company:equifax

  • Former Equifax CIO sentenced for insider trading (https://www.justi...
    https://diasp.eu/p/9288192

    Former Equifax CIO sentenced for insider trading

    HN Discussion: https://news.ycombinator.com/item?id=20314151 Posted by arkadiyt (karma: 1727) Post stats: Points: 116 - Comments: 75 - 2019-06-29T18:59:25Z

    #HackerNews #cio #equifax #for #former #insider #sentenced #trading HackerNewsBot debug: Calculated post rank: 102 - Loop: 216 - Rank min: 100 - Author rank: 86

  • What you don’t know about your health data will make you sick
    https://www.fastcompany.com/90317471/what-you-dont-know-about-your-health-data-privacy-will-make-you-sick

    Chances are, at least one of you is being monitored by a third party like data analytics giant Optum, which is owned by UnitedHealth Group, Inc. Since 1993, it’s captured medical data—lab results, diagnoses, prescriptions, and more—from 150 million Americans. That’s almost half of the U.S. population.

    “They’re the ones that are tapping the data. They’re in there. I can’t remove them from my own health insurance contracts. So I’m stuck. It’s just part of the system,” says Joel Winston, an attorney who specializes in privacy and data protection law.

    Healthcare providers can legally sell their data to a now-dizzyingly vast spread of companies, who can use it to make decisions, from designing new drugs to pricing your insurance rates to developing highly targeted advertising.

    Yet not all health-related information is protected by privacy rules. Companies can now derive insights about your health from growing piles of so-called “alternative” data that fall outside of HIPAA. This data—what some researchers refer to as your “shadow health record”—can include credit scores, court documents, smartphone locations, sub-prime auto loans, search histories, app activity, and social media posts.

    Your health data can be deployed in alarming ways, privacy experts say. Insurance companies can raise your rate based on a photo on your Instagram feed. Digital advertisers can fold shadow health data into ads that target or discriminate against you. It can even seem invasive and predatory. One trend among personal injury lawyers, for example, is geo-targeted ads to patients’ phones in emergency rooms.

    Uniquely valuable health data is also increasingly the target of hackers, ransomware attacks, breaches, or what some patients call just plain shadiness, which has led to litigation and can ultimately further undermine trust in the healthcare system. A 2017 breach at a New York hospital leaked sensitive information about more than 7,000 patients, including addiction histories, medical diagnoses, and reports of sexual assault and domestic violence. Criminals can use that kind of data to commit identity and insurance fraud.

    “There’s a great deal of trust that’s placed in our interactions with doctors and healthcare institutions,” says Mary Madden, research lead at Data & Society, who studies consumer and health privacy. “The current process of seeking consent for data collection and use in many health settings is often treated as an administrative afterthought, rather than a meaningful exchange that makes patients feel empowered and informed.”

    Your health-related data are compiled into a specialty report akin to the consumer credit reports made famous—or infamous—by Experian, Equifax, and TransUnion. Insurers claim these reports are crucial to evaluating and pricing risk, and they can use this data to raise your rate, or to deny your application entirely. If your application is rejected—it’s called an “adverse event”—you are legally entitled to receive a copy of your specialty report and to potentially dispute an error.

    “Many people don’t understand that the data from a Fitbit or other health wearable or health device can actually be sold and is, in fact, today being sold. It is being sold for behavioral analytics, for advertising targeting. People don’t understand that is happening,” she told the committee. (After this story was published, a Fitbit spokesperson sent Fast Company a statement saying that the company does not “sell customer personal data, and we do not share customer personal information except in the limited circumstances described in our privacy policy.”)

    The demand for all this data is rising, as it has for years. The health data market was approximately $14.25 billion in 2017, according to BIS Research. The firm predicts that in just under seven years—by the end of 2025—the market will grow nearly five times bigger, to $68.75 billion.

    #Données_médicales #Etats_unis #Assurances

  • Embracing #web 3.0: The New Internet Era Will Begin Soon
    https://hackernoon.com/embracing-web-3-0-the-new-internet-era-will-begin-soon-630ff6c2e7b6?sour

    2018: Facebook’s data breach exposes the accounts of 50,000,000 individuals [source]2017: Equifax, one of the three largest credit agencies in the U.S., suffered a breach that may affect 143 million consumers [source]2016: AdultFriendFinder network hack exposes 412 million accounts [source]2015: Insurance giant Anthem hit by massive data breach compromised the data of 112,000,000 individuals. [source]2014: eBay faces massive data breach of 145,000,000 individuals. [Source]2013: Yahoo!’s data breach compromised the data of 3 billion individuals [Source]These incidents leave us with the questions like:In spite of high-end security, aren’t giant servers capable enough to protect data?Isn’t data security should be a key factor for all the upcoming large and small enterprise?What web has (...)

    #web3 #ai #web-development #technology

  • #blockchain, Crypto, and Genomics — How They Can Work Together To Protect Your Data
    https://hackernoon.com/blockchain-crypto-and-genomics-how-they-can-work-together-to-protect-you

    Blockchain, Crypto, and Genomics — How They Can Work Together To Protect Your DataThroughout the last couple of years, data protection has emerged as a leading issue among companies and governing bodies. This is especially true in the United States where several incidents have been identified as a major cause for concern. A few examples include the following:In September 2017, Equifax suffered a massive breach that exposed sensitive data about millions of Americans. Some of the exposed data included passport numbers, driver’s license numbers, and social security numbers.In September 2018, an attack on Facebook’s computer network exposed personal information of nearly 50 million users.In November 2018, Marriott announced that its Starwood guest reservation database had been breached. Private (...)

    #cryptocurrency #genetics #data-protection #dna

  • https://www.nytimes.com/2019/01/04/us/politics/marriott-hack-passports.html

    Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted

    On Friday the firm said that teams of forensic and data analysts had identified “approximately 383 million records as the upper limit” for the total number of guest reservations records lost [...]. The revised figure is still the largest loss in history, greater than the attack on Equifax, the consumer credit-reporting agency, which lost the driver’s license and Social Security numbers of roughly 145.5 million Americans in 2017, leading to the ouster of its chief executive and a huge loss of confidence in the firm.

    Taken together, the attack appeared to be part of a broader effort by China’s Ministry of State Security to compile a huge database of Americans and others with sensitive government or industry positions — including where they worked, the names of their colleagues, foreign contacts and friends, and where they travel.

    Marriott said for the first time that 5.25 million passport numbers were kept in the Starwood system in plain, unencrypted data files.

    The company also said that about 8.6 million credit and debit cards were “involved” in the incident, but those are all encrypted — and all but 354,000 cards had expired by September 2018, when the hacking, which went on for years, was discovered.

    #bdd #database #espionnage #surveillance #fichiers #fichage #irresponsable #informatique #intelligence #stupidité

  • RGPD : 45 000 Européens ont rejoint un recours collectif contre les géants du web
    https://www.numerama.com/politique/442653-rgpd-45-000-europeens-ont-rejoint-un-recours-collectif-contre-les-g

    Le bilan des six mois du RGPD a été fait par la CNIL. L’autorité de protection des données est notamment revenue sur les trois recours collectifs visant les géants du net. Le Règlement général sur la protection des données (RGPD), un texte européen entré en application le 25 mai 2018, a donné de nouveaux moyens d’action aux particuliers pour faire valoir leurs droits. De toute évidence, nombre d’entre eux ne se privent pas pour exiger des entreprises qu’elles se montrent plus vertueuses dans la collecte (...)

    #Acxiom #Apple #Criteo #Equifax #Experian #Google #Oracle #Quantcast #Microsoft #Amazon #Facebook #LinkedIn #données #[fr]Règlement_Général_sur_la_Protection_des_Données_(RGPD)[en]General_Data_Protection_Regulation_(GDPR)[nl]General_Data_Protection_Regulation_(GDPR) (...)

