/ftc-approves-settlement-with-travel-company-that-exposed-database-of-customers-information/

Cyber Security

Tether To Conduct An Audit To Negate Claims Concerning Transparency

The Tether general counsel has declared an official audit in few months. USDT is a popular stablecoin occupying the third position in global digital assets. Tether To Conduct An Audit To Negate Claims Concerning Transparency

Published

on

The Tether general counsel has declared an official audit in few months. USDT is a popular stablecoin occupying the third position in global digital assets. As it’s on blockchain that cybersecurity experts deem unhackable, the majority today trusts its security.

Related Reading | Cardano Aims To Facilitate Users With Smart Contracts

However, many people in the crypto community have been waiting for a financial audit of the stablecoin. Now, it seems that the ongoing regulatory issues in the crypto industry have galvanized the Tether team into action. As a result, they’re declaring that an audit will take place soon.

Tether Executives Grants Media Interview

Another rare incident is an interview in which the Tether CTO Paolo Arduino and Stu Hoegner, the general counsel, participated on CNBC.

During the interview, the hosts asked the duo some questions about USDT’s transparency and backing. In response, the general counsel stated that the team is working to be the first in their sector to get financial audits.

Tether To Conduct An Audit In Upcoming Months To Negate Claims Concerning Transparency

The crypto market has just turned bullish as the USDT trades in the green zone | Source: USDTUSD on TradingView.com

He also mentioned that the audits would come in months and not years. As for backing, he stated that the stablecoin is backed with reserves.

But Hoegner mentioned that some of the reserves are not US dollars. But the reserves are more US dollars plus other cash equivalents, secured loans, crypto assets, bonds, and others.

Related Reading | Anthony Di Lorio To Leave Cryptocurrency Space For Philanthropic Initiatives

However, in the Transparency report which Tether published, the market cap for USDT stands at $62 billion. Even though the number has increased by 195% since 2021 started, it is still behind competitors such as BUSD and USDC.

When Circle released a reserve report yesterday, July 21, it showed that 61% of the USDC reserves are cash & cash equivalent. The remaining 39% are in treasuries, bonds, and commercial paper accounts.

Taxes Decides To Attack

Paxos is a rival to Tether and recently attacked the stablecoin and Circle through its blog post on July 21, 2021. In the post, Paxos claims that the duo is not operating under financial regulators. In his words, both USDC and Tether are simply Stablecoins in name only.

Paxos disclosed that its stablecoin reserves are a combination of cash or cash equivalents to support its claims.

Related Reading | Ether EFT Gets Approval From Brazilian Securities Regulator

But in May, Tether disclosed the total backing that USDT has, which were cash 3.87%, fiduciary deposits 24.20%, treasury bills 2.94%, cash equivalents, commercial papers, which make up 65.39% plus others. This action was because the US lawmakers are closely scrutinizing its operations.

Also, Tether started submitting reports about its reserves after it reached a settlement agreement with the NY Attorney General’s Office 5 months ago. The firm has continued to send these reports since then.

Featured image from Pexels, chart from TradingView.com

Another rare incident is an interview in which the Tether CTO Paolo Arduino and Stu Hoegner, the general counsel, participated on CNBC.

Source: https://www.bitcoininsider.org/article/121153/tether-conduct-audit-negate-claims-concerning-transparency

Continue Reading

Cyber Security

S Korea, US to form working group on cybersecurity – ET CISO

South Korea said on Friday it will launch a working group on cybersecurity with the United States in order to reinforce cooperation against hacking at..

Published

on

Seoul, South Korea said on Friday it will launch a working group on cybersecurity with the United States in order to reinforce cooperation against hacking attacks.

It is a measure to follow up on a recent summit agreement between the leaders of the allies — Presidents Moon Jae-in and Joe Biden — to bolster the partnership in countering global cyber threats.

“The government plans to strengthen the cooperative system with the U.S. by launching the cyber working group to involve relevant authorities,” Cheong Wa Dae said.

The presidential office was briefing on the results of a high-level interagency meeting to check on the nation’s cybersecurity posture.

The regular session was chaired by Suh Hoon, director of national security at Cheong Wa Dae, with vice ministerial officials of 16 government offices in attendance. They include the National Intelligence Service (NIS), the Ministry of Science and ICT and the Defense Acquisition Program Administration, reports Yonhap news agency.

The NIS said it plans to consolidate and unify the cyber attack alert systems of the military and the civilian and public sectors.

Suh cited constant reports of ransomware attacks at home and abroad and called for a thorough response.

“Amid deepening dependence on cyberspace due to COVID-19, in particular, all government agencies need to check and preemptively respond to cyber threats by unspecified forces,” Suh stressed, according to Cheong Wa Dae.

Follow and connect with us on Twitter, Facebook

Source: https://ciso.economictimes.indiatimes.com/news/s-korea-us-to-form-working-group-on-cybersecurity/84493098

Continue Reading

Cyber Security

Biden’s Executive Order Strengthens Government’s Cybersecurity Practices

The Legal Intelligencer provides breaking news, analysis and trends with special emphasis on mass torts and pharmaceutical litigation for lawyers and legal pros in the Pennsylvania market

Published

on

On May 12, President Joseph Biden signed the executive order on improving the nation’s cybersecurity (the order) in the wake of cybersecurity incidents affecting SolarWinds Corp., on-premises Microsoft Exchange Servers, Colonial Pipelines and JBS. In the SolarWinds attack, Russian hackers exploited a routine software update to install malicious code, allowing the hackers to infiltrate nine federal agencies and about 100 companies. Microsoft Exchange’s server vulnerabilities are estimated to have affected about 60,000 organizations. The May 6, ransomware attack on Colonial Pipeline shut down the largest oil pipeline in the United States and disrupted supplies of gasoline and fuel to the East Coast. In June, JBS, America’s largest processor of beef, poultry, and pork, paid $11 million ransom in a cyberattack that affected one-fifth of the nation’s meat supply.

The order outlines several initiatives that will be rolled out on an aggressive timetable this year intended to enhance the federal government’s cybersecurity practices, particularly with respect to the software supply chain, and to contractually obligate government contractors to align with such enhanced security practices. The order directly impacts government contractors, including cloud service providers and software developers.

Source: https://www.law.com/thelegalintelligencer/2021/07/12/bidens-executive-order-strengthens-governments-cybersecurity-practices/

Continue Reading

Trending