Between data breaches and updates to social media network policies and new legislation, plenty has been happening in the wild world of cybersecurity over the past couple of months. 2017 has barely gotten started, and already we have seen plenty happening on the cybersecurity front. It’s hard to keep track of everything that’s happening, so to help you out, we’ve rounded up a handful of important cybersecurity news stories you should know about (and what they mean for you).
Arby’s and InterContinental Hotels Group report data breaches
It wouldn’t be a post about cybersecurity without mention of at least one data breach, and this time we’ve got two to talk about. Both Arby’s and InterContinental Hotels Group (IHG) recently acknowledged that they had experienced (separate) payment card breaches. Although some consumers may be feeling a little burnt out on data breach notifications, it’s important to remember that each instance of a breach is something new, and therefore customers of the retailers and companies reporting them should be on alert.
Exact details on the Arby’s breach have yet to be released, as the fast food chain only publicly acknowledged it had been compromised after cybersecurity expert Brian Krebs reached out for comment, as reported on Jan. 9. According to Krebs, a non-public alert was made by PSCU, a credit monitoring organization that serves hundreds of credit unions around the country, which indicated that more than 355,000 credit and debit cards issued by PCSU member banks had been compromised in a data breach with a fast food restaurant it believed to be Arby’s during an estimated time period of Oct. 25, 2016 to Jan. 19, 2017. The restaurant chain itself has acknowledged that it investigated after receiving information regarding a possible breach in mid-January, taking measures to contain and eradicate the malware responsible for the security breach. Concerned customers should be aware that only corporate-owned restaurants are said to have been impacted, though as of yet there is no information on exactly which of the more than 1,000 locations were included.
More concrete information is available regarding the security breach within at least 12 locations owned by InterContinental Hospitality Group. A press release issued by the parent company of numerous hotel chains, including Holiday Inn and Crowne Plaza Hotels & Resorts, acknowledged that payment cards used at hotel bars and restaurants at the affected locations between August and December 2016 had been compromised. Payment cards used at the front desk of the same hotels were not compromised, though there is an ongoing investigation into other properties owned by IHG at this time. Concerned guests can consult a list of the affected locations as well as the time frame for the suspected breach on IHG’s website. The company also said it will be notifying all guests who were potentially affected.
As is the case with other data breaches similar to these that we’ve covered, the most important things consumers can do include keeping an eye on their bank and credit card statements for unusual activity (especially if they’ve visited any of the affected locations at any point in the past year) and checking their credit reports to ensure their identity hasn’t been compromised. To learn more about identity theft protection, follow our blog on the topic.
Twitter tests out new tools to help crack down on harassment
Although most of the popular social media sites and apps have their problems with harassment and cyberbullying, Twitter has earned a reputation as a haven for online bullies and abuse. To combat this, Twitter recently announced a slew of new tools and features that it hopes will crack down on instances of cyberbullying on its site. These features include the automatic collapsing of potentially abusive or “low-quality” tweets in conversations (“low-quality” was defined by Twitter’s VP of Engineering, Ed Ho, as duplicate messages and automated content), the introduction of a “safe search” function and a new reporting tool that is designed specifically for those who are experiencing targeted harassment. The “safe search” feature is intended to prevent abusive tweets as well as tweets from anyone a user has blocked or muted from showing up in a search; it’s important to note that the tweets can still be seen if a user goes looking for them. In addition to these new site functions, Twitter staffers are also working behind the scenes to prevent serial abusers from being able to create new accounts.
Twitter has often been criticized for its free speech policies also making it the perfect target for trolls, cyberstalkers and other types of cyberbullies, so it’s definitely good to see steps being taken to try and reverse that reputation. It’s important for users to be vigilant about reporting harassment and abuse when it happens, using the tools provided by Twitter and other social media sites to bring administrators awareness of negative situations with other users. Parents should keep an open dialogue with their children about safe, responsible social media use and look out for signs of cyberbullying, especially as most teens have reported experiencing it in recent years and sites like Twitter often don’t do as well as they should at preventing this type of harassment.
Email Privacy Act is back for a second attempt at becoming a law
One of the problems with how quickly technology evolves is that the law often struggles to catch up. This is evident in the case of the Email Privacy Act, a bill is designed to close a loophole in the 1986 Electronic Communications Privacy Act. Although the bill passed through the U.S. House of Representatives last April, it stalled in the Senate. Now, after another year and some modifications, the bill has once again been passed by the House, in a stunning unanimous 419-0 vote that shows a level of bipartisanship practically unheard of these days. The Email Privacy Act requires law enforcement to obtain a warrant before forcing technological companies to hand over a customer’s email or other electronic communications, no matter how old they are. This closes a loophole in the older act which allows the use of a subpoena to obtain emails older than 180 days — something that was clearly written and intended for a technological reality quite different from the one we live in today. This bill was pushed back for quite a few years due to multiple law enforcement agencies trying to argue for provisions, as well as some cybersecurity proponents fighting against elements they didn’t like — and unfortunately, due to recent events, it may be at risk of stalling in the Senate once again.
Privacy is harder and harder to come by, and it’s important that our laws change to reflect the daily needs of the society they protect. Just last year, we saw how sticky things can get when it comes to law enforcement and technology, as Apple went head-to-head against the FBI over an encrypted iPhone. It is unlikely that this will be the last instance like this that we’ll see, and no doubt more legislation will be introduced in the coming months and years aimed to change our privacy and security standards with regard to the Internet and technology. The best weapon consumers can have is information, which is why it’s so important to stay up to date and educated on what’s happening with your privacy, as well as how you can protect yourself.