Connect with us

Business

Yahoo to pay $50M and give free credit monitoring to victims of 2016 hack

Editor

Published

on

[ad_1]

Yahoo has agreed to pay $50 million US in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history.

The restitution hinges on federal court approval of a settlement filed late Monday in a two-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016.

It adds to the financial fallout from a security lapse that provided a mortifying end to Yahoo’s existence as an independent company and former CEO Marissa Mayer’s six-year reign.

Yahoo revealed the problem after it had already negotiated a $4.83-billion deal to sell its digital services to Verizon Communications. It then had to discount that price by $350 million to reflect its tarnished brand and the spectre of other potential costs stemming from the breach.

About three billion Yahoo accounts were hit by hackers that included some linked to Russia by the FBI. The settlement reached in a San Francisco court covers about one billion of those accounts held by an estimated 200 million people in the U.S. and Israel from 2012 through 2016.

Claims for a portion of the $50 million fund can be submitted by any eligible Yahoo account holder who suffered losses resulting from the security breach. The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo hack.

The fund will compensate Yahoo account holders at a rate of $25 per hour for time spent dealing with issues triggered by the security breach, according to the preliminary settlement. Those with documented losses can ask for up to 15 hours of lost time, or $375. Those who can’t document losses can file claims seeking up to five hours, or $125 for their time spent dealing with the breach.

Yahoo account holders who paid $20 to $50 annually for a premium email account will be eligible for a 25 per cent refund.

The free credit monitoring service from AllClear could end up being the most valuable part of the settlement for most account holders. The lawyers representing the account holders pegged the retail value of AllClear’s credit-monitoring service at $14.95 per month, or about $359 for two years — but it’s unlikely Yahoo will pay that rate. The settlement didn’t disclose how much Yahoo had agreed to pay AllClear for covering affected account holders.

The lawyers for Yahoo’s account holders praised the settlement as a positive outcome, given the uncertainty of what might have happened had the case headed to trial.

Estimates of damages caused by security breaches vary widely, with experts asserting the value of personal information held in email accounts can range from $1 to $8 per account. Those figures suggest Yahoo could have faced a bill of more than $1 billion had it lost the case.

But Yahoo had disputed those damages estimates and noted many of its account holders submitted false information about their birth dates, names and other parts of their lives when they set up their email.

The lawyers representing Yahoo account holders have a big incentive to get the settlement approved. Yahoo will pay them up to $37.5 million in fees and expenses if it goes through.

Oath, the Verizon subsidiary that now oversees Yahoo, didn’t respond to requests for comment Tuesday.

A hearing to approve the preliminary settlement is scheduled for Nov. 29 before U.S. District Judge Lucy Koh in San Jose, Calif. If approved, notices will be emailed to affected account holders and published in People and National Geographic magazines.

[ad_2]

Source link

قالب وردپرس

Business

U.S. Charges Chinese Tech Giant Huawei, Top Executive

Editor

Published

on

By

WASHINGTON (AP) — The U.S. Justice Department is filing charges against Chinese tech giant Huawei.

A 13-count indictment was unsealed Monday in New York charging Huawei, two of its affiliates and a top executive at the company.

The charges include bank fraud, conspiracy to commit wire fraud, and violating the International Emergency Economic Powers Act.

A separate case filed in Washington state charges Huawei with stealing trade secrets from T-Mobile.

Meng Wanzhou, the company’s chief financial officer, was arrested in Canada on Dec. 1. Prosecutors allege she committed fraud by misleading American banks about Huawei’s business deals in Iran.

Prosecutors charge Huawei used a Hong Kong shell company to sell equipment in Iran in violation of U.S. sanctions.

Huawei is the world’s biggest supplier of network gear used by phone and internet companies.

Source link

قالب وردپرس

Continue Reading

Business

24 Million Mortgage And Bank Loan Documents Leaked Online

Editor

Published

on

By

A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse.

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

But it wasn’t protected with a password, allowing anyone to access and read the massive cache of documents.

It’s believed that the database was only exposed for two weeks — but long enough for independent security researcher Bob Diachenko to find the data. At first glance, it wasn’t immediately known who owned the data. After we inquired with several banks whose customers information was found on the server, the database was shut down on January 15.

With help from TechCrunch, the leak was traced back to Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas. The company provides data analysis and portfolio valuations. Among its services, the Ascension converts paper documents and handwritten notes into computer-readable files — known as OCR.

It’s that bank of converted documents that was exposed, Diachenko said in his own write-up.

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch, but said its systems were unaffected.

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”

An unspecified portion of the loans were shared with the contractor for analysis, the statement added, but couldn’t immediately confirm how many loan documents were exposed.

TechCrunch has learned that the vendor is New York-based company OpticsML. Efforts to reach the company were unsuccessful. Its website is offline and its phone number was disconnected from service.

In a phone call, Campbell confirmed that the company will inform all affected customers, and report the incident to state regulators under data breach notification laws.

