Search Results for “New York Times”


September 4, 2019
Natasha Singer and Kate Conger / New York Times

Natasha Singer and Kate Conger / New York Times  
Google and YouTube to Pay $170 Million to Settle Allegations by FTC, New York Attorney General That YouTube Violated COPPA by Illegally Collecting Children’s Personal Information

In the largest penalty paid to date for violation of a key children’s online protection law, Google and its subsidiary YouTube will pay a record $170 million to settle allegations by the Federal Trade Commission and the New York Attorney General that YouTube illegally collected personal information from children without their parents’ consent. Google and YouTube will pay $136 million to the FTC and $34 million to New York for allegedly violating the Children’s Online Privacy Protection Act (COPPA) Rule. The FTC and the New York Attorney General allege that YouTube collected personal information in the form of persistent identifiers that are used to track users across the Internet from viewers of child-directed channels, without first notifying parents and getting their consent. YouTube also agreed to create a system that asks video channel owners to identify the children’s content they post so that targeted ads are not placed in such videos. YouTube must also now obtain consent from parents before collecting or sharing personal details like a child’s name or photos. Critics, including Senator Ed Markey (D-MA), who sponsored COPPA back in 1998, say the settlement is merely slap on the wrist for Google given the Internet company’s massive financial resources and revenues.

Related: Financial Times, AppleInsider, CNBC, Bloomberg, New York PostBBC News – Home, ITWeb.co.za latest news, FOX News, The Verge, Technology News | Boston.com, City A.M. – Technology, Ars Technica, AP Breaking News, VentureBeat, TIME, POLITICO EU, Tech Insider, Axios, RT News, WRAL Tech Wire, Federal Trade Commission, New York Attorney General

Tweets:@alfredwkng

Financial Times: Google and YouTube pay $170m to settle child privacy claims
AppleInsider: Google fined $170M for violating children’s privacy
CNBC: YouTube will pay $170 million to settle claims it violated child privacy laws
Bloomberg: Google to Pay $170 Million for YouTube Child Privacy Breaches
New York Post: Google fined $170M for YouTube’s violation of child privacy laws
BBC News – Home: YouTube fined $170m in US over children’s privacy violation
ITWeb.co.za latest news: Google to spend $200m on YouTube settlement
FOX News: YouTube to pay massive $170M fine as it settles claims it violated children’s privacy laws
The Verge: Google will pay $170 million for YouTube’s child privacy violations
Technology News | Boston.com: The Latest: Advocacy groups disappointed in YouTube-FTC deal
City A.M. – Technology: Google accused of sharing personal data with advertisers
Ars Technica: YouTube fined $170 million for violations of children’s privacy
AP Breaking News: YouTube to pay $170M fine after violating kids’ privacy law
VentureBeat: FTC fines YouTube $170 million for alleged child privacy violations
TIME: YouTube Fined $170 Million for Collecting Kids’ Data Without Parental Consent
POLITICO EU: Google’s YouTube hit with $170M fine over children’s privacy
Tech Insider: Google will pay $170 million to settle allegations that YouTube illegally collected kids’ data without their parents consent (GOOGL, GOOG)
Axios: Google to pay $170 million over claim that YouTube violated child privacy law
RT News: YouTube to cough up $170mn in fines over charge of grabbing kids’ data
WRAL Tech Wire: Feds fine YouTube $170M for collecting kids’ data without parents’ consent
Federal Trade Commission: Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law
New York Attorney General: AG James: Google And Youtube To Pay Record Figure For Illegally Tracking And Collecting Personal Information From Children

@alfredwkng: . @SenMarkeywas the author of COPPA back in 1998. On today's settlement with YouTube, he says: "This settlement makes clear that this FTC stands for ‘Forgetting Teens and Children’."


September 17, 2019
Tom McCarthy, David Smith / The Guardian

Tom McCarthy, David Smith / The Guardian  
U.S. Government Files Suit to Stop Edward Snowden Profiting From His New Book, Claims Failure to Submit for Pre-Publication Review, Violation of CIA, NSA Non-Disclosure Agreement

The United States government filed a lawsuit against Edward Snowden, a former employee of the Central Intelligence Agency (CIA) and contractor for the National Security Agency (NSA), who published a memoir entitled Permanent Record. The lawsuit claims that Snowden published his book without submitting it to the agencies for pre-publication review, in violation of his express obligations under the agreements he signed. The lawsuit does not seek to stop the publication of the book but instead seeks to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review. The feds are also suing Snowden’s publisher solely to ensure that no funds are transferred to Snowden, or at his direction, while the court resolves the United States’ claims. The lawsuit is separate from the criminal charges brought against Snowden, whom the government has accused of violating the Espionage Act.

Related: AlterNet.org, Stars and Stripes, The Huffington Post, ZDNet, BuzzFeed, CNET, The Hacker News, SecurityWeek, Newsweek, USATODAY, Reuters: U.S., The Independent, News.com.au, New York Times, ParisGuardian, Voice of America, The Mac Observer, Daily Dot, POLITICO, AP Breaking News, TIME, The Verge, Task & Purpose, Law & Disorder – Ars Technica, TribLIVE, Boing Boing, RT USA, Slashdot, Huffington Post India, Lorenzo Franceschi-Bicchierai – VICE, The Register – SecurityNBC News Top Stories, News : NPR, Justice.gov

Tweets:@Snowden @ACLU @ewenmacaskill @zackwhittaker @avilarenata @ggreenwald @Snowden @trevortimm @xor @zoetillman @freedomofpress

AlterNet.org: U.S. government can’t try Edward Snowden — so it’s going after his book payout
Stars and Stripes: Department of Justice sues for proceeds from Edward Snowden’s book
The Huffington Post: Justice Department Sues Edward Snowden For Book Proceeds
ZDNet: US sues Edward Snowden over new book
BuzzFeed: The Justice Department Is Suing To Stop Edward Snowden From Making Money From His New Book And Public Speeches
CNET: Justice Department sues Edward Snowden over memoir
The Hacker News: BREAKING — U.S Sues Edward Snowden and You’d be Surprised to Know Why
SecurityWeek: US Justice Department Sues Snowden Over New Book
Newsweek: What’s in Edward Snowden’s New Book? Justice Department Sues Whistleblower Over ‘Permanent Record’
USATODAY: ‘I’m not asking for a pardon.’ Edward Snowden says he’d come home for a fair trial
Reuters: World News: U.S. wants to seize all money Edward Snowden makes from new book
AOL: U.S. sues NSA leaker Edward Snowden over new book
The Independent: US sues Edward Snowden over new autobiography describing how he leaked top-secret files
News.com.au: US sues Edward Snowden over his new book
New York Times: U.S. Tries to Seize Edward Snowden’s Proceeds From New Memoir
ParisGuardian: Snowden Calls on France’s Macron to Grant Him Asylum
Voice of America: Snowden Calls on France’s Macron to Grant Him Asylum
The Mac Observer: The United States Sues Edward Snowden Over Book
Daily Dot: Government sues Edward Snowden for breaking a non-disclosure agreement
POLITICO: DOJ wants the profits from Edward Snowden’s new book
AP Breaking News: Justice Dept. files lawsuit against Snowden over memoir
TIME: U.S. Justice Department Sues Edward Snowden Over New Memoir
The Verge: The US government is suing Edward Snowden for his book profits
Task & Purpose: US hits Edward Snowden with lawsuit over nondisclosure agreement violations
Law & Disorder – Ars Technica: Feds seek to seize all profits from Snowden’s book over NDA violation
TribLIVE: Justice Department files lawsuit against Edward Snowden over memoir
Boing Boing: US sues Edward Snowden, ‘Permanent Record’ violates NDAs ‘signed with CIA & NSA’ says Justice Department
RT USA: Snowden book ‘violates CIA & NSA non-disclosure agreements’ – US lawsuit
The Guardian: US government files civil lawsuit against Snowden over publication of memoir
Slashdot: United States Files Civil Lawsuit Against Edward Snowden
Voice of America: US Sues Edward Snowden Over new Book, Cites Non-disclosure Agreements
The Huffington Post: Justice Department Sues Edward Snowden For Book Proceeds
Lorenzo Franceschi-Bicchierai – VICE: The US Government Is Suing Edward Snowden
The Register – Security: US government sues ex-IT guy for breaking his NDA (Yes, we mean Edward Snowden)
NBC News Top Stories: DOJ sues Edward Snowden over new memoir
News : NPR: Justice Department Sues Edward Snowden, Seeking Profits From His Book
Justice.gov: United States Files Civil Lawsuit Against Edward Snowden

@Snowden: The government of the United States has just announced a lawsuit over my memoir, which was just released today worldwide. This is the book the government does not want you to read: (link corrected)
@ACLU: This book contains no government secrets that have not been previously published by respected news organizations.@Snowden wrote this to continue a worldwide conversation about mass surveillance and free societies. This lawsuit will only bring more attention to the book.
@ewenmacaskill: Huge mistake by US govt in filing civil lawsuit against Snowden over publication of memoir. UK ban of Spycatcher 50 years ago created huge demand.
@zackwhittaker: Interesting. U.S. files suit against Edward Snowden for not submitting his new book for pre-publication review, arguing it violates the NDA he signed (and broke when he took thousands of classified files).
@avilarenata: First, they spy on us, then they persecute whistleblowers, now they ban books. Freedom? Time to organise collective readings of @Snowden book everywhere. Go, buy the book now, read it, share it, discuss it.
@ggreenwald: After the DOJ announced its repressive lawsuit to seize the proceeds of Snowden's book (good luck with that!), the book propelled its ways onto the Top 10 Best-Seller List on Amazon. Knowing @Snowden as I do, I'm certain he's duly appreciative
@Snowden: Hours after the United States government filed a lawsuit seeking to punish the publication of my new memoir, #PermanentRecord, the very book the government does not want you to read just became the #1 best-selling book in the world. It is available wherever fine books are sold.
@trevortimm: “This far-reaching censorship system simply can’t be squared with the Constitution...this system sweeps too broadly, fails to limit the discretion of government censors, and suppresses political speech that is vital to informing public debate.”
@xor: "So good, it shouldn't be legal!" –US Department of Justice.Get @Snowden 's book:
@zoetillman: DOJ can't pursue criminal charges against Edward Snowden as long as he's living in Russia — so the feds are going after his money instead https://buzzfeednews.com/article/zoetillman/us-lawsuit-edward-snowden-book-proceeds-nsa
@freedomofpress: Our Executive Director @trevortimm on today's @Snowden lawsuit:“If only the Justice Department was as concerned with the systematic legal violations carried out by the US government’s mass surveillance programs as they are about trying to blunt the impact of a personal memoir.”


August 20, 2019
Tony Romm / The Washington Post

Tony Romm / The Washington Post  
Facebook Unveils ‘Off-Facebook Activity’ Tool Giving Users Leeway to Limit Data Collected About Them Elsewhere on the Web, New Controls Do Not Allow Users to Delete Data in Full

Facebook unveiled its long-awaited feature, called “Off-Facebook Activity,” which allows users to limit businesses, apps and other groups that collect data about them on the Web and pass that information to the tech giant. The feature does not, however, allow users to delete that information from Facebook in full but instead has been designed to “shed more light” on a form of online tracking that determines some of the ads people see on Facebook. Users now can choose to remove this history from their accounts and turn off some or all of that tracking in the future although these actions merely disconnect information from being identified to a specific user but do not delete it. The new controls also won’t prevent Facebook from reporting back to another business whenever users generally purchase their product after seeing an ad targeted to them. The complexity of the system likely won’t prevent privacy advocates from criticizing the company because company CEO Mark Zuckerberg implied a more robust deletion tool one year ago when he vowed Facebook would develop a “Clear History” tool.

Related: TechCrunch, CNET, The Guardian, The Verge, Buzzfeed News, Wall Street Journal, Facebook, New York Times, BBC News, The Verge, Tech Insider, AP Breaking News, The Sun, Slashdot, Tech Insider, WRAL Tech Wire, Z6 Mag, New York Times – Business, Neowin, Tech Insider, Sky News, The Next Web, Channel News Asia, SecurityWeek, The Straits Times Tech News, CNN.com

Tweets:@geoffreyfowler @kashhill @ashk4n @fbnewsroom @zackwhittaker @ruskin147 @tonyromm @gcluley @stevekovach @alexhern

TechCrunch: Facebook unveils new tools to control how websites share your data for ad-targeting
CNET: How to use Facebook’s new privacy tool to control your data
The Guardian: Facebook launches ‘clear history’ tool – but it won’t delete anything
The Verge: Facebook’s Clear History privacy tool finally begins rolling out in three countries
Buzzfeed News: You Can Finally See All Of The Info Facebook Collected About You From Other Websites
Wall Street Journal: Facebook to Let Users Control Their Data From Other Companies
Facebook: Now You Can See and Control the Data That Apps and Websites Share With Facebook
New York Times: Facebook’s New Tool Lets You See Which Apps and Websites Tracked You
BBC News: Facebook to stop stalking you off-site – but only if asked
The Verge: Facebook’s Clear History privacy tool finally begins rolling out in three countries
Tech Insider: Facebook is finally letting users control the info that other websites are sharing with the social network about them (FB)
AP Breaking News: Facebook rolls out tool to block off-Facebook data gathering
The Sun: Facebook launches ‘off-platform activity’ tool to stop it tracking you across the internet – and you can even wipe your history
Slashdot: You Can Finally See All Of The Info Facebook Collected About You From Other Websites
Tech Insider: Advertisers have been grappling for alternatives ahead of Facebook’s ‘clear-history’ tool that could limit one of its most powerful targeting tools
WRAL Tech Wire: New Facebook tools enables users to turn off tracking
Z6 Mag: Control the data you share via ‘Off-Facebook Activity’
New York Times – Business: Facebook’s New Tool Lets You See Which Apps and Websites Tracked You
Neowin: Facebook adds new tool that helps you control its off-site stalking
Tech Insider: Facebook is finally letting users control the info that other websites are sharing with the social network about them (FB)
Sky News: Facebook to let users stop app and website tracking
The Next Web: Facebook lets you (sorta) control what info it gets from other sites
Channel News Asia: Facebook launches tool to let users control data flow
SecurityWeek: Facebook Launches Tool to Let Users Control Data Flow
The Straits Times Tech News: Facebook launches tool to let users control data flow
CNN.com: Facebook finally rolls out privacy tool for your browsing history

@geoffreyfowler: Facebook’s long-promised “clear history” tool has arrived, but it is not the data re-set we really needed.@tonyromm has the details here @posttech : https://wapo.st/2ZkWXoYWhat’s missing? Thread -->
@kashhill: In news you can't actually use yet (unless you live in Ireland, S. Korea, or Spain), Facebook is giving you a way to make your Instagram ads way less creepy.
@ashk4n: Facebook just announced their long awaited 'Clear History' tool -- tho it only really lets you 'Disconnect Activity' (and even then its pretty limited)PR release: https://newsroom.fb.com/news/2019/08/off-facebook-activity/Fact sheet: https://facebook.com/off-facebook-activityTechnical writeup: https://engineering.fb.com/data-infrastructure/off-facebook-activity/
@fbnewsroom: With Off Facebook Activity, you can see a summary of the info that websites and apps send to help show you relevant ads - you can also disconnect this info from your account. Learn more: https://newsroom.fb.com/news/2019/08/off-facebook-activity/
@zackwhittaker: This sounds great! But nowhere in this blog post does it say how we get it.
@ruskin147: My story on Facebook’s new “Off-Facebook Activity” tool which shows you why those shoes are following you around the Internet
@tonyromm: Zuck in 2018 used the word "flush" and other FB execs used the word "delete" but it's not exactly what's happening here, so it will be interesting to see how users and regulators react
@gcluley: Good thread here on Facebook's "Clear History" announcement.Most people won't ever turn off "Off-Facebook activity" of course.. but even if you do, you may be interested to hear what it does (and doesn't) do.
@stevekovach: The best way to clear your Facebook history is to delete Facebook
@alexhern: The clear history tool Mark Zuckerberg announced over a year ago is finally coming (except it won’t actually clear your history from Facebook’s servers)


July 24, 2019
MARCY GORDON and BARBARA ORTUTAY / Associated Press

MARCY GORDON and BARBARA ORTUTAY / Associated Press  
FTC Privacy Probe Settlement Imposes $5 Billion Penalty, New Restrictions and Modified Corporate Structure on Facebook, Mark Zuckerberg Held Personally Responsible for Privacy Programs Compliance

The Federal Trade Commission (FTC) announced that Facebook will pay a record-breaking $5 billion penalty and submit to new restrictions and a modified corporate structure to hold the company accountable for the decisions it makes about its users’ privacy. The fine and new restrictions settle an FTC investigation into whether Facebook violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information specifically in regards to the data of  87 million Facebook users used without their permission in the Cambridge Analytica scandal. Under the settlement between Facebook and the FTC, Mark Zuckerberg is held personally responsible in a limited fashion and will have to personally certify his company’s compliance with its privacy programs. False certifications could expose him to civil or criminal penalties.

