A Review of the Best News of the Week on Identity Management & Web Fraud

Workers Push Back as Companies Gather Fingerprints and Retina Scans (WSJ, Mar 28 2019)
Employees are challenging the increased use of fingerprint and facial scans by companies for security purposes and personnel management.

Is your e-commerce site being used to test stolen card data? (Naked Security – Sophos, Mar 28 2019)
If you’re running Magento you should be on the look out for hackers testing stolen card data – it could get your PayPal account suspended.

On the Trail of the Robocall King (Wired, Mar 25 2019)
An investigator set out to discover the source of one scammy robocall. Turns out, his target made them by the millions.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.


Facebook Succeeded In Killing Cybersecurity Like It Did Privacy (Forbes, Mar 23 2019)
One of Facebook’s most notable successes over the past decade and a half is the way in which it has so completely upended how we see privacy, teaching an entire planet that privacy is an outdated concept of no relevance to our modern age.

A Glass Ceiling? Not in Privacy (Dark Reading, Mar 25 2019)
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.

The fallout from FEMA’s massive compromise is just beginning (The Washington Post, Mar 26 2019)
The Senate Homeland Security Committee has requested a briefing from FEMA officials on the data loss, which included banking information of about 1.8 million victims…

Mastercard Wades Into Murky Waters With Its New Digital ID (Wired, Mar 26 2019)
The credit card company has more details about its plan for a decentralized, universal digital ID, but questions remain.

Scammer pleads guilty to fleecing Facebook and Google of $121m (Naked Security – Sophos, Mar 22 2019)
Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?

Utah Just Became a Leader in Digital Privacy (Wired, Mar 22 2019)
Opinion: Utah legislators recently voted to pass landmark legislation in support of a new privacy law. Statehouses across the country should take notes.

Hedge fund manager sentenced to 60 months security fraud, hacking scheme (SC Magazine, Mar 22 2019)
A hedge fund manager convicted of conspiracy to commit securities fraud and computer intrusion, among other, crimes was sentenced in U.S. District Court to 60 months in prison Thursday. Vitaly Korchevsky, 53, was also ordered to pay a $14.4 million forfeiture and a $250,000 fine for his role in a scheme in which Ukrainian hackers…

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data (SC Magazine, Mar 22 2019)
The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents.

New Jersey bill would broaden PII requiring breach notification (SC Magazine, Mar 22 2019)
If signed into law, a bipartisan bill sent by New Jersey legislators to Gov. Phil Murphy would expand data breach notification in the state, requiring companies to alert citizens to breaches of a wider range of personal identifiable information (PII), including user names, passwords, email addresses and security questions.

Tesla suing self-driving startup Zoox and former employees for data theft (SC Magazine, Mar 21 2019)
Tesla is accusing self-driving car startup Zoox and former employees of stealing trade secrets. The automaker is suing the start-up and the bunch claiming the employees gave Zoox Tesla’s logistics info to Zoox, while another gave Tesla’s autopilot code to Xiaopeng Motors.

Cost of telecommunications fraud estimated at €29 billion a year (Help Net Security, Mar 22 2019)
This report highlights that telecom fraud is becoming a low-risk alternative to traditional financial crime. The reduced cost and increased availability of hacking equipment means this type of fraud is on the rise.

Privacy a Top Concern in ‘Biometric Exit’ (Infosecurity Magazine, Mar 25 2019)
US Customs and Border Patrol moves forward with implementing Biometric Exit plans. Intended to supplant the long-existing, time-consuming process of paper checking, the use of a cloud-based facial biometric matching service is touted as more secure and efficient.

Tech giants back bill that privacy advocates claim is toothless (Naked Security – Sophos, Mar 26 2019)
Washington state is on the road to passing a privacy bill that tech giants think is great and that the American Civil Liberties Union (ACLU) thinks is toothless. The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.

ID.me Issued First U.S. Patent for Real-Time, Online Identity Verification Technology (Id.me, Mar 27 2019)
Patent No. 10,142,338 entitled, “Systems And Methods For Online Third-party Authentication Of Credentials.” The patent covers unique technology in ID.me’s digital identity platform that authenticates identity and credential information online and securely transmits the authentication results to relying parties.

Proxy raises $13.6M to unlock anything with Bluetooth identity (TechCrunch, Mar 27 2019)
The startup lets you instantly unlock office doors and reserve meeting rooms using Bluetooth Low Energy signal. You never even have to pull out your phone or open an app.

Broadband providers told to explain how they handle consumer data (Naked Security – Sophos, Mar 28 2019)
The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.

Real ID can turn into REAL security issues (Gartner Blog Network, Mar 27 2019)
Why in the world does the MVA need to store these documents? They already have access to this information through connections with tax authorities and other government agencies.