    ##[fr]Règlement_Général_sur_la_Protection_des_Données__RGPD_[en]General_Data_Protection_Regulation__GDPR_[nl]General_Data_Protection_Regulation__GDPR_ ##procès ##publicité ##CNIL ##LaQuadratureduNet ##PrivacyInternational ##Tapad ##NOYB
    //c0.lestechnophiles.com/www.numerama.com/content/uploads/2018/06/rgpd.jpg

  • Le contrôle des données numériques personnelles est un enjeu de liberté collective
    https://www.lemonde.fr/pixels/article/2018/10/19/le-controle-des-donnees-numeriques-personnelles-est-un-enjeu-de-liberte-coll

    Les révélations des failles de sécurité touchant des services en ligne s’accumulent. Et la collecte de nos données fait peser un risque collectif d’envergure

    C’est une litanie. Facebook a admis, vendredi 12 octobre, que des données personnelles de 29 millions d’internautes avaient été subtilisées par des pirates informatiques. Quatre jours auparavant, son concurrent Google confiait qu’une faille avait exposé un demi-million d’utilisateurs de Google+.

    Il ne s’agit-là que des exemples les plus récents. Mais chaque jour, chaque mois, chaque année charrie son lot ininterrompu de piratages et de fuites de données. De l’entreprise de crédit américaine Equifax au grand groupe Yahoo !, en passant par Target, British Airways, Uber, Adidas, Exactis ou Ashley Madison.

    Personne ne bouge, ou à de rares exceptions
    L’affaire est simple : si vous avez utilisé Internet ces dix dernières années, une partie de votre intimité est accessible en ligne. En premier lieu, pour les entreprises et les applications dont vous utilisez les services. Au-delà des failles et des hacks (« piratage »), les données personnelles sont devenues le carburant de la société du XXIe siècle. Toutes nos actions numériques sont captées, mesurées, identifiées, analysées, sauvegardé, alors que les services en ligne ne cessent de se multiplier, depuis l’apparition des ordinateurs jusqu’aux smartphones en passant désormais par vos télévisions, fours micro-ondes et voitures connectés.

    Mais les données des utilisateurs sont aussi, parfois, accessibles à des malfaiteurs ou à des services tiers. Ils arrivent à contourner la sécurité des entreprises et des applications en question, ou à en explorer les limites, pour en tirer toujours plus d’informations.

    Malgré les scandales à répétition et les intrusions toujours plus systématiques dans la vie des citoyens, face à ce constat personne ne bronche, ou à de rares exceptions, sauf des militants des libertés numériques ou quelques individus gênés par ce système intrusif. En mars, l’affaire Cambridge Analytica – qui a participé à la campagne électorale de Donald Trump – dévoilait que l’entreprise avait eu accès aux informations privées de 87 millions d’utilisateurs. A part une violente tempête politique, l’affaire n’a pas eu le moindre impact pour Facebook. Six mois ont passé et les utilisateurs y sont toujours d’une fidélité à toute épreuve. Ils sont toujours, chaque jour, 1,47 milliard à se connecter au réseau social.

    Il serait commode de penser que l’humain du XXIe siècle a renoncé à sa vie privée. Mais il ne s’agit pourtant pas d’indifférence. Les sondages montrent avec insistance et sans ambiguïté que les internautes la chérissent encore à l’heure des réseaux sociaux et des smartphones. Comment, alors, expliquer cette apathie ? Très souvent, parler de la vie privée évoque l’image du héros du film La Vie des autres (2007), de Florian Henckel von Donnersmarck. On imagine cet agent de la police politique est-allemande, un casque vissé sur la tête, écouter avec soin les moindres soubresauts de la vie de ses voisins du dessous.

    Or, pour l’immense majorité d’entre nous, il n’y a pas d’agent des services secrets derrière l’écran de notre smartphone. Personne, que ce soit chez Google, Facebook ou toute autre entreprise du numérique, ne va éplucher avec délectation le détail de nos déplacements, l’historique de nos recherches ou nos dernières photos de vacances. Même les pirates de Google ou de Facebook n’avaient sans doute que faire de l’intimité individuelle de leurs cibles.

    L’invraisemblable machine à cibler
    Pendant des décennies, à raison, défendre la vie privée revenait à protéger l’individu. Aujourd’hui encore, on s’obstine à rechercher et mesurer les conséquences individuelles de cette collecte effrénée de données personnelles et de ces piratages à répétition. Mais le paradigme a changé : la question des données personnelle n’est pas un problème d’intimité. C’est un enjeu de liberté collective.

