NTSC Technology Security Roundup

NTSC Weekly News Roundup: February 15, 2017

Arby’s Suffers Data Breach of Potentially 355,000 Debit and Credit Card Numbers

On Thursday, Arby’s announced that a data breach potentially led to the theft of approximately 355,000 debit and card numbers. Occurring between October 25, 2016 and January 19, 2017, the data breach was caused by malware infecting cash registers. The breach only affected restaurants directly owned by Arby’s—not franchise restaurants. USA Today reported that “this is the same type of point-of-sale attack behind the mammoth credit card breaches at Target and Home Depot.”

International Non-Profit, Access Now, Wants EU to Bow Out of Privacy Shield

Access Now, an influential international non-profit that “defends and extends the digital rights of users at risk around the world” wants the EU to bow out of the U.S.-E.U Privacy Shield agreement. The reasons? Concerns about privacy based on U.S. surveillance programs (under both Obama and Trump), a January 25 U.S. executive order, and the positions of several Trump Cabinet appointees. If the EU bows out of the Privacy Shield agreement, it would upend many years of negotiation between the United States and Europe to find a way to transfer transatlantic data that protects the privacy of EU citizens while also satisfying the needs of the United States.

U.S. State Department Recommends Backing Away From International Cybersecurity Laws

Michele Markoff, Deputy Coordinator for Cyber Issues at the U.S. State Department, recommended to the United Nations that they focus more on countries implementing existing cyber rules rather than establishing new international norms. According to NextGov, “That’s a significant shift from a 2015 series of Group of Governmental Experts, or GGE, meeting, during which the U.S. pushed vigorously for a set of peacetime cyber norms, including that nations should not attack each other’s critical infrastructure such as energy plants and electrical grids.”

Sophos to Acquire Malware Protection Company Invincea for $100 Million

Network and endpoint security company Sophos will acquire Invincea for $100 million and a $20 million earn-out. Invincea’s malware threat detection technology is based on machine learning. According to a press release, “Invincea’s flagship product X by Invincea uses deep learning neural networks and behavioral monitoring to detect previously unseen malware and stops attacks before damage occurs. With a focus on the U.S. government, healthcare and financial services sectors, Invincea has been deployed in some of the most targeted networks in the world.”

Google Asked to Hand Over Data on Overseas Servers, Reversing Precedent of Microsoft Ireland Case

In relation to a domestic fraud case, a U.S. magistrate judge in Philadelphia ordered Google to hand over emails located on overseas server. Google is appealing the request, especially because of the precedent set by the Microsoft Ireland case. In that case, Microsoft so far has not had to hand over emails located on servers in Ireland due to an interpretation of the U.S. Stored Communications Act.