Daily Digest (12/14)

CISA: Cybercriminals Targeting K-12 Distance Learning; NYC Council to Ban Retailers From Using Facial Recognition; Apple and Google to Ban X-Mode From Collecting Location Data From User Phones; Tech Giants Face 6% Fines Under Drafted EU Rules; Fla. Healthcare Provider Notifies More Than 1M Patients of Data Breach.

CISA: Cybercriminals Targeting K-12 Distance Learning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that cybercriminals were  targeting kindergarten through 12th grade (K-12) educational distance-learning programs, Mashable reports. 

“The FBI, CISA and MS-ISAC assess (that) malicious cyberactors are targeting kindergarten through 12th grade (K-12) educational institutions, leading to ransomware attacks, the theft of data and the disruption of distance-learning services,” the federal agencies said in a statement. 

“In these attacks, malicious cyberactors target school computer systems, slowing access and — in some instances — rendering the systems inaccessible for basic functions, including distance learning.” 

Hackers have been doing more than encrypting target files, CISA said: They also have leaked confidential student information. 

“Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen — and threatened to leak — confidential student data to the public unless institutions pay a ransom,” the agency cautioned.

The CISA statement also noted that Distributed Denial of Service (DDoS) attacks against schools were a continued threat, rendering remote-learning software temporarily unusable in the process, Mashable reports.

Sources (all links external): 

NYC Council to Ban Retailers From Using Facial Recognition 

The New York City Council on Thursday banned retailers and other businesses from using facial recognition or other biometric tracking without public notice. 

If signed by Mayor Bill de Blasio, the bill would prohibit companies from accessing biometric data for third parties, VentureBeat reports. 

But the bill, sponsored by Bronx Democratic Councilmember Ritchie Torres, would not ban the use of facial-recognition technologies by businesses outright. 

It would, instead, impose restrictions on how brick-and-mortar companies like retailers could deploy technology. 

Businesses that fail to post a warning about collecting biometric data would have to pay $500. And businesses found selling data would face fines of $5,000.

“Given the current lack of regulation and oversight of biometric identifier information, we must do all we can as a city to protect New Yorkers’ privacy and information,” said Democratic Bronx Councilmember Andrew Cohen, who chairs the city’s Committee on Consumer Affairs. 

Apple and Google to Ban X-Mode From Collecting Location Data From User Phones

Apple and Google will ban the data broker X-Mode Social from collecting location information drawn from mobile devices running their operating systems. 

The platforms told developers last week that they must remove X-Mode’s tracking software from any app in their app stores or risk losing access to all phones running Apple’s or Google’s mobile operating systems, The Wall Street Journal reports. 

Apple and Google disclosed their decision to ban X-Mode to investigators working for Sen. Ron Wyden, D-Ore., who has been investigating the sale of location data to government entities.

A Google spokesman said in a statement that developers had seven days to remove X-Mode or be banned from Google’s Play Store, adding that some developers could ask for an extension of up to 30 days. 

An Apple representative confirmed that the company had given developers notice that they had two weeks to remove X-Mode’s trackers, the Journal reports. 

Tech Giants Face 6% Fines Under Drafted EU Rules

Big Tech firms like Facebook and Google could be fined up to 6% of their turnover if they failed to address illegal content and reveal more about advertising on their platforms, according to draft regulations proposed by the European Union.

EU Digital Chief Thierry Breton is to present the draft rules, known as the Digital Services Act (DSA), on Tuesday, Reuters reports. 

Tech giants would have to do more to combat illegal content, such as hate speech and child sexual abuse, and address misuse and manipulation of their platforms. 

The companies would also be required to publish details of their online advertisers and show the settings used by their algorithms to suggest and rank information to users. 

Facebook declined to comment, Reuters reports. Google said it had nothing to add at this stage.

Reuters: Big tech firms to face 6% fines if breach new EU content rules 

Fla. Healthcare Provider Notifies More Than 1M Patients Impacted by Data Breach

The Dental Care Alliance in Florida has notified more than one million patients that their data might have been exposed in a cyberattack.

DCA, headquartered in Sarasota, discovered Oct. 11 that it had been the victim of a hack that began on Sept.18, Infosecurity reports. The company said it had contained the attack by Oct. 13.

The data accessed in the cyberattack included names, addresses, billing information, bank account numbers, dentist names and health insurance information. 

Dave Quigley, DCA general counsel, told DataBreaches.net that the hack had been reported to all relevant regulatory bodies and that DCA had notified all 1,004,304 people affected by the incident via letter in November. 

The provider did not provide services such as credit monitoring to those impacted by the breach. 

“We have seen no specific evidence that personal information was used for malicious purposes,” Quigley said.

“We will continue to do all that is necessary and appropriate to support and inform impacted individuals in the days ahead.”

— By DPN Staff