Top infosec trends in the social media spotlight this week...
Panera Bread was grilled online this week after it was discovered that the bakery failed to fix a huge data breach for eight months – despite being told that 37 million customers could have been affected.
The breach was reported to the company by security researcher Dylan Houlihan last year, who slammed it in a blog post titled: ‘No, Panera Bread doesn‘t take security seriously‘.
It finally came out in a report this week, leading Panera to claim they thought Houlihan’s disclosure was a “scam”.
This angered a number of infosec workers and customers, including Brian Krebs who accused the company of “treating him like an idiot”.
Another customer also claimed that staff were being told the breach was false:
For a lesson in how not to handle a data breach, see here.
Another scandal-hit company, Equifax, was back in the news, too, after reportedly sending the wrong letters to users affected by the huge 2017 data leak.
As is commonly known, Equifax suffered a major breach which exposed almost 148 million people’s information.
And the headache continues to linger for the credit-check company, after it sent inaccurate notification letters to victims.
According to some recipients, the letter they received stated the right address, but the wrong name.
It isn’t known whether the name was mixed-up with another customer’s, but Equifax claimed that the letters “did not contain any credit data or other sensitive information”.
Either way, this latest incident has done nothing to improve the public’s faith in the firm - perhaps a job for their new CEO.
Elsewhere, after a wave of cyber-attacks crippled US cities Atlanta and Colorado, New York has taken steps to protect its citizens from malicious hackers.
Mayor Bill de Blasio announced that a new program, NYC Secure, will offer free cybersecurity tools to the public via a smartphone app.
The $5 million program will also improve the security of public WiFi networks in a step to boost the city’s safety.
Blasio said: “We can't wait around for other levels of government to do something about it or the private sector.”
He added: “It's our job in government to make sure that people are safe online. It's a new reality.”
Also the app, which will launch for Android and iPhone this summer, won’t collect any personal data due to privacy concerns.
Mark Zuckerberg was on trial this week as shareholders called for his resignation amid the Cambridge Analytica scandal.
After the Facebook CEO finally apologized and admitted he was responsible for the mining of millions of people’s data, there were outcries from both users of the social network and those with a financial stake in the company.
But Zuckerberg brushed off the drama, and claimed the board hadn’t even discussed the possibility of him stepping down.
It comes after the #DeleteFacebook campaign, which seems to have lost momentum despite more damning reports of what Facebook wants to do with your data.
Finally, in AI news, a South Korean university was slammed this week over bizarre reports it was building ‘killer robots’.
More than 50 experts signed a letter expressing concern after the Korea Advanced Institute of Science and Technology (Kaist) formed a partnership with arms manufacturer Hanwha Systems.
As the news spread, whisperings of weaponized robots flooded the internet and forced Kaist to deny the allegations:
President Shin Sung-chul claimed the project would focus on “efficient logistical systems, unmanned navigation and aviation training systems”.
Still, the AI researchers in question have boycotted the company and next week, a UN meeting in Geneva will discuss the issue of automated lethal weaponry.
Cue pictures of Arnie as the Terminator dominating the mainstream news, and cries of “the world is going to end!”