    Prenez l’affaire Cambridge Analytica : le problème n’est pas que Donald Trump et son équipe de campagne ont consulté méthodiquement la liste d’amis de 87 millions d’utilisateurs de Facebook (dont plus de 200 000 Français). Mais qu’ils aient pu utiliser ces informations, agrégées à des millions d’autres, pour mener une campagne politique extrêmement personnalisée, quasi individualisée, en utilisant à plein l’invraisemblable machine à cibler des messages proposée par Facebook. L’impact de cette fuite de données personnelles n’est plus individuel, il est collectif. Il ne s’agit pas de l’intimité de son existence vis-à-vis d’une organisation politique, mais de la liberté collégiale de choisir en conscience son dirigeant politique ou ses conditions de vie commune.

    Les algorithmes enserrent nos vies : ils nous disent quoi acheter, où partir en vacances, qui rencontrer, quel article de presse lire, comment nous déplacer, décident ce que nous pouvons écrire. Cette trame nouée autour de nos vies est tissée de nos données personnelles. Pas seulement des nôtres, individu connecté, mais de toutes les autres : les algorithmes ne fonctionnent qu’assis sur des masses de données. C’est la somme, l’agrégat et la combinaison des données à l’échelle de milliers, voire de millions d’êtres humains, qui font leur puissance.

    Les facteurs qui poussent une entreprise à orienter nos choix, en analysant nos données et celles des autres, seront perpétuellement obscurs. Au bout du compte et si rien ne change, alors que ces entreprises s’immisceront de plus en plus dans nos activités quotidiennes, passant peu à peu de la « suggestion » à l’« injonction », nous serons sans doute pris au piège des données personnelles. On décidera à notre place, d’une manière qu’on nous présentera comme optimale puisque conçue sur l’analyse de données de millions de personnes dont la vie nous est similaire, et en nous confisquant une part de notre libre arbitre. Il ne s’agit pas d’intimité vis-à-vis d’une quelconque entreprise de la Silicon Valley, mais de liberté individuelle.

    Une urgence comparable à celle du climat
    La seule solution est de limiter la dissémination aux quatre vents de nos données personnelles. Mais comment le faire sans se retirer des connexions, sociales et professionnelles, d’une société désormais numérisée ? Comment renoncer à tous ces avantages ? La solution se trouve quelque part entre le collectif (des règles politiques pour limiter la collecte et l’exploitation des données) et l’individuel (le recours à une technologie plus frugale et plus décentralisée).

    Ces questions ne vous rappellent rien ? La question de la vie privée se rapproche d’un autre problème aux sources individuelles et aux conséquences collectives : la pollution. Une photo postée sur Facebook ou un achat sur Amazon n’ébranle pas la démocratie ; pas plus qu’un unique trajet en voiture ne met, à lui seul, la planète en péril. C’est lorsqu’on les agrège et qu’on les combine que les dégâts deviennent apparents et évidents.

    Bien sûr, l’urgence climatique dépasse de loin les enjeux des données personnelles. Mais la comparaison montre l’ampleur du changement de modèle qui sera nécessaire pour défaire le piège que la collecte de données personnelles fait peser sur la démocratie.

    Martin Untersinger

    #Internet #économie_numérique #données_personnelles #vie_privée

  • Le contrôle des données numériques personnelles est un enjeu de liberté collective
    https://www.lemonde.fr/pixels/article/2018/10/19/le-controle-des-donnees-numeriques-personnelles-est-un-enjeu-de-liberte-coll

    Les révélations des failles de sécurité touchant des services en ligne s’accumulent. Et la collecte de nos données fait peser un risque collectif d’envergure. C’est une litanie. Facebook a admis, vendredi 12 octobre, que des données personnelles de 29 millions d’internautes avaient été subtilisées par des pirates informatiques. Quatre jours auparavant, son concurrent Google confiait qu’une faille avait exposé un demi-million d’utilisateurs de Google+. Il ne s’agit-là que des exemples les plus récents. (...)

    #Adidas #Altaba/Yahoo ! #BritishAirways #CambridgeAnalytica #Equifax #Target #AshleyMadison.com #Uber #algorithme #manipulation #bénéfices #BigData #hacking (...)

    ##Altaba/Yahoo_ ! ##profiling

  • Is #blockchain Social Network The Answer to Securing User Data Online?
    https://hackernoon.com/is-blockchain-social-network-the-answer-to-securing-user-data-online-3e5

    Data breaches, especially those associated with social media, have attracted their fair share of headlines in recent years. Yet, if there has been one winner to arise from the wreckage, it’s the reputation of blockchain as a method to secure user data.To date, blockchain technology has gained a lot of attention due to its ability to establish secure transactions using smart contracts. One of the latest incidents of information theft has wiped $40 billion off the value of Facebook in light of a scandal which exposed the personal data of tens of millions of users. Mark Zuckerberg’s social behemoth joins the likes of Yahoo, eBay and Equifax in facing a severe data breach over the last five years. But can blockchain social network become the panacea for safeguarding those in the firing line: (...)

    #blockchainsocial #social-network #blockchain-network #blockchain-social-network

  • Cell Phone-Account Fraud - Consumer Reports
    https://www.consumerreports.org/scams-fraud/cell-phone-account-fraud

    How the Fraud Works

    You may not like it, but your personal information is widely available to criminals online. They can glean it from a number of different sources, including what you share on social media. They can also buy it from hackers who’ve stolen your data from companies such as Equifax.

    Often these breaches involve the theft of key personal information: your Social Security number, driver’s license number, phone number, address, and other personal details. This information is used to open all kinds of fake accounts in your name, including a cell-phone account.

    But unlike a bank or credit card account, cell-phone accounts are relatively easy to open. Some experts we spoke with believe that carriers don’t always do thorough background checks. So even if you open an account with a major carrier, it’s possible for a crook to open up another account in your name.

    Consumers usually don’t realize this is happening for months, or until they are contacted by the authorities or a debt collector seeking payment.

  • An Equifax and Facebook Lawyer Will Now Run the FTC’s Bureau of Consumer Protection
    https://theintercept.com/2018/05/17/ftc-bureau-of-consumer-protection-director-andrew-smith

    In a rare party-line vote, the Federal Trade Commission appointed a corporate lawyer who has represented Uber, Equifax, Facebook, and a jailed payday lender to run its Bureau of Consumer Protection. The appointment was one of the first moves of the new five-member panel, all of whom were confirmed by the Senate last month. “I am delighted to appoint such a stellar group of leaders to continue the FTC’s work on behalf of American consumers,” said FTC Chair Joseph Simons in a statement. The (...)

    #Equifax #Google #Facebook #Uber #domination #lobbying #FTC

  • Uber Paid Hackers to Delete Stolen Data on 57 Million People - Bloomberg
    https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data

    Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

    Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

    “None of this should have happened, and I will not make excuses for it.”
    At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

    Dara KhosrowshahiPhotographer: Matthew Lloyd/Bloomberg
    “None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”

    After Uber’s disclosure Tuesday, New York Attorney General Eric Schneiderman launched an investigation into the hack, his spokeswoman Amy Spitalnick said. The company was also sued for negligence over the breach by a customer seeking class-action status.

    Hackers have successfully infiltrated numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc. and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The breach is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

    Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

    Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

    Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

    A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

    “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

    Uber has earned a reputation for flouting regulations in areas where it has operated since its founding in 2009. The U.S. has opened at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property, people familiar with the matters have said. The San Francisco-based company also faces dozens of civil suits.

    U.K. regulators including the National Crime Agency are also looking into the scale of the breach. London and other governments have previously taken steps toward banning the service, citing what they say is reckless behavior by Uber.

    In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.

    The new CEO said his goal is to change Uber’s ways. Uber said it informed New York’s attorney general and the FTC about the October 2016 hack for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The men didn’t immediately respond to requests for comment.

    Khosrowshahi said in his emailed statement: “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

    The company said its investigation found that Salle Yoo, the outgoing chief legal officer who has been scrutinized for her responses to other matters, hadn’t been told about the incident. Her replacement, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.

    Kalanick was ousted as CEO in June under pressure from investors, who said he put the company at legal risk. He remains on the board and recently filled two seats he controlled.

    Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser. He will help the company restructure its security teams. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc., to investigate the hack.

    The company plans to release a statement to customers saying it has seen “no evidence of fraud or misuse tied to the incident.” Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection.

    #Uber #USA

  • Uber révèle que les données de 57 millions d’utilisateurs ont été piratées
    http://www.lemonde.fr/entreprises/article/2017/11/21/uber-revele-que-les-donnees-de-57-millions-d-utilisateurs-ont-ete-piratees_5

    Les hackers étaient des sous-traitants de l’entreprise... Cela devient une question sensible de la confiance interne des entreprises... dont le modèle de notation permanente est constitutif de la confiance externe qu’elles veulent mettre en place.

    L’incident a été dissimulé, et Uber a payé 100 000 dollars les hackeurs afin qu’ils ne divulguent pas l’information. La découverte de cette attaque a conduit au départ de deux employés qui avaient à l’époque été chargés de s’occuper de l’affaire.

    Tourbillon de controverses

    Ce piratage est le dernier d’une longue série aux Etats-Unis. Début septembre, c’est l’entreprise Equifax, qui récolte et analyse les données personnelles de clients qui sollicitent un crédit, qui avait révélé une intrusion de mi-mai à fin juillet dans ses bases de données. Les informations personnelles (noms, numéros de sécurité sociale, dates de naissance…) de plus de 145 millions de clients américains et d’autres au Canada et en Grande-Bretagne avaient alors été dérobés.

    #Cybersécurité #Vie_privée

  • Bruce Schneier’s testimony before the House Energy and Commerce committee on the Equifax hack
    https://www.schneier.com/blog/archives/2017/11/me_on_the_equif.html

    4. These data brokers deliberately hide their actions, and make it difficult for consumers to learn about or control their data. (...)
    5. The existing regulatory structure is inadequate. (...)
    6. The market cannot fix this because we are not the customers of data brokers. (...)
    7. We need effective regulation of data brokers. (...)
    8. Resist complaints from the industry that this is “too hard.”

    #dataBrokers #equifax #regulation

  • Comment les entreprises surveillent notre quotidien – Framablog
    https://framablog.org/2017/10/25/comment-les-entreprises-surveillent-notre-quotidien

    Une enquête long, minutieuse, terrible.

    Bien sûr, vous connaissez les #GAFAM omniprésents aux avant-postes pour nous engluer au point que s’en déprendre complètement est difficile… Mais connaissez-vous Acxiom et LiveRamp, Equifax, Oracle, Experian et TransUnion ? Non ? Pourtant il y a des chances qu’ils nous connaissent bien…

    Il existe une industrie très rentable et très performante des données « client ».

    Dans ce long article documenté et qui déploie une vaste gamme d’exemples dans tous les domaines, vous ferez connaissance avec les coulisses de cette industrie intrusive pour laquelle il semble presque impossible de « passer inaperçu », où notre personnalité devient un profil anonyme mais tellement riche de renseignements que nos nom et prénom n’ont aucun intérêt particulier.

    #GAFA #Surveillance #Marketing

  • Monopoly Men | Boston Review
    http://bostonreview.net/science-nature/k-sabeel-rahman-monopoly-men

    Amazon. Google. Facebook. Twitter. These are the most powerful and influential tech platforms of the modern economy, and the headlines over the last few weeks underscore the degree to which these firms have accumulated an outsized influence on our economic, political, and social life. To many, including acting FTC Chair Maureen Ohlhausen, the status quo is great: the benefits to consumers—from cheap prices to easy access to information to rapid delivery of goods and services—outweigh greater regulation, lest policymakers undermine Silicon Valley innovation.

    But the recent controversies suggest a very different perspective—that private power is increasingly concentrated among a handful of tech platforms, representing a major challenge to the survival of our democracy and the potential for a more dynamic and inclusive economic order. A growing clamor from both the left and right has created a sense of “blood in the water,” and suggests that Silicon Valley’s long honeymoon may finally be over.

    The danger of the “platform power” accumulated by Amazon, Google, Facebook, and Twitter arises from their ability to control the foundational infrastructure of our economic, informational, and political life. Even if they didn’t spend a dime on lobbying or influencing elected officials, this power would still pose a grave threat to democracy and economic opportunity. The fact that these companies provide enormously popular and useful goods and services is indisputable—but also beside the point. The central issue here is not simply the value for the consumer. Instead it is vast, unaccountable private power over the foundations of contemporary society and politics. In a word, the central issue is democracy.

    It was this deeper problem of power—not merely the impacts on prices or the consumer experience—that motivated reformers such as Brandeis to develop whole new institutions and legal regimes: antitrust laws to break up monopolies, public utility regulation to assure fair prices and nondiscrimination on “common carriers” such as railroads, the creation of the FTC itself, and much of President Franklin Roosevelt’s early New Deal push to establish governmental regulatory agencies charged with overseeing finance, market competition, and labor.

    But the late twentieth century saw a widespread shift away from the New Deal ethos. Starting in the 1970s, intellectual critiques of economic regulation highlighted the likelihood of corruption, capture, and inefficiency, while scholars in economics espoused the virtues of self-regulation, growth-optimization, and efficient markets. In these intellectual constructs big business and the conservative right found support for their attacks on the New Deal edifice, and in the 1980s and 1990s, we saw the bipartisan adoption of a deregulatory ethic—including in market competition policy.

    These cultural currents—the skepticism of government as corrupt at worst and inefficient at best, the belief in private enterprise and the virtues of “free markets,” and a commitment to delivering for consumers above the broader social and political repercussions—suffuses our current political economic discourse. The Brandeis-ian critique of private power has been wholly absent in recent decades and nowhere is this absence more pronounced than in the worldview of Silicon Valley.

    In our current moment, it is as if technological innovation has been divorced from the corporations that profit from it. Through these rose-colored glasses, technology is seen as a good in itself, promising efficiency, delivering new wonders to consumers, running laps around otherwise stale and plodding government institutions. Amazon, Google, Facebook, and Twitter have been able to resist corporate criticism (until recently, that is) by emphasizing their cultural and ideational commitment to the consumer and to innovation. They have casted themselves as the vanguards of social progress, the future’s cavalry who should not be constrained by government regulation because they offer a better mode of social order than the government itself.

    But as the anxieties of the last few months indicate, this image does not capture reality. Indeed, these technology platforms are not just “innovators,” nor are they ordinary corporations anymore. They are better seen and understood as privately controlled infrastructure, the underlying backbone for much of our economic, social, and political life. Such control and influence brings with it the ability to skew, rig, or otherwise manage these systems—all outside the kinds of checks and balances we would expect to accompany such power.

    This kind of infrastructural power also explains the myriad concerns about how platforms might taint, skew, or undermine our political system itself—concerns that extend well beyond the ability of these firms to lobby inside the Beltway. Even before the 2016 election, a number of studies and scholars raised the concern that Facebook and Google could swing elections if they wanted to by manipulating their search and feed algorithms. Through subtle and unnoticeable tweaks, these companies could place search results for some political candidates or viewpoints above others, impacting the flow of information enough to influence voters.

    Given our reality, it would be helpful to think of Amazon, Google, Facebook, and Twitter as the new “utilities” of the modern era. Today the idea of “public utility” conjures images of rate regulation and electric utility bureaucracies. But for Progressive Era reformers, public utility was a broad concept that, at its heart, was about creating regulations to ensure adequate checks and balances on private actors who had come to control the basic necessities of life, from telecommunications to transit to water. This historical tradition helps us identify what kinds of private power are especially troubling. The problem, ultimately, is not just raw “bigness,” or market capitalization. Rather, the central concern is about private control over infrastructure.

    At a minimum Equifax’s data breach suggests a need for regulatory oversight imposing public obligations of data security, safety, and consumer protection on these firms. Some commentators have suggested an antitrust-style breaking up of credit reporting agencies while others have called for replacing the oligopoly altogether with public databases.

    #Plateformes #Monopoles #Vectorialisme

  • On #Equifax

    Professor Bill Black … , … the white-collar criminologist ...

    „… This is like a bad novel that someone wrote who hated corporations…“

    https://youtu.be/xfQWvf2k2lw

    #data_breach #identity_theft #insider_trading #fraud

    The video script, you may find here:http://therealnews.com/t2/index.php?option=com_content&task=view&id=31&Itemid=74&jumival=19960

    [...]

