efani Amazon NASDAQ: AMZN Dark Secret Failed to Protect Your Data

Amazon’s Dark Secret: It Has Failed to Protect Your Data

On September 26, 2018, a row of tech executives filed into a marble- and wood-paneled hearing room and sat down behind a row of tabletop microphones and tiny water bottles. They had all been called to testify before the US Senate Commerce Committee on a dry subject—the safekeeping and privacy of customer data—that had recently been making large numbers of people mad as hell.

Committee chair John Thune, of South Dakota, gaveled the hearing to order, then began listing events from the past year that had shown how an economy built on data can go luridly wrong. It had been 12 months since the news broke that an eminently preventable breach at the credit agency Equifax had claimed the names, social security numbers, and other sensitive credentials of more than 145 million Americans. And it had been six months since Facebook was engulfed in scandal over Cambridge Analytica, a political intelligence firm that had managed to harvest private information from up to 87 million Facebook users for a seemingly Bond-villainesque psychographic scheme to help put Donald Trump in the White House.

To prevent abuses like these, the European Union and the state of California had both passed sweeping new data privacy regulations. Now Congress, Thune said, was poised to write regulations of its own. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he declared. “The question is, what shape will that law take?” Sitting in front of the senator, ready to help answer that question, were representatives from two telecom firms, Apple, Google, Twitter, and Amazon.

Notably absent from the lineup was anyone from Facebook or Equifax, which had been grilled by Congress separately. So for the assembled execs, the hearing marked an opportunity to start lobbying for friendly regulations—and to assure Congress that, of course, their companies had the issue completely under control.

No executive at the hearing projected quite as much aloof confidence on this count as Andrew DeVore, the representative from Amazon, a company that rarely testifies before Congress. After the briefest of greetings, he began his opening remarks by quoting one of his company’s core maxims to the senators: “Amazon’s mission is to be Earth’s most customer-centric company.” It was a stock line, but it made the associate general counsel sound a bit like he was speaking as an emissary from a larger and more important planet.

DeVore, a former prosecutor with rugged features, made clear that what Amazon needed most from lawmakers was minimal interference. Consumer trust was already Amazon’s highest priority, and a commitment to privacy and data security was sewn into everything the company did. “We design our products and services so that it’s easy for customers to understand when their data is being collected and control when it’s shared,” he said. “Our customers trust us to handle their data carefully and sensibly.”

On this last point, DeVore was probably making a safe assumption. That year, a study by Georgetown University found Amazon to be the second-most-trusted institution in the United States, after the military. But as companies like Facebook have learned in recent years, public trust can be fragile. And in hindsight, what’s most interesting about Amazon’s 2018 testimony is what DeVore did not say.

At that very moment inside Amazon, the division charged with keeping customer data safe for the company’s retail operation was in a state of turmoil: understaffed, demoralized, worn down from frequent changes in leadership, and—by its own leaders’ accounts—severely handicapped in its ability to do its job. That year and the one before it, the team had been warning Amazon’s executives that the retailer’s information was at risk. And the company’s own practices were fanning the danger.

According to internal documents reviewed by Reveal from the Center for Investigative Reporting and WIRED, Amazon’s vast empire of customer data—its metastasizing record of what you search for, what you buy, what shows you watch, what pills you take, what you say to Alexa, and who’s at your front door—had become so sprawling, fragmented, and promiscuously shared within the company that the security division couldn’t even map all of it, much less adequately defend its borders.

Complete Article

Data Breach Notice Identity Theft Resource Center | efani SAFE?

Organizations need to review how they notify consumers of data breaches to reduce the level of inaction and improve the credit freeze adoption rates,” said Eva Velasquez, President, and CEO of the Identity Theft Resource Center.

Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, published research conducted by DIG.Works that explored several issues related to data and account compromises, as well as data breach notice.

The ITRC and DIG.Works surveyed 1,050 U.S. adult consumers about the issues and discovered that, overall, consumers reported a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach. However, there is a significant gap between consumers’ level of awareness and actions that leave most people open to additional attacks and identity crimes.

  • A shockingly high number of respondents (16 percent) took no action after receiving a notice of data breach; less than half (48 percent) changed the password only on the breached account; only 22 percent changed all of their passwords.
  • Just three (3) percent of respondents said they placed a credit freeze to block new accounts from being created.
  • Only 15 percent of respondents say they use unique passwords for each of their accounts; the other 85 percent admit to reusing passwords on multiple accounts.
  • Thirty-three (33) percent of the respondents who do not follow suggested password practices answered that their practices are good enough; 13 percent say they don’t think strong and unique passphrases are important.

“Most people know what they should do, but choose not to in the areas of data protection and password practices,” said Eva Velasquez, President, and CEO of the Identity Theft Resource Center. “Organizations need to review how they notify consumers of data breaches to reduce the level of inaction and improve the credit freeze adoption rates. Also, businesses should recommend to consumers that they reset any passwords that are not unique and offer multi-factor authentication with an app.”

Other findings include:

  • Seventy-three (73) percent of respondents believe their personal information has been impacted by a data breach; 72 percent have received a notice of data breach letter.
  • Fifty-five (55) percent of social media accounts have been compromised, including 42 percent of Facebook users and 32 percent of Instagram users.
  • When asked why they didn’t act after receiving a breach notice, 26 percent said “my data is already out there;” 29 percent believed organizations responsible for protecting their data would address the issue; 17 percent did not know what to do; 14 percent thought the notice was a scam.

Consumers can receive free live victim support or guidance from a knowledgeable advisor by calling 888.400.5530 or visiting idtheftcenter.org to live chat.

