Tag Search: Piracy
An anonymous reader writes: Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach. The hotel and resorts giant said in a statement filed with U.S. regulators that the "unauthorized access" to its guest database was detected on or before September 10 -- but may have dated back as far as 2014. "Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014," said the statement. "Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it." Specific details of the breach remain unknown. We've contacted Starwood for more and will update when we hear back. The company said hat it obtained and decrypted the database on November 19 and "determined that the contents were from the Starwood guest reservation database." Some 327 million records contained a guest's name, postal address, phone number, date of birth, gender, email address, passport number, Starwood's rewards information (including points and balance), arrival and departure information, reservation date, and their communication preferences.
Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history. "The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren't disclosed until 2016," reports ABC News. From the report: Claims for a portion of the $50 million fund can be submitted by any eligible Yahoo accountholder who suffered losses resulting from the security breach. The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins. The fund will compensate Yahoo accountholders at a rate of $25 per hour for time spent dealing with issues triggered by the security breach, according to the preliminary settlement. Those with documented losses can ask for up to 15 hours of lost time, or $375. Those who can't document losses can file claims seeking up to five hours, or $125, for their time spent dealing with the breach. Yahoo accountholders who paid $20 to $50 annually for a premium email account will be eligible for a 25 percent refund. The free credit monitoring service from AllClear could end up being the most valuable part of the settlement for most accountholders. The lawyers representing the accountholders pegged the retail value of AllClear's credit-monitoring service at $14.95 per month, or about $359 for two years -- but it's unlikely Yahoo will pay that rate. The settlement didn't disclose how much Yahoo had agreed to pay AllClear for covering affected accountholders.
A peer-reviewed study [PDF] of almost one million Android apps has revealed how data from smartphones are harvested and shared, with nearly 90 percent of apps set up to transfer information back to Google. From a report: Researchers at Oxford university analysed approximately a third of the apps available in Google's Play Store in 2017 and found that the median app could transfer data to 10 third parties, with one in five apps able to share data with more than 20. This year has seen unprecedented scrutiny over how websites use the data they collect from their users, but little attention has so far been paid to the sprawling and fast-growing world of smartphone apps. Reuben Binns, the computer scientist who led the project, said that because most apps have now moved to a "freemium" model, where they make revenues from advertising rather than sales, data sharing has spiralled out of control. Users, regulators and sometimes even the app developers and advertisers are unaware of the extent to which data flow from smartphones to digital advertising groups, data brokers and intermediaries that buy, sell and blend information, he said. "This industry was growing already on the web... when smartphones came along, that was a new opportunity," he said. "It feels like this legitimate business model has gone completely out of control and created a kind of chaotic industry that is not understood by the people who are most affected by it."
An anonymous reader quotes a report from Gizmodo: Sensitive information belonging to roughly 75,000 individuals was exposed after a government healthcare sign-up system got hacked, the Centers for Medicare & Medicaid Services (CMS) said on Friday. The agency said that "anomalous system activity" was detected last week in the Direct Enrollment system, which Americans use to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act -- also known as Obamacare. A breach was declared on Wednesday. It's unclear why the agency, which is part of the U.S. Department of Health and Human Services, chose to not announce the incident sooner. Officials said the hacked portal is used by insurance agents and brokers to help Americans sign up for coverage and that no other systems were involved. The affected system has been disabled. CMS said it hoped to restore it before the end of next week. "I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted," CMS Administrator Seema Verma said in a statement. "We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection."