The Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. Here are a few of the headlines you might have missed this week.
Vision Direct reveals breach that skimmed customer credit cards | TechCrunch
European online contact lens supplier Vision Direct has revealed a data breach that compromised full credit card details for a number of its customers, as well as personal information. Compromised data includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV. It’s not yet clear how many of Vision Direct’s customers are affected — we’ve reached out to the company with questions. Detailing the data theft in a post on its website, Vision Direct writes that customer data was compromised between 12.11am GMT November 3, 2018 and 12.52pm GMT November 8 — with any logged-in users who were ordering or updating their information on visiondirect.co.uk in that time window potentially being affected.
Third-Party Data Breaches Rise to 61 Pct in US | PYMNTS.com
Opus, the provider of global compliance and risk management solutions, announced Thursday (Nov. 15) the results of the third annual Ponemon Institute’s “Data Risk in the Third-Party Ecosystem” study, which found that 59 percent of companies surveyed said they have experienced a data breach caused by their vendors or third parties. In a press release announcing the results of the survey of more than 1,000 CISOs and other security and risk professionals across the U.S. and U.K., Opus said that in the U.S., the percentage of companies that faced a data breach because of a vendor or third party was higher at 61 percent, which is up 5 percent from last year and 12 percent from 2016. The research also found that 22 percent of respondents admitted they didn’t know if they had a third-party data breach during the past 12 months, and more than three-quarters of companies think third-party cybersecurity breaches are increasing.
JetBlue rolls out biometric boarding at JFK and DCA | BiometricUpdate
JetBlue, in partnership with CBP, has rolled-out its first fully-integrated biometric self-boarding gate at New York’s John F. Kennedy International Airport (JFK) for customers flying to select international destinations from Terminal 5. The dual-lane gate uses facial recognition technology to verify travelers with a quick photo capture. The airline also announced a partnership with the Metropolitan Washington Airports Authority to launch a one-step biometric boarding experience for customers flying to Nassau, Bahamas from Ronald Reagan Washington National Airport (DCA). Since the program’s launch in 2017, more than 50,000 customers have participated in biometric boarding on more than 500 flights from four U.S. airports. There is no pre-registration required.
GSA looks to issue new rules for gov’t contractor data breach reporting | SC Magazine
The General Services Administration (GSA) has issued a proposal for new guidelines on data breaches disclosure that government contractors must follow and give the government access to their system in the event of a breach. The GSA proposal will amend the General Services Administration Acquisition Regulation (GSAR) requiring contractors to report any cyber incidents that could potentially affect the GSA. The change would establish a timeframe for reporting if the confidentiality, integrity, or availability of information or information systems owned or managed by or on behalf of the U.S. Government is potentially compromised. “By incorporating cyber incident reporting requirements into the GSAR, the GSAR will provide centralized guidance to ensure consistent application of cybersecurity principles across the organization,” the GSA stated.
This US Firm Wants to Help Build China’s Surveillance State | WIRED
In a nondescript office tower a mile from the Las Vegas Strip, two women toil in a windowless room crammed with bikinis in every size, style, and hue. It’s the stockroom of Bikini.com, an online swimwear store. Down the hall, colleagues are working to break into China’s red-hot market for surveillance software powered by artificial intelligence. Bikini.com is owned by Remark Holdings, a small public company with Hollywood producer Brett Ratner on its board and financial ties to TV’s Dr. Mehmet Oz. Remark’s leaders are trying to transform the unprofitable, debt-loaded website operator into a provider of corporate AI technology in Asia, particularly China. Remark’s business and share price are struggling, but its peculiar AI project has made some progress.