From our review, it was clear that the documents pertain to loans and mortgages and other correspondence from several of the major financial and lending institutions dating as far back as 2008, if not longer, including CitiFinancial, a now-defunct lending finance arm of Citigroup, files from HSBC Life Insurance, Wells Fargo, CapitalOne and some U.S. federal departments, including the Department of Housing and Urban Development.

Some of the companies have long been defunct, after selling their mortgage divisions and assets to other companies.

Though not all files contained the highly sensitive and personal data points, we found: names, addresses, birth dates, Social Security numbers and bank and checking account numbers, as well as details of loan agreements that include sensitive financial information, such as why the person is requesting the loan.

Some of the documents also note if a person has filed for bankruptcy and tax documents, including annual W-2 tax forms, which are targets for scammers to claim false refunds.

But the database stored documents in a random order, and were not easily followable or presented in an easy to read or formatted way, making it difficult to follow from one document to another, said Diachenko.

We verified the authenticity of data by checking a portion of names in the database with public records.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

Although the documents originate from these financiers, one bank — Citi, which helped to secure the data — said it had no current relationship with the company.

“Citi recently became aware that a third party, with no connection to Citi, was storing certain mortgage origination and modification documents in an unsecure online environment,” said a Citi spokesperson. “These documents contained information about current or former Citi customers, as well as customers from other financial institutions. Citi notified law enforcement, initiated a thorough forensic investigation and worked quickly to ensure the information could no longer be publicly accessed.”

Citi confirmed that “third party is a vendor to a company that had purchased the loans and we have found no evidence that Citi’s systems were compromised.”

The bank added that it’s working to identify potentially affected customers.

Dozens of other companies are affected, including smaller regional banks and larger multinationals.

A Wells Fargo spokesperson said the data was obtained by Ascension from other entities that purchased Wells Fargo mortgages. HSBC said it was investigating if any of its customers’ data, including past customers, and confirmed it had “no vendor relationship with Ascension since 2010.” When reached, CapitalOne did not comment at the time of publication. A Housing and Urban Development spokesperson did not respond to a request for comment. The department is currently affected by the ongoing government shutdown. If anything changes, we’ll update.

It’s the latest in a series of security lapses involving Elasticsearch databases.

A massive database leaking millions of real-time SMS text message data was found and secured last year, as well as a popular massage service and, most recently, AIESEC, the largest youth-run nonprofit for working opportunities.

Updated at 5pm ET: with comment from HSBC and additional details regarding OpticsML.

Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Source link

قالب وردپرس

Continue Reading

Business

Brandon Truaxe, Founder of Deciem Skin Care Company, Is Dead At 40

Editor

Published

on

By

Brandon Truaxe, the former CEO and founder of the skin care company Deciem, has died at age 40.

An executive at the company confirmed Truaxe’s death in an email to Vox, which also obtained the email sent by acting CEO Nicola Kilner to Deciem’s staff.

“I can’t believe I am typing these words. Brandon has passed away over the weekend. Heartbroken doesn’t come close to how I, and how I know many of you will be feeling,” read the email, which also indicated that the company’s “offices, warehouses, factories and stores” would all be closed Monday to “take the time to cry with sadness, smile at the good times we had, reflect on what his genius built and hug your loved ones that little harder.”

A spokesperson for the Estée Lauder Cos., a minority investor in Deciem, told HuffPost: “Brandon Truaxe was a true genius, and we are incredibly saddened by the news of his passing. As the visionary behind Deciem, he positively impacted millions of people around the world with his creativity, brilliance and innovation. This is a profound loss for us all, and our hearts are with Nicola Kilner and the entire Deciem family.”

Representatives of Deciem did not immediately respond to HuffPost’s request for comment, but they did post a heartfelt message about Truaxe on their Instagram page.

“Thank you for every laugh, every learning and every moment of your genius. Whilst we can’t imagine a world without you, we promise to take care of each other and will work hard to continue your vision. May you finally be at peace. Love, (forever) your DECIEM,” they wrote.

The Toronto-based company, nicknamed “The Abnormal Beauty Company,” was called Deciem after Truaxe’s intention to launch 10 lines under the brand’s umbrella, though the brand has now exceeded that. Arguably its most famous line, The Ordinary, has gone on to achieve near-cult status for its affordable prices and ubiquity. The line is currently sold at Sephora.

As for Truaxe, he has had a multitude of highs and lows with the company. On the heels of a near-rave review in The New Yorker in early 2018, Truaxe began to appear erratic on social media and use the company’s pages to post bizarre messages and videos. By the end of the year, Estée Lauder took legal action against him, and Truaxe was ousted by a judge as CEO. Kilner has been the acting CEO ever since. Additionally, Truaxe was issued a restraining order by several executives at Estée Lauder.

While the cause of Truaxe’s death is currently unknown, a report published in Canada’s Financial Post in December 2018 indicated that he’d been previously hospitalized for mental health issues several times and had problems with drug use. 

The response on social media has been widespread, as many fans of his skin care brand mourn his death:

This article has been updated with comment from Estée Lauder Cos. and a message posted by Deciem.

Source link

قالب وردپرس

Continue Reading

Chat

Trending