From regulators seeking monetary damages from Equifax to Facebook once again invading user privacy, here we round up the latest in data security and privacy news.
CFPB and FTC Fines Loom for Equifax
Equifax is expecting fines from the Consumer Financial Protection Bureau, Federal Trade Commission, and New York Department of Financial Services over its massive 2017 data breach, in which the highly sensitive personal information of 148 million Americans was exposed. According to a recent SEC filing by Equifax, the CFPB and FTC have alerted the company that they plan to seek “civil money penalties” in regard to the breach.
If fines are levied, they would be the first significant action taken against the company since the breach. Equifax is also facing 19 class action lawsuits and more than 1,000 lawsuits from consumers, as well as investigations from 48 state Attorneys General, the SEC, the Department of Justice, the Office of the Privacy Commissioner of Canada, and the U.K.’s Financial Conduct Authority.
Read more from Business Insider.
Facebook Invading Privacy in the Name of Security
Facebook is under fire for deceptive practices yet again, this time for misleading users about its use of 2FA phone numbers and not letting users opt-out of its phone number “look up” feature. Reports indicate that after pushing users to setup two-factor authentication for their accounts to bolster security, Facebook then associates the phone number used for 2FA with the user's profile even though the company claimed that phone numbers would only be used for security.
Making it possible for anyone, with or without a Facebook account, to "look up" a profile by using their phone number. Once setup, Facebook does not let users opt-out. Facebook weakening privacy at the same time it is promoting security is just the latest in a string of never ending privacy and security missteps by the company.
Read more from TechCrunch.
MyEquifax.com Security Debacle
Equifax’s new MyEquifax.com portal makes it easy for identity thieves to bypass credit freeze PINs and lift a credit freeze with nothing more than your name, birthday, and Social Security number, the very information that Equifax exposed. As Brian Krebs, a cybersecurity expert, reports, “Credit freezes and thaws requested via myEquifax don’t require users to supply any pre-existing PIN.”
Credit freeze PINs are used as additional security layer needed to lift or thaw a credit freeze, which helps protect consumers from new account fraud and other forms of identity theft. While freezing your credit and setting up a PIN makes it much more difficult for identity thieves to open new credit accounts in your name, the ability to bypass a credit freeze PIN with relative ease using MyEquifax.com throws Equifax’s security practices into further doubt.
Read more from KrebsOnSecurity.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.