    BILL BLACK: First, this is the third major breach in about two years, so they had plenty of warning that their #security, #cybersecurity, was incompetent, and they obviously didn’t fix it. Second, they now say that the breach began in May and that they didn’t detect it ’til July, while they were, as you said, stealing at least 142 million people’s worth of data, probably multiple times. Along the way, by the way, they said proudly, “Ah, but there was no breach of our core system.” Before you ever get to the core, 142 million customers are thrown under the bus. God only knows what the core is. Presumably their own personal data is what they consider the core.

    Once they did discover, finally, the breach, the very first thing that happened, you mentioned part of it, which is three senior executives sold roughly $2 million-ish in shares, including the chief financial officer, who they’re now claiming wasn’t told of the breach. Now, this would be the number-two person, typically, or number-three person in the entire corporation. If they didn’t tell the senior ranks about the breach, when they discovered one of the largest and most destructive breaches in history, you know, well, you can choose to believe that. No one else does.

    On top of that, there was also an immediate ... in the same time period that these senior executives were selling their stock, there was a massive increase in sales of stock options compared to the normal for Equifax, and that almost certainly was again because people had been tipped about what had happened in the breach.

    [...]

    – posté ici: https://diasp.eu/posts/6026718, via
    http://02mydafsoup-01.soup.io/post/631914392/On-Equifax-Professor-Black-the-white-collar

    #white_collar_criminality

  • Crédits : les données personnelles de 143 millions d’Américains piratées
    http://www.latribune.fr/economie/international/credits-les-donnees-personnelles-de-143-millions-d-americains-piratees-749

    Une grosse société de crédit américaine a annoncé jeudi avoir subi un gigantesque piratage informatique de sa base de données, qui pourrait concerner potentiellement environ 143 millions de clients américains, soit près de la moitié de la population du pays. #Equifax a détecté le problème le 29 juillet et a « immédiatement agi » en demandant une enquête à une société de sécurité informatique pour évaluer les dommages, a indiqué l’entreprise dans un communiqué.

    Ironie du sort, Equifax est spécialisée dans la protection et l’analyse de données personnelles et financières de clients qui sollicitent un crédit auprès d’une banque ou d’un organisme de crédit, dans le monde entier. Equifax promet sur son site internet de prémunir ses clients contre « le vol d’identité ».

    « Les criminels ont exploité une faille informatique d’un site internet américain pour accéder à certains dossiers » entre « mi-mai et juillet », précise Equifax. Selon l’entreprise, les pirates ont obtenu les noms, numéros de sécurité sociale, dates de naissance, adresses et, dans certains cas, les numéros de permis de conduire. Autant d’informations pouvant servir à des usurpations d’identité.

    Equifax, qui dit collaborer avec les autorités, révèle aussi que les numéros de cartes de crédit de 209.000 clients américains ont été piratés ainsi que les documents sensibles relatifs aux crédits de 182.000 personnes. L’entreprise ajoute que des clients, dans une moindre mesure, sont concernés au Canada et au Royaume-Uni. Selon elle, l’attaque n’aurait pas touché d’autre pays.

  • Réinventer l’évaluation du risque ? - Quartz
    http://alireailleurs.tumblr.com/post/136870823368

    Dans Black Box Society, Frank Pasquale, consacre plusieurs pages à l’opacité des techniques d’évaluation des risques-clients (le fameux credit score). Il montre, pour les Etats-Unis, combien les notes de solvabilité développées par les organismes de crédit sont opaques, arbitraires et discriminatoires. Sur le web, de nombreux forums (exemple) tentent de comprendre les pratiques utilisées par les sociétés émettrices de cartes de crédit et essaient de désosser les rouages de leurs systèmes d’évaluation. Les organismes de crédit, eux, se contentent bien souvent de recommandations banales : payez vos dettes dans les temps, ne poussez vos limites de crédit aux extrêmes, etc. Les 3 organismes de crédit américains (Experian, TransUnion et Equifax) ne réalisent pas exactement les mêmes notations : “Une étude (...)

    #NosSystèmes #algorithmes