About this Survey

The ITRC thanks Jonathon Sasse and Anders Steele for their donation of this research project on behalf of the ITRC and identity crime victims. Please visit DIG.Works to learn more.

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, businesses, and governments to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.

Media Contact

Identity Theft Resource Center
Alex Achten
Head of Earned & Owned Media Relations
888.400.5530 Ext. 3611

Top Cybersecurity Threats Around the Globe | Are You efani SAFE?

Cybersecurity threats, risks, and challenges vary a lot from one region to the next and one nation to the next. Targets vary based on local resources to exploit. Cyber criminals and nation-state attackers zero in on specific nations, companies, and organizations for varying incentives.

Of course, the COVID-19 pandemic exacerbated cybersecurity threats. Attackers might launch remote work-enabled attacks or social engineering attacks using COVID-19 fears as the content. The pandemic caused supply chain and economic woes, too.

Here are the top cybersecurity issues in each corner of the globe today.


Several African countries have very well-developed mobile digital currency systems with millions of users, such as M-Pesa and MFS Africa. People use these for salaries, groceries, and transportation in some countries, especially in Kenya. Gangs attack these systems hoping to steal money from customers. While most global vulnerability assessments worry most about data protection, these mobile digital currency systems worry about money protection.

The urban coastal regions of Africa also face risk from ransomware attempts on ports. Ports in South Africa, for example, saw shutdowns in the wake of a major cyber attack on one of the ports.

Regional and international tensions in East Africa and elsewhere engender cyber-spying cybersecurity threats, most recently using Pegasus spyware. As of the end of 2020, some 11 African national governments found Pegasus spyware. They presumed it to be part of spy work from both within the region and from abroad.

Cybersecurity Threats in the Americas

Latin America faces the double whammy of high use of the internet and high rates of attacks across the board, but low coordination between governments and industry. There is also low public awareness about cybercrime due to a lack of government programs to educate the public.

The news is led by cybersecurity topics related to the pandemic, which has ushered in wave after wave of scams, ransomware attacks and data breach phishing attacks. Many of these use COVID-related social engineering content. One major strain is fear-mongering COVID-related phishing scams. These aim to collect the information the criminals need to commit insurance and identity fraud. Emails offer stimulus money, access to vaccines, and other benefits in exchange for personal information or downloading malware.

The most heavily targeted countries in Latin America are those with the largest economies: Brazil, Mexico, Colombia, and Argentina.

Mexico has been hit recently by very large-scale malware attacks against oil giant Pemex as well as the Ministry of Economy.

In Latin America and the Caribbean, state-sponsored attacks tend to spike in advance of international treaties, economic summits, and other such events. The EVILNUGGET malware has been deployed for this purpose, mostly against transportation companies and facilities affected by China’s Belt and Road initiative.

The United States is targeted for all kinds of cybersecurity threats, especially very large-scale state-sponsored attacks like the Solar Winds attack. These are long-term and very sophisticated. Attackers could have a wide range of goals, from political and industrial espionage to influencing operations.


Geopolitical tensions in the region drive state-sponsored influence operations, cyber espionage, and targeted financial crimes. Phishing attacks remain a common entry point for many cyberattacks across Asia.

Tensions between countries drive a large number of cyber threats from both nation-state and non-governmental actors in all countries involved. Look at China and India, China and Taiwan, India and Pakistan, North Korea and South Korea, and, of course, tensions between the U.S. and China, North Korea and Russia.

Also, much of the world’s electronics supply chain infrastructure is in Asia. So, the global trend of supply chain attack and disruption is acute in the region. Electronics exporters, like Vietnam and Malaysia, depend on buyers and manufacturers in China, and vice versa. Plus, the world depends on goods made in China. Disrupting any part of this supply chain slows deliveries, raises prices, and applies pressure to all concerned.

Many of these connections involve cooperation and partnership in public and rivalry in private. Rivalries play out through cyberattacks and espionage.

North Korea deserves special mention, as that country has a robust state-sponsored cyberattack apparatus. On the other hand, the country has almost no targets for foreign adversaries to hit back due to the lack of development and internet connectivity there.

Russia and Turkey

Turkey and Russia straddle both Europe and Asia. Many global cybersecurity threats, both state-sponsored and criminal, start from Russia in particular. In the past year, according to a report from Microsoft, nearly 60% of the world’s observed state-sponsored attacks started with the Russian government, and one-third of the world’s successful cyberattacks from non-state actors started there, too. The new wave of ransomware-as-a-service attacks is mostly a Russian trend. A disproportionate share of information operations and election-related disinformation campaigns start in Russia as well.

Cybersecurity Threats in Europe

European hospitals have been affected by dangerous ransomware attacks in Ireland, France, and elsewhere in a big way. The two French hospitals attacked within a week — these coming after hospitals in seven French cities were hit in 2020 — by attackers using the crypto-virus Ryuk dialed up the stress factor. After all, both were battling COVID-19 and were at high capacity. The attack on Ireland earlier this year hit the Health Service Executive, which disrupted health care nationwide and forced health care workers to resort to using paper records.

Overall, the number of serious cyberattacks roughly doubled from 2020 to 2021, according to the European Union Agency for Cybersecurity. Triple extortion ransomware attacks are very much on the rise. The cost of a data breach is exploding in that region.

The Middle East

The Middle East region has more than its fair share of state-sponsored cybersecurity threats. These aim to disrupt rivals, cause economic hardship and sometimes even cause internal political frictions. An attack in Iran recently, for example, caused major disruptions to consumer gasoline sales. In apparent response, people breached gasoline signs criticizing the government for the gasoline lines.

Any vulnerability analysis in the Middle East has to take regional conflict into account.

Read the whole article here: Read More