The Latest Cybercrime Trends
RICO Class-Action Suit Goes After H&R Block, Google, Meta for Alleged Tax Data Sharing
A law firm in California has invoked a law usually reserved for organized crime to go after tech giants Meta and Google for allegedly colluding with H&R Block to profit off taxpayer information. The lawsuit stems from a Congressional report that revealed H&R Block (among other tax prep companies) had used advertising and analytics tools from Meta and Google to collect and then share users’ tax information to the tech companies. Since the report, others have filed class-action lawsuits, but the law firm Wisner Baum is the first to claim that the three companies’ conduct amounts to a “pattern of racketeering activity” covered under the Racketeer Influenced and Corrupt Organizations Act (RICO) a tool usually used to prosecute multiple individuals in a criminal enterprise, like Mafia organizations.
Imagine if regulators simply went after some of these more egregious instances and fined companies appropriately. Deficits could be reduced dramatically. It’s time for governments to go after the megaliths that treat consumers as the product. If that makes free “social” media platforms financially unviable, I think we’ll survive. The sad reality is our data is rarely safe online. It’s time to get serious about data protection and hold our institutions accountable for their actions and inactions.
EU Cybersecurity Body Warns of Potential AI-driven Disruptions to European Elections
EU cybersecurity agency ENISA’s 2023 Threat Landscape report warns that powerful new AI models could disrupt EU elections next June. The report cautions that malicious actors could use AI to run large-scale information manipulation campaigns. Ever-evolving Artificial Intelligence models have the capacity to produce human-like text and voices as well as deepfake images and videos that can be used to psychologically manipulate voters. With upcoming elections in the USA, UK, and India in 2024, experts warn the public, policy makers and governments to beware of AI-generated propaganda.
In early November, US President Biden’s administration released an Executive Order on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” that sets “new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world.” And in the EU, policy makers are finalizing the AI Act, the world’s first comprehensive regulation on Artificial Intelligence. But despite these important steps to get a handle on AI, managing generative AI and deepfakes remains a question mark. And it’s an unknown worth our attention. We can’t put all our faith in policy makers. In an era of powerful generative AI, critical thinking skills and learning ways to become more vigilant with the technologies we use will likely be our best way forward.
FTC Requires Non-Bank Financial Institutions to Report Data Security Breaches Under Amended Safeguards Rule
On October 27, the Federal Trade Commission (FTC) amended the Safeguards Rule to make it mandatory for non-banking institutions like mortgage brokers, motor vehicle dealers, and payday lenders, to report certain data breaches and other security events to the agency. Any event where unencrypted customer information involving 500 or more consumers is acquired without authorization must be reported and include certain information, such as the number of affected or potentially affected consumers. And the notifications must be made no later than 30 days after discovering the security breach.
The FTC’s Safeguards Rule already requires non-banking financial institutions to develop, implement, and maintain a comprehensive cybersecurity program to keep customer information safe. The new amendment is meant to provide additional incentive for companies to handle our data with care.
And this is good news. When it comes to our sensitive financial data, it’s good to know that governments are holding corporations accountable. However, as consumers and people living digital our own digital lives, there’s a lot we can do to protect ourselves. Here are a few simple and inexpensive ways to avoid being a victim:
- Stay vigilant and informed about today’s online risks and cyber threats
- Put MFA (multi-factor authenticator) on everything—yes, everything
- Practice proper password hygiene and use a password manager
- Invest in online safety tools, training and cyber insurance