NEWS THIS WEEK: Republican contractor exposes voter records; California seeks stiffer data privacy law; Florida schools hacked

By Byron V. Acohido

In the news this past week, Girl Scouts can start earning cybersecurity badges next year, thanks to an effort by the Girl Scouts of America and cybersecurity firm Palo Alto Networks. “We surveyed a lot of girls,” Girl Scouts CEO Sylvia Acevedo said. “In those evaluations, girls repeatedly said they wanted more computer science, and they were really interested in cybersecurity in terms of protecting themselves online. Bullying is a big issue. Also figuring out hackathons, they wanted to do that as well.” The badges will be available in fall 2018. There will be 18 unique badges, for Scouts from the Daisy level (who can be as young as 5 years old) all the way up to Ambassadors (18 years old). The suite of cybersecurity badges are intended to teach girls how to stay safe online and to encourage them to take jobs in the cybersecurity industry, where women are underrepresented. The Girl Scouts have been rolling out new badges for a number of STEM fields in response to high demand from girls in the program. Source: Gizmodo

Data breach losses on the decline worldwide, but not in the U.S.

Financial losses from data breaches may be starting to drop: The average cost of a data breach worldwide is now $3.62 million, down 10 percent from last year, according to a study from IBM Security and the Ponemon Institute. This marks the first decline measured since the global study was instituted. Data breaches cost companies an average of $141 per lost or stolen record, the report found. In the United States, the average cost of a breach increased 5 percent this year, to $7.35 million. Source: Tech Republic

Contractor for Republicans exposed 200 million voters’ information

Data analytics contractor Deep Root Analytics, which was employed by the Republican National Committee, left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password. The databases were part of 25 terabytes of files in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of security firm UpGuard. Source: The Hill

Democrats didn’t seek help from Homeland Security in election hack

Former Homeland Security Secretary Jeh Johnson said the Democratic National Committee “did not feel it needed” the assistance of the Department of Homeland Security following last year’s election hack, which U.S. officials have since attributed to Russia. Johnson’s testimony is part of the House Intelligence panel’s investigation into Russian meddling in the presidential election, which is looking into possible collusion between Moscow and the Trump campaign. Source: Politico

California law would make internet service providers ask before selling customer data

A proposed law in California would require internet service providers to obtain customers’ permission before they use, share or sell the customers’ web browsing history. The California Broadband Internet Privacy Act is very similar to an Obama-era privacy rule that was scheduled to take effect across the nation until President Trump and the Republican-controlled Congress eliminated it. Source: Ars Technica

CIA hacking routers to use them to listen to others, WikiLeaks says

Leaked CIA documents revealed the agency has been hacking people’s Wi-Fi routers and using them as covert listening points. Infected routers are used to spy on the activity of internet-connected devices, according to decade-old secret documents leaked by WikiLeaks. Home routers from 10 U.S. manufacturers, including Linksys, DLink, and Belkin, have been used by the CIA to monitor internet traffic. Source: The Daily Mail

Hospital patients’ records found abandoned on a back road

Saint Thomas Rutherford Hospital in Murfreesboro, Tenn., has notified more than 2,800 patients of a health information breach. An investigation revealed hospital documents, which did not contain Social Security numbers or patient medical records, were found along a rural road in DeKalb County. The documents contained the patient’s name, date of birth, admitting diagnosis, account number and doctor’s name. Source: WKRN, Nashville

Minnesota database published in apparent protest

A Minnesota state government database was stolen and published online in an apparent protest of the acquittal of St. Anthony officer Jeronimo Yanez for fatally shooting motorist Philando Castile last summer. The news of the attack was first reported by Motherboard, which was contacted by the hacker. The state IT agency confirmed the attack. Source:

Walmart says rumors of hack are just rumors, not true

Walmart says its company’s system has not been hacked, despite rumors on social media. Posts going around Facebook urged people to not use debit or credit cards at Walmart, claiming the store’s system had been hacked. Walmart found nothing to indicate systems were compromised. Source: WFLA, Tampa

Florida school districts hit by malware attacks

International hackers slipped into the computer systems of at least four Florida school district networks in hopes of stealing the personal data of hundreds of thousands of students. They infected the systems with malware that turned off the logs recording who accessed the systems. For three months, the hackers probed the systems, mapping them out and testing their defenses. At one point, they posted photos of someone dressed as an ISIS fighter on two school district websites. Source: Miami Herald


This article originally appeared on

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone