Delta Airlines Terms of Service “Concern”
Users that tag pictures with Delta Skymiles hashtags (#Skymileslife and #Deltamedalionlife) agree to some interesting terms and conditions according to a recently modified Delta Skymiles program terms. First, they give Delta a perpetual license to use the tagged content (photos) and (b) they warrant they are the sole owner of the content and have the authority to post the content. Note that you are not posting this on Delta’s web site. The next term is the one that is mind blowing. (C) you agree, under your Skymiles program agreement that if you post something, say on Twitter, with those hashtags, that you will indemnify Delta and pay any legal fees, among other terms. Pretty amazing. (Source: BoardingArea.com).
Ransomware May Kill You – Literally
Researchers at Vanderbilt studied the mortality rate in hospitals and correlated that data to hacking attacks. They found that the mortality rate increased by about one-third to one-half percent after an attack. They also say that the size of the breach doesn’t seem to affect the mortality rate. (Source: Dark Reading).
Alabama is the last state in the union to enact a data breach notification law
Almost 15 years after California’s landmark privacy law, SB 1386, became effective, Alabama passed a data breach notification law and the governor signed it. Like many other states, it refers to “implement and maintain reasonable security” and “conduct a good faith and prompt investigation” in case of a breach. What is a bit less customary is that they give some detailed specifics as to what is reasonable. Yeah for Alabama. (Source: Ballard Spahr)
Homeland Security Says Rogue Stingrays Operating in DC
Stingrays, one brand name for cell phone call interceptors were found by Homeland Security to be operating in DC last year according to a memo between DHS and Sen. Ron Wyden (D-OR). DHS said that they did not have the equipment or funding to monitor for rogue devices. It makes sense that foreign intelligence services would be very interested in intercepting cell phone calls made by government officials in DC and likely many other cities where there are large defense and intelligence communities. Wyden said that leaving cell phone security to the phone companies has been disastrous, which is certainly true, but he didn’t mention efforts by the NSA to weaken crypto over the last 20 years or efforts by the FBI to intentionally build in back doors to all encrypted communications, so, maybe, what goes around, comes around (Source: Associated Press).
Why Vendor Cyber Risk Assessments Are So Important
Bangalore based Business Process Outsourcer 7.ai admitted that they suffered a breach between September 26th and October 12th 2017. Being an outsource vendor, their breach likely affected many customers. Among those that have fessed up, so far, are Delta Airlines, Sears and yesterday, Best Buy.
7.ai said that they thought that only a million of their customers credit cards were affected by the breach
You can outsource the work, but you can’t outsource the liability. Even though Sears, Delta and Best Buy are trying to throw 7.ai under the cyber liability bus, who their customers will blame is them (Source: Economic Times of India).