InfoSec Round-Up: June 26th 2020
Police Data Leak, Facial Recognition Tech & Twitter Breach
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are looking at 270GB of sensitive police data exposed, the High Court challenged on facial recognition and Twitter apologies for data breach. Welcome to the Hut Six Infosec Round-Up.
270GB of US Police Data Leaked
Hundreds of thousands of American police files, dating back 24 years and belonging to over 200 departments, have been published online.
Disseminated by an organisation named Distributed Denial of Secrets, the illegal collection of data reportedly contains both police and FBI reports, email addresses and images of suspects.
Having traced the hack back to a Texas based data centre, authorities are yet to publicly state who they believe to be behind the attack.
Thought to be related to the ongoing protests against police misconduct, former assistant secretary of policy at the U.S. Department of Homeland Security Stewart Baker noted that given the nature of the information, the so-called BlueLeaks data is unlikely to provide any insight into this matter.
Stating: “With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk.”
“Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly.”
High Court Challenged on Facial Recognition
A UK based liberties group has formally challenged a 2019 High Court ruling over the lawfulness of automatic facial recognition technology.
The controversial technology was originally questioned by Cardiff resident, Ed Bridges, who had noticed the cameras whilst attending an arms protest in the city centre.
With support from civil liberties organisation Liberty, Bridges challenged the lawful basis of such technology, in part, under the grounds that it constituted a violation of a right to privacy.
Lawyer at Liberty, Megan Goulding noted: “It is time that the government recognised the danger this dystopian technology presents to our democratic values and banned its use.”
Though originally upheld, with many high-profile facial recognition programs recently being abandoned, Bridges’ November appeal may go a different way.
Twitter Apologises for Data Breach
Twitter has contacted business clients regarding a flaw which left personal information accessible to other device users.
The social media giant has this week emailed business customers, including on-site advertisers, with a warning that their information may have been compromised when improperly stored in browser cache files.
In the company’s latest security incident, the potentially information exposed included email addresses and phone numbers, as well as the last four digits of clients’ credit card numbers.
Though Twitter has stated that they do not believe this issue has led to any known misuse, the company has not acknowledged how many users have been affected.
A spokesperson for Twitter stated, “as soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Top 3 Remote Work Security Lessons: remote work security blog by information security awareness provider Hut Six Security.
Who Regulates the Data Protection Act? Data Protection Blog by Information Security Awareness Training provider Hut Six Security
NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.
Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.
How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.
Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security
What Social Engineering Methods do attackers use to get your personal information? Blog by Information Security Awareness Training provider Hut Six Security
What Year Was the Data Protection Act Introduced? - 2018, however it has seen some changes as enforcements have increased.
How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.
Knowing how a ransomware attack works is the key to avoiding them and the damage they can pose to your organisation. Blog by Hut Six Security.