The following are some of the cybersecurity related stories we are tracking. More and more we see governments considering doing more to protect privacy, or at least to attempt to protect it. Seems the demands of people all over the world may cause more action.
Scoop: The White House looks to coordinate online privacy plan
With GDPR being rolled out in European Union, nations are under pressure to follow suit. The US has tough data breach laws but poor data breach notification laws because they are a state subject. Now the Trump administration is planning a federal approach to data privacy, led by Trump’s special assistant for tech Gail Slater. The new policy is sure to pick up some data breach notification rules from the GDPR. Source: Axios.
Verizon and AT&T will stop selling your phone’s location to data brokers
Some positive news for the US citizens whose real-time phone location data was being sold by US wireless carriers. After a leak of real-time phone location data from American telecom companies, Senator Ron Wyden (D-Ore.) recently urged all four major carriers to stop the practice, and today he published responses he received from Verizon, AT&T, T-Mobile USA, and Sprint. According to the response from Verizon and AT&T, they will stop selling US citizens real-time phone location data to marketers. Read more on Ars Technica.
D-Day for Data Breach Preparedness
After GDPR, the next country to have tough data breach notification laws is Canada. The new data breach notification law will come into effect from November 1, 2018. George S. Takach explains how companies having business interests in Canada should prepare themselves for the upcoming data breach notification law on Lexpert.
Elon Musk emails employees about ‘extensive and damaging sabotage’ by an employee
Tesla CEO Elon Musk has alleged that some unknown employee was sabotaging the company. In an email sent to all employees on Monday morning about a factory fire Musk clearly referenced possible sabotage. Later Musk then sent another email to all employees alleging that he has discovered a saboteur who had done “quite extensive and damaging sabotage” to the company’s operations, including by changing the code of an internal product and exporting data to outsiders. Source: CNBC.
Google to Fix Location Data Leak in Google Home, Chromecast
After Craig Young, a researcher with security firm Tripwire discovered an authentication weakness that leaked accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, Google has assured users that it will fix the flaw within a couple of weeks. Young reported that any website could run a simple script in the background and collect precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Read about the Google Home and Chromecast vulnerability on Krebs on Security.