A Review of the Best News of the Week on Identity Management & Web Fraud

DMVs Are Selling Your Data to Private Investigators (VICE, Sep 06 2019) You gave them your data in exchange for a driver’s license. DMVs are making tens of millions of dollars selling it, documents obtained by Motherboard show.

Google’s differential privacy library can now be used by anyone (Help Net Security, Sep 06 2019) Google has open-sourced a differential privacy library that helps power some of its core products. What it differential privacy? Differential privacy is a method for analyzing data contained in a database and providing helpful insight from it, without disclosing the actual information contained in the data to the analysts. It’s meant to keep sensitive information usable but thoroughly anonymized.

NY Payroll Company Vanishes With $35 Million (Krebs on Security, Sep 11 2019) “MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.”


One of My Favorite Things Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy. Thanks! – Lucas Samaras Share today’s post on TwitterFacebookLinkedIn


Toyota Subsidiary Suffers $37m BEC Loss (Infosecurity Magazine, Sep 10 2019) Car parts maker was tricked into wiring four billion yen

281 Alleged Email Scammers Arrested in Massive Global Sweep (Wired, Sep 10 2019) The most sweeping takedown yet of so-called BEC scammers involved arrests in nearly a dozen countries.

#GartnerSEC: Reuse Procedures From IAM in PAM Implementations (Infosecurity Magazine, Sep 11 2019) How reusing procedures for PAM in IAM implementation can save time and effort

Lufthansa Offers Biometric Boarding at Fourth US Airport (Infosecurity Magazine, Sep 09 2019) Biometric boarding is now available to Lufthansa’s JFK passengers

BigID raises $50M to help enterprises comply with global privacy regulation (Help Net Security, Sep 08 2019) Most enterprises do not know all the data they collect or where it’s stored, increasing their risk of privacy violations, regulatory action, security incidents, and customer backlash. Companies across the world are increasing their investment in data compliance, privacy, and governance. As a result, the data privacy market is estimated to reach $158 billion by 2024, according to Market Research Engine.

Google to pay $170 million for violating children’s privacy on YouTube (Help Net Security, Sep 05 2019) Google and its subsidiary YouTube will pay a record $170 million to settle allegations by the Federal Trade Commission (FTC) and the New York Attorney General that the YouTube video sharing service illegally collected personal information from children without their parents’ consent.

Man Pleads Guilty for Trying to Access Trump’s Tax Returns (SecurityWeek, Sep 09 2019) A Philadelphia man has pleaded guilty to trying to hack the IRS to obtain President Donald Trump’s tax returns. Andrew Harris pleaded guilty Thursday to two computer fraud counts in federal court. The 23-year-old faces up to two years in prison and $200,000 fine.

New Privacy Features in iOS 13 Let Users Limit Location Tracking (Dark Reading, Sep 10 2019) Apple will introduce other features that allow more secure use of iPhones in workplace settings as well.

Regulations are driving innovation toward an identity layer on the Internet (Help Net Security, Sep 11 2019) The scale of the identity problem was well demonstrated in a presentation given by Nat Sakimura of the OpenID Foundation at a recent identity-themed security event held in Tokyo. He described the virtual world as being the “8th Continent” populated by several countries such as the People’s Republic of WeChat, State of Apple Church, Republic of Google, and the GSMA Federation.

Fraudsters no longer operate in silos, they are attacking across industries and organizations (Help Net Security, Sep 11 2019) From January 2019 through June 2019, LexisNexis Risk Solutions recorded 16.4 billion transactions, of which 277 million were human-initiated attacks, a 13% increase over the second half of 2018.

More on Law Enforcement Backdoor Demands (Schneier on Security, Sep 11 2019) “The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the “going dark” debate. They have released their report: “Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn’t also backdoor communications systems”

The Fight Against Synthetic Identity Fraud (Dark Reading, Sep 12 2019) Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from “fake” ones.