Related: Gadgets Now, NDTV Gadgets360.com, The Drum, Al Bawaba, CCN, The Guardian, Wall Street Journal, CNET, E-Commerce Times, PYMNTS.com, Tech Insider, Tech Insider, MarketWatch.com – Software Industry New, Asia One World, Reuters, Federal Trade Commission, Politico, Vox, CNET, FOX News, Voice of America, Washington Post, Zero Hedge, Axios, AndroidHeadlines.com, TechCrunch, Facebook Newsroom, The Verge, TechCrunch, TIME, LA Daily News, CNET, Wall Street Journal, Technology News | Boston.com, The Age, Al BawabaUSA Today, Gizmodo, New York Times, Financial Times, News : NPR, USA Today, CNBC, TechJuice, Telecomlive.com, Courthouse News Service, TribLIVE, NYT > Business Day, CBC , Star Tribune, Chicago Tribune, CNBC, Engadget, Telecompaper Headlines, CCN, AppleInsider, CPO MagazineSky News, 9to5Mac, Tech Insider, Bloomberg, NDTV Gadgets360.com, VentureBeat

Tweets:@sarahfrier @sarahfrier @jtrevorhughes @DaveLeeBBC @ashk4n

Gadgets Now: Facebook to create privacy panel, pay $5 billion to US to settle allegations
NDTV Gadgets360.com: Facebook Said to Agree to Create Privacy Panel as Part of US FTC Settlement
The Drum: Facebook appoints board-level privacy panel as part of $5bn US FTC settlement
Al Bawaba: Facebook to Pay $5 Billion Fine Over Users’ Privacy Violations
CCN: Facebook’s Stock Falters as the DOJ Knives Come Out
The Guardian: Facebook agrees to pay $5bn in vast privacy settlement, insiders say
Wall Street Journal: Facebook Expected to Settle SEC Claims of Inadequate Disclosures Over Privacy Practices
CNET: Facebook to settle with SEC after probe into privacy practices
E-Commerce Times: Facebook Unfazed by $5B FTC Settlement
PYMNTS.com: Facebook Could Pay $100M To Settle SEC Investigation
Tech Insider: ‘Too cheap to keep ignoring’: Wall Street thinks Facebook is set to soar because its loyal users outweigh its endless scandals (FB)
MarketWatch.com – Software Industry News: The Wall Street Journal: Facebook set to pay fine of more than $100 million to settle SEC investigation
Asia One World: Facebook agrees to pay $6.8 billion fine over privacy issues; will set up privacy panel
Reuters: Facebook to create privacy panel, pay $5 billion to U.S. to settle allegations
Federal Trade Commission: FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
Politico: FTC announces $5B settlement with Facebook
Vox: Facebook will pay the US government a $5 billion fine for privacy failures — but it won’t have to change the way it does business
CNET: Facebook agrees to $100 million SEC settlement after privacy probe
FOX News: Facebook pays historic $5B fine and agrees to new privacy regulations as part of massive settlement
Voice of America: Big Tech Faces Broad US Justice Department Antitrust Probe
Washington Post: U.S. government issues stunning rebuke, historic $5 billion fine against Facebook for repeated privacy violations
Zero Hedge: Facebook To Pay Record $5 Billion Fine In FTC Settlement
Axios: Facebook settles with FTC regulators over privacy
AndroidHeadlines.com: FTC Slaps Facebook With $5B Fine Over Cambridge Analytica Scandal
TechCrunch: Facebook ends friend data access for Microsoft and Sony, the last 2 of its legacy partners, under FTC deal
Facebook Newsroom: Cleaning Up Data Access for Partners
The Verge: FTC hits Facebook with $5 billion fine and new privacy checks
TechCrunch: Facebook settles with FTC: $5 billion and new privacy guarantees
TIME: Facebook Agrees to Pay Record $5 Billion Settlement in Privacy Investigation
LA Daily News: FTC fines Facebook $5 billion, adds limited oversight on privacy
CNET: Facebook agrees to $100 million SEC settlement after privacy probe
Wall Street Journal: Facebook Expected to Settle SEC Claims of Inadequate Disclosures Over Privacy Practices
Technology News | Boston.com: FTC fines Facebook $5B, adds limited oversight on privacy
The Age: Facebook to pay record $7.1b fine over privacy violations
Al Bawaba: Facebook to Pay $5 Billion Fine Over Users’ Privacy Violations
USA Today: Facebook fined $5 billion by FTC, must update and adopt new privacy, security measures
Gizmodo: Report: FTC to Accuse Facebook of Using 2FA Numbers for Ads, Hiding Facial Recognition Settings
New York Times: Facebook Fined $5 Billion and Ordered to Add Oversight of Data Practices
Financial Times: Facebook to pay $5bn to resolve probe into privacy violations
News : NPR: FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations
USA Today: Facebook fined $5 billion by FTC, must update and adopt new privacy, security measures
CNBC: FTC slaps Facebook with record $5 billion fine, orders privacy oversight
TechJuice: Facebook won’t have to admit guilt in shocking user privacy settlement
Telecomlive.com: Why $5-bn fine is just the tip of the iceberg of Facebook’s settlement woes
Courthouse News Service: FTC Fines Facebook $5 Billion for Privacy Violations
CBC : FTC fines Facebook $5B for privacy violations
Star Tribune: FTC fines Facebook $5B, adds limited oversight on privacy
Chicago Tribune: Feds fine Facebook $5 billion for privacy violations, establish new oversight
CNBC: FTC slaps Facebook with record $5 billion fine, orders privacy oversight
Engadget: Facebook will pay $5 billion fine for Cambridge Analytica data breaches
Wall Street Journal: Facebook Agrees to Pay $5 Billion in FTC Settlement
Telecompaper Headlines: FTC confirms USD 5 bln fine and 20-year compliance agreement for Facebook privacy violations
CCN: Facebook’s Stock Falters as the DOJ Knives Come Out
AppleInsider: Facebook fined $5B by FTC over Cambridge Analytica scandal charges
CPO Magazine: Record-Setting $5 Billion Facebook Fine Too Little Too Late?
Sky News: Facebook to pay record $5bn fine to end US privacy probe
9to5Mac: [Update: It’s official] Facebook fined record $5 billion by FTC for privacy violations
Bloomberg: Facebook’s FTC Privacy Settlement Won’t Hinder Ad Business
NDTV Gadgets360.com: Facebook Said to Agree to Create Privacy Panel as Part of US FTC Settlement
VentureBeat: Facebook to create a privacy panel as part of $5 billion FTC settlement

@sarahfrier: Tucked deep in Facebook’s announcement of the $5 billion FTC settlement is the announcement of a $100 million SEC settlement
@sarahfrier: Both the FTC and Facebook are telling you the $5 billion settlement fundamentally changes how Facebook operates. But the company will still be able to collect the same data and target ads in the same way. @KurtWagner8 and I explain
@jtrevorhughes: Official now. Just as Mueller hearing starts.FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
@DaveLeeBBC: Facebook’s $5bn fine confirmed by FTC. Company must appoint privacy compliance officers + undergo privacy audits of which Zuckerberg must personally be a part. Also this morn - US financial regulator fines FB additional $100m for misleading investors.
@ashk4n: 1) UPDATE: Having now fully digested the FTC settlement and complaint, I'm of the opinion that this was a *terrible* outcome for our leading privacy regulator and a very sweet deal for @Facebook


July 20, 2019
Julian E. Barnes / New York Times

Julian E. Barnes / New York Times  
ODNI Director Coats Names Experienced Government Official Shelby Pierson to New Election Security Position

In a sign that security vulnerabilities and influence operations are now a permanent fixture of U.S. elections, Director of National Intelligence Dan Coats announced that experienced government official Shelby Pierson will oversee election security intelligence across the government in a newly created senior position. Pierson, who worked on intelligence issues surrounding the 2018 midterm elections, will cover both potential attacks on voting infrastructure and influence campaigns. Coats said that Pierson’s appointment will help intelligence agencies direct resources to election security and “bring the strongest level of support to this critical issue.” Coats also said he was ordering all of the intelligence agencies with a role in election security to appoint a senior official to oversee issues of foreign influence and infrastructure attacks. The officials will form an Election Executive and Leadership Board to ensure intelligence agencies are properly focused on voting security issues.

October 3, 2019
Ryan Mac, Joseph Bernstein / Buzzfeed News

Ryan Mac, Joseph Bernstein / Buzzfeed News  
U.S., UK and Australian Officials Will Ask Facebook CEO to Delay Plans for End-to-End Messaging Encryption, New Data Sharing Between U.S. and UK Law Enforcement Slated for Announcement

Attorney General Bill Barr, along with officials from the United Kingdom and Australia, will publish an open letter, dated October 4, to Facebook CEO Mark Zuckerberg, asking the company to delay plans for end-to-end encryption across its messaging services until it can guarantee the added privacy does not reduce public safety. The letter is slated to be released at the same time as an announcement of a new data-sharing agreement between law enforcement in the US and the UK. The other signatories to the letter include UK Home Secretary Priti Patel, US Secretary of Homeland Security Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton. The letter raises concerns that Facebook’s plan to build end-to-end encryption into its messaging apps will prevent law enforcement agencies from finding illegal activity conducted through Facebook, including child sexual exploitation, terrorism, and election meddling. It asks Facebook to let aw enforcement gain access to illegal content in a manageable format, and by consulting with governments ahead of time to ensure the changes will allow this access. Reuters separately reported that the new pact between the U.S. and the UK would fast track requests from law enforcement to technology companies for information about the communications of terrorists and child abusers.

Related: Reuters, New York Times, Sydney Morning Herald, Channel News Asia, Firstpost, BuzzFeed – Tech, Engadget, The Hill: Cybersecurity, CNBC, CNN.com, Gizmodo, TechCrunch, Cyberscoop, Columbia Journalism Review, Tech Insider, POLITICO, Vox, Vox, Fortune, FortuneBoing Boing, Tweets Journos, Stars and Stripes, AP Breaking News, Slashdot, Techdirt, The Guardian, Justice Department, Justice Department, Wall Street Journal

Tweets:@RMac18 @RMac18 @mikeisaac @alfredwkng @julianbarnes @teddyschleifer @ktbenner @Bing_Chris @donie @willsommer @kevincollier @RMac18 @alfredwkng @nytimes @BrendanBordelon @jank0 @snowden @Bing_Chirs @zackwhittaker @mattblaze

Reuters: Exclusive: U.S., UK to sign deal to get data faster from tech firms in security cases
New York Times: Barr Pushes Facebook for Access to WhatsApp Messages
Sydney Morning Herald : US, UK and Australia urge Facebook not to encrypt messages
Channel News Asia: US, allies urge Facebook not to encrypt messages as they fight child abuse, terrorism
Firstpost: U.S., allies urge Facebook not to encrypt messages as they fight child abuse, terrorism
BuzzFeed – Tech: “We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety.”
Engadget: DOJ will ask Facebook to halt end-to-end encryption plans
The Hill: Cybersecurity: Barr urging Facebook to halt plans for encrypted messages
CNBC: Here is AG Barr’s full letter to Facebook asking it not to make messages completely secret
CNN.com: US, UK and Australia urge Facebook to halt plan to encrypt all user messages
Gizmodo: AG Bill Barr Is Reportedly Kicking Off a New Encryption War, With Facebook This Time
TechCrunch: Facebook is being leaned on by US, UK, Australia to ditch its end-to-end encryption expansion plan
Cyberscoop: U.S., UK, Australia to ask Facebook to delay message encryption
Columbia Journalism Review: What happens when Facebook confronts an existential threat?
Tech Insider: Attorney General William Barr will ask Facebook to delay its plans for a fully encrypted, auto-deleting messaging platform (FB)
POLITICO: U.S. and allies warn Zuckerberg on encryption plans
Vox: Facebook’s commitment to privacy is about to be tested
Fortune: AG Bill Barr, U.K., and Australian Justice Officials Want Facebook to Halt End-to-End Encryption Plan
Fortune: Facebook ‘Strongly Opposes’ Reported Letter by AG Barr That Will Ask Mark Zuckerberg to Delay Encrypting Its Apps
MSPoweruser: US DOJ pushes against end to end encryption in WhatsApp, Messenger
CNBC Technology: Here is AG Barr’s full letter to Facebook asking it not to make messages completely secret
Stars and Stripes: US authorities seek access to Facebook encrypted messaging
AP Breaking News: US authorities seek access to Facebook encrypted messaging
Slashdot: Attorney General Bill Barr Will Ask Zuckerberg To Halt Plans For End-To-End Encryption Across Facebook’s Apps
Techdirt: DOJ Using The FOSTA Playbook To Attack Encryption
The Guardian: US, UK and Australia urge Facebook to create backdoor access to encrypted messages
Justice Department: Attorney General Barr Signs Letter to Facebook From US, UK, and Australian Leaders Regarding Use of End-To-End Encryption
Justice Department: U.S. And UK Sign Landmark Cross-Border Data Access Agreement to Combat Criminals and Terrorists Online
Wall Street Journal: Barr Presses Facebook on Encryption, Setting Up Clash Over Privacy

@RMac18: Here's what Zuckerberg predicted about this fight back in July according to the leaked Facebook meeting audio obtained by @CaseyNewtonhttps://theverge.com/2019/10/1/20892354/mark-zuckerberg-full-transcript-leaked-facebook-meetings
@RMac18: We were able to see a draft open letter from Bill Barr (and officials in the UK and Oz) to Mark Zuckerberg asking for Facebook to halt the roll out of e2e encryption across its apps. This may get ugly.
@mikeisaac: this barr encryption memo is a bfd
@alfredwkng: On a DoJ call, government official comments on the letter: "There are very significant concerns that law enforcement officials have if Facebook were to end-to-end encrypt all communications on its platforms"
@julianbarnes: Justice Department, backed by the UK, Australia, seeks backdoor to WhatsApp, Facebook encrypted messages. With @ktbenner @MikeIsaac
@teddyschleifer: Facebook statement on the Barr memo.
@ktbenner: AG Bill Barr and other SR officials in Australia and the UK call on Facebook to build a backdoor in WhatsApp for law enforcement/to halt a plan for end to end encryption across all FB properties
@Bing_Chris: The Barr letter to Facebook is a big deal. Government now openly discouraging proliferation of end-to-end encryption
@donie: US Attorney William Barr, as well as senior government officials from the UK and Australia, are formally asking Facebook give up on its plan to encrypt user messages across its platforms, @kevincollier reports
@willsommer: The press conference is being drowned by out by Chumbawamba. Jacob tells the security guard to remove a heckler, but the guard appears to refuse on the grounds that the man is on public property.
@kevincollier: UK official on this DOJ encryption call rn says we need to move on from the term "backdoor," though we still don't see a real way to have E2E and lawful access. These govs have been calling E2E "warrant-proof encryption."
@RMac18: We now have the full letter from Bill Barr and others to Mark Zuckerberg in our story. https://buzzfeednews.com/article/ryanmac/bill-barr-facebook-letter-halt-encryption
@alfredwkng: A UK government official just referenced GCHQ's proposal for access to encrypted messages -- which Apple, Google, Microsoft and FB slammed in May.The pitch was: secretly add police into encrypted conversations, so they could view messages while hidden
@nytimes: Attorney General William Barr and his British and Australian counterparts are set to push Facebook for a back door to its end-to-end encryption on WhatsApp and other messaging platforms, which would give investigators access to now-secret communication
@BrendanBordelon: Hoo boy. AG Bill Barr is set to call on Facebook to delay encryption plans, and he's got backup from the UK and Australia. A new battle in the encryption wars looks dangerously close to kicking off.
@jank0: Also, isn't it a bit odd that Facebook would launch a new messaging app without end-to-end encryption half a year after Mark Zuckerberg wrote a 3000 word manifesto about encrypted messaging?
@snowden: Oh hey, turns out it's even worse; it's more than just #WhatsApp, it's all FB-owned messaging: "Attorney General William P. Barr is set to press @Facebook on Friday to create a so-called back door to its end-to-end encryption on WhatsApp ***AND OTHER MESSAGING PLATFORMS***"
@Bing_Chirs: Meh.. I think it’s different in style and substance. The overarching encryption fight is repetitive and cyclical, obviously. However, 3/5 five eyes writing a letter to Facebook asking them to abandon encryption plans feels different... no?
@zackwhittaker: A crypto reality check talk by @RonWyden on the USG's plan to backdoor WhatsApp.
@mattblaze: So about this “warrantless encryption” thing. We’ve been here before.The first time was way back in 1993, a time when the Internet was just starting to gain widespread traction and concerns about privacy and information security were on the cusp of entering the mainstream. 1/


September 16, 2019
Ewen MacAskill / The Guardian

Ewen MacAskill / The Guardian  
In New Memoir Whistleblower Edward Snowden Says Predicted Harms From His Disclosures Have Not Come to Pass, Warns That Greatest Surveillance Dangers Lie Ahead in Facial and Pattern Recognition

During an interview to mark the publication of his memoirs, Permanent Record, former NSA contractor and whistleblower Edward Snowden said dire warnings that his disclosures would cause harm had not come to pass, and even former critics now conceded “we live in a better, freer and safer world” because of his revelations. In his book, Snowden outlines what led him to leak details of the secret programs being run by the US National Security Agency (NSA) and the UK’s secret communication headquarters, GCHQ. He also warns that the greatest surveillance dangers lie ahead in the form of artificial intelligence capabilities, such as facial and pattern recognition. Snowden further said he’s reconciled to living in exile in Russia for years to come although reports following this interview state that Snowden is calling on France to grant him asylum.

Related: iNews, AP Breaking News, The Moscow Times, Yahoo! News, CBS This Morning, Washington Post, Spiegel Online, Wired, The Moscow Times, SecurityWeek, RT News, The Inquisitr News, The Guardian, CBSNews.com, POLITICO EU, New York Post, Digital Journal, Yahoo News, SecurityWeek

Tweets:@snowden @MalwareJake @halvarflake @robertmlee @kimzetter @gregpmiller @mattblaze @BrianHonan @RidT @fs0c131y

iNews: A million UK workers are being denied the holiday pay they are entitled to by law
AP Breaking News: Snowden calls on France’s Macron to grant him asylum
The Moscow Times: Edward Snowden, Currently in Russia, Says He’d ‘Love to Be Granted Asylum in France’
Yahoo! News: Snowden calls on France’s Macron to grant him asylum
CBS This Morning: Edward Snowden wants to come home: “I’m not asking for a pass. What I’m asking for is a fair trial”
Washington Post: Edward Snowden explains how he pulled off one of the largest leaks in U.S. history
Spiegel Online: ‘If I Happen to Fall out of a Window, You Can Be Sure I Was Pushed’
Wired: After Six Years in Exile, Edward Snowden Explains Himself
The Moscow Times: Edward Snowden, Currently in Russia, Says He’d ‘Love to Be Granted Asylum in France’
SecurityWeek: Snowden Says Would Like French Asylum
RT News: Paris’ justice minister backs accepting Snowden, who floats taking refuge in France
The Inquisitr News: Whistleblower Edward Snowden Seeks U.S. Return & ‘Fair Trial’
The Guardian: Edward Snowden would like to return to US but only with a fair trial – live
CBSNews.com: Edward Snowden says he wants to come home: “I’m not asking for a pass”
DataBreachToday.com: Life After Snowden: US Still Lacks Whistleblowing Rules
POLITICO EU: Edward Snowden ‘would love’ to get political asylum in France
New York Post: Edward Snowden calls on Emmanuel Macron to grant him asylum in France
Digital Journal: Snowden says he would return to US if he can get a fair trial
Yahoo News: Snowden says he would return to US if he can get a fair trial

@snowden: Everything we do now lasts forever; not because we want to remember, but because we are no longer permitted to forget. Do you know what's in your #PermanentRecord?
@MalwareJake: With @Snowden book coming out, I'm hearing multiple respected people in the industry say "the domestic programs were wrong, I just don't agree with how he released the data." I get where these people are coming from, but let's examine why this is a hollow argument. 1/
@halvarflake: In a polarized debate about Snowden, a well-reasoned thread.
@robertmlee: Snowden is historically relevant regardless of anyone’s emotions on him. I have no opinion on his motivations and I think there were both good and bad things that came from his disclosures. But there are many claims he makes that anyone who worked in the NSA knows are not factual
@kimzetter: Great thread on Snowden and why he had to leak - from someone formerly in the intel community
@gregpmiller: Snowden's memoir tells us a lot about his childhood fascination with technology, and the tradecraft he used to steal secrets from CIA/NSA. But he tells us little about his exile in Russia, under the sort of repression he feared was taking root in the US.
@mattblaze: With @Snowden's book forthcoming, my hope (against hope) is that critiques of Snowden's actions not overshadow critiques of the programs he exposed. Compelling and difficult questions about both, but they're different things.
@BrianHonan: Whatever your views on Snowden this is a compelling thread to read before you voice your opinion
@RidT: So, is it possible that Snowden wrote and submitted his memoirs for publication entirely innocently and free of influence at some desk, library, or café in Moscow? — ... maybe. Will PERMANENT RECORD accurately describe his interactions with FSB over the years? — Hard to imagine.
@fs0c131y: I bought the new book of @Snowden and I was wondering: What is the opinion of the infosec community about Snowden and his actions?


July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired, Justice.gov, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,DataBreachToday.com, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN, UPI.comDataBreaches.net, SecurityWeek, MobileSyrup.com, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times, CNN.com, PCMag.com, The VergeEvening Standard, EngadgetMarketWatch.com – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security, CBSNews.com, Fortune, Technology News | Boston.com, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra, PYMNTS.com, Heavy.com, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS
Justice.gov: Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers
DataBreachToday.com: Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users
UPI.com: Capital One data breach affects 100M credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted
MobileSyrup.com: Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap
CNN.com: Worried about the Capital One hack? Here’s what to do
PCMag.com: Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US
MarketWatch.com – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested
CBSNews.com: Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Boston.com: Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected
PYMNTS.com: Cap One Hack Hits 100M Credit Card Applications
Heavy.com: Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Gadgets360.com: Capital One Bank Targeted in Massive Data Breach
BleepingComputer.com: Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.


September 20, 2019
Jennifer Valentino-DeVries / New York Times

Jennifer Valentino-DeVries / New York Times  
FBI Has Used National Security Letters to Obtain Individuals’ Personal Data, Including IP Addresses, Locations, and Purchases, From Scores of Companies Including Credit Rating Agencies, Banks, Universities

The F.B.I. has used secret subpoenas called national security letters (NSLs) to obtain personal data from far more companies beyond the usual tech providers than previously disclosed, according to newly released documents obtained by the Electronic Frontier Foundation through a Freedom of Information Act request. These subpoenas, only a small fraction of those that have been issued by the FBI, encompass more than 120 companies and other entities including banks, credit agencies, cellphone carriers, and even universities. Usually protected by a gag order, the national security letters yield a wealth of data on individuals including usernames, locations, IP addresses and records of purchases. Equifax, Experian and TransUnion received a large number of the letters in the filing but so did financial institutions like Bank of America, Western Union and even the Federal Reserve Bank of New York. A number of smaller requests went out to Kansas State University and the University of Alabama at Birmingham, probably because of their role in providing internet service. Other companies included AT&T and Verizon, as well as tech giants like Google and Facebook, which have in the past publicly acknowledged receiving the NSLs.

September 4, 2019
Todd Haselton / CNBC

Todd Haselton / CNBC  
Another High-Profile Twitter Account Hacked, Twitter Temporarily Turns Off Ability to Tweet Via Text Message

Another high-profile Twitter account was hacked on the heels of company CEO Jack Dorsey’s account hijacked due to a SIM swap. Shortly thereafter the social media company to temporarily turn off the ability to tweet via text message and use text messaging to verify an account. The Twitter account of actress Chloe Moretz’s was tweeting expletives Wednesday before the tweets were deleted. The hackers tweeted they were the “Chuckling Squad,” which also claimed responsibility for Dorsey’s attack last week. Their tweets also included what alleged to be Dorsey’s Social Security number and links to Instagram, where the hacker claimed to have posted nude photos of other celebrities. In an exchange with New York Times journalist Kate Conger, Dorsey claimed that he no longer has a phone.

Related: 9to5Mac, The Verge, Mashable, CNN.com, CNET News, New York Daily News, Digital Trends, Gizmodo, Daily Mail, DataBreachToday.com, PCMag.com, Tech Insider, CNBC, AOL, SecurityWeek, ZDNet, Fast Company, Digital Trends, Engadget, gHacks, RT News, Glock Takes Stock, The Next Web, CBS San Francisco, Asia One Digital, RAPPLER, SecurityWeek, Wall Street Journal, 9to5Mac, The Hacker News, USA Today, Daily Mail

Tweets:@josephfcox @TwitterSupport @jack @kateconger

9to5Mac: Twitter disables ability to tweet via SMS after Jack Dorsey’s account was hacked
The Verge: Twitter disables tweeting via SMS after CEO gets hacked
Mashable: Twitter turns off tweeting via SMS following Jack Dorsey hack
CNN.com: Twitter temporarily suspends ability to tweet via text message after CEO hacked
CNET News: Twitter temporarily shuts down ability to tweet via SMS – CNET
New York Daily News: Hackers target actress Chloë Grace Moretz’s Twitter, send out fake Jack Dorsey SSN
Digital Trends: Hackers who hijacked Twitter CEO Jack Dorsey’s account claim another victim
Gizmodo: Chloë Grace Moretz’s Twitter Hacked, Apparently by Same Group That Took Over Jack Dorsey’s
Daily Mail : Chloe Moretz’ Twitter account is hacked and posts list of profanities and expletives
DataBreachToday.com: Hey Jack, How Was Your Account Hacked?
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
Tech Insider: Twitter CEO Jack Dorsey says he doesn’t currently have a phone number after his account was hacked to send out racist tweets
CNBC: How to make sure your Twitter doesn’t get hacked like Jack Dorsey’s
AOL: Twitter CEO Jack Dorsey says he doesn’t currently have a phone number after his account was hacked to send out racist tweets
SecurityWeek: Twitter CEO Hack Highlights Dangers of ‘SIM Swap’ Fraud
ZDNet: Twitter disables SMS-to-tweet feature after its CEO got hacked last week
Fast Company: Twitter just disabled its SMS tweet feature after CEO Jack Dorsey got hacked
Digital Trends: Twitter disables tweeting via SMS after CEO Jack Dorsey’s account was hacked
Engadget: Twitter temporarily disables tweeting via SMS after account hijacks
gHacks: Time to check Face Recognition settings on Facebook
RT News: Twitter blocks text-to-tweet function after 2nd major hack in a week
Glock Takes Stock: Twitter disables tweeting via SMS (temporarily at least), in wake of Jack Dorsey account hijack
The Next Web : Twitter suspends SMS feature after CEO Dorsey’s account was hi-Jack-ed
CBS San Francisco : Twitter Temporarily Suspends Ability To Tweet Via Text Message After CEO Hacked
NDTV.com : Twitter Turns Off Tweeting via SMS After CEO Hack
Asia One Digital: Twitter drops ability to tweet via text message after CEO account hack
RAPPLER: Twitter nixes tweets by text after CEO account hack
SecurityWeek: Twitter Temporarily Disables Tweeting via SMS After CEO Hack
Wall Street Journal: Twitter Disables Texting Feature Amid Hacks
9to5Mac : Twitter disables ability to tweet via SMS after Jack Dorsey’s account was hacked
The Hacker News: Twitter temporarily disables ‘Tweeting via SMS’ after CEO gets hacked
USA Today: Twitter temporarily disables ability to tweet by text following recent hacks
Daily Mail: Chloe Moretz’ Twitter account is hacked and posts list of profanities and expletives

@josephfcox: Twitter did not do this when a cybersecurity company (controversially) proved it was possible with high profile accounts recently; Twitter only acted after @jack 's account was targeted
@TwitterSupport: We’re temporarily turning off the ability to Tweet via SMS, or text message, to protect people’s accounts.
@jack: Had an issue with my carrier...
@kateconger: i heard! how long did it take to get your number back?