The Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. Here are a few of the headlines you might have missed this week.
US Voter Records for Sale on Hacker Forum | GovInfo Security
A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it’s far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records. Two security companies, Anomali Labs and Intel 471, found the data via an advertisement on a web forum where data often gets traded. Although the forum requires registration to become a member, the advertisement is viewable on the open web without registering.
The Transportation Security Administration has laid out its roadmap for the use of facial recognition on US domestic flights. The plan focuses on partnering with US Customs and Border Protection (CBP) on biometrics for international travelers, expanding its use to passengers using TSA Precheck, ultimately using facial recognition on more domestic travelers and improving the infrastructure supporting all this. The travel security agency has been testing fingerprint system at Hartsfield-Jackson Atlanta International Airport’s Precheck lane since June 2017 and is partnering with Delta Airlines to launch its first biometric terminal there later this month.
What happens to the companies that allow our personal data to be stolen? In most cases, nothing. Sometimes there is a short-lived flurry of bad publicity, a brief dip in stock prices, a class-action lawsuit or a Federal Trade Commission investigation that leads to a token settlement or fine. Facebook is unlikely to face any serious, long-term consequences as a result of a security breach it announced last month, which exposed the account data of 50 million users. At first glance, the lack of consequences that companies face for data breaches might seem to be a clear problem and something that can be easily remedied through heavy regulation like the European Union’s General Data Protection Regulation. However, the problem turns out to be more complicated than that.
The Pentagon still has to grapple with data security woes despite efforts to harden its sites and networks. Defense Department officials have revealed that a travel record data breach at an unnamed contractor exposed the personal info of military and civilian staffers, including credit cards. An AP source said that this didn’t compromise classified material, but it affected “as many as” 30,000 workers. There’s a chance that number might get larger, according to the source. It’s not certain when the intrusion took place. Department staff warned leaders on October 4th after discovering the breach, but it might have taken place earlier and gone unnoticed.
European banks wrestle with using biometrics to meet multi-factor requirements of PSD2 | BiometricUpdate
As the date for implementing the final stage of Europe’s Payment Services Directive 2 (PSD2) approaches, banks in the EU are wrestling with how to comply with the requirements for multi factor authentication, which will make biometrics-only systems like Apple’s FaceID insufficient for even logging into a bank account, Forbes reports. PSD2 becomes effective on September 14, 2019, and as the deadline approaches, banks are considering using passwords, memorable phrases, security questions and card readers to satisfy the need for a second factor, according to the report.