Category: Legal Issues

Facebook Data Breach — What To Do Next

Screen Shot 2018-09-29 at 8.18.02 PM

Yesterday, Facebook notified users of a massive data breach affecting over 50 million people. The breach had taken place three days earlier, on the afternoon of 25 September.

The social media giant says it doesn’t know exactly what kind of information has been compromised. However, in an updated statement yesterday, it did admit the hack affected those who use Facebook to log into other accounts.

How do you know if you’ve been impacted?

If you’ve been affected by the breach, Facebook logged you out of your account yesterday. The social network said it would also notify these people in a message on top of their News Feed about what happened.

However, an important thing to note: If you were logged out, you weren’t necessarily breached. Facebook has also logged out everyone who used the ‘View As’ feature since the vulnerability was introduced as a “precautionary measure”. The social network says this will require another 40 million people or more to log back into their accounts, adding: “We do not currently have any evidence that suggests these accounts have been compromised.”

Has the issue been fixed?

According to Facebook, yes. It believes it has fixed the security vulnerability, which enabled hackers to exploit a weakness in Facebook’s code to access the ‘View As’ privacy tool that allows users to see how their profile looks to other people.

Attackers would then be able to steal the access tokens that allow people to stay logged into their accounts. Then, Facebook admits, they could use these to take over people’s profiles.

Facebook is also temporarily turning off the ‘View As’ feature while it conducts a “thorough security review”.

What should you do if you’ve used Facebook to log in to other accounts/apps?

Facebook has admitted this could be an issue, but it can be hard to know what you’ve logged into using your account. This information can be found in your settings. First, go to ‘apps and websites’, then ‘logged in using Facebook’.

There you will be able to find all the apps you have used Facebook to log in to. It’s a good idea to remove these, even if you think you haven’t been impacted by the breach. If you have been affected, you’ll also need to change the passwords for those accounts, to be safe.

What can you do to secure your Facebook account?

Facebook says there’s no need for people to change their passwords. However, there is no harm in doing so – ensuring that your new password is secure and that you do not use it to log into other accounts. You could also log yourself out of Facebook, even if you don’t think you’ve been impacted, using the ‘security and login’ section in ‘settings’. This lists the places people are logged into Facebook with a one-click option to log out of all of them. People who’ve forgotten their passwords can access Facebook’s Help Center.

If you haven’t already, you should also enable two-factor authentication, which again can be found in Facebook settings.

Of course, you could also delete your Facebook account altogether.

Does this breach come under GDPR?

Many of the 50 million customers breached will reside in Europe, so their data does fall under the EU general update to data protection regulation (GDPR). We don’t know exactly what information has been impacted – fines are applicable for sensitive and personal data such as credit card details, which Facebook initially said has not been affected. However, if attackers have accessed personal messages, all kinds of sensitive information could have been breached.

As Facebook investigates the breach, it will be interesting to see the regulatory impact. The number of accounts impacted dwarfs that of British Airways at 50 million versus 380,000 but the nature of the information accessed is important.

For now, users need to ensure their own security is tight. Breaches are happening every day and it’s important to use strong passwords and two-factor authentication at a bare minimum.

Freezing Credit Will Now Be Free. Here’s Why You Should Go for It.

07MONEY-1-master768

Consumers will soon be able to freeze their credit files without charge. So if you have not yet frozen your files — a recommended step to foil identity theft — now is a good time to take action, consumer advocates say.

Security freezes, often called credit freezes, are “absolutely” the best way to prevent criminals from using your personal information to open new accounts in your name, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearinghouse, a consumer advocacy nonprofit group.

Free freezes, which will be available next Friday, were required as part of broader financial legislation signed in May by President Trump.

Free security freezes were already available in some states and in certain situations, but the federal law requires that they be made available nationally. Two of the three major credit reporting bureaus, Equifax and TransUnion, have already abandoned the fees. The third, Experian, said it would begin offering free credit freezes next Friday. To be effective, freezes must be placed at all three bureaus.

The Federal Trade Commission says that when the law takes effect, its identity theft website will provide links to each bureau’s freeze website.

A security freeze makes it harder for criminals to use stolen information to open fraudulent new accounts, or borrow money, in your name. Credit bureaus house records of your accounts and payment history, which card companies and lenders use to decide whether you are likely to pay your bills. If you freeze your file, the bureaus will not provide information to lenders unless you “thaw” the freeze first, using a special personal identification number.

Free security freezes are becoming available more than a year after a huge data breach was discovered at Equifax. The breach compromised the personal information, including Social Security numbers, birth dates and other sensitive details, of more than 145 million people — nearly half the population of the United States.

Despite the scale of that breach, and a steady stream of other incidents, security freezes have not really caught on. An AARP survey of about 2,000 adults found that just 14 percent had frozen their credit files. (The survey, conducted in July by GfK Group using a probability-based online panel, has a margin of sampling error of plus or minus two percentage points.)

In-depth interviews with 24 consumers by researchers at the University of Michigan School of Information found that many people knew about the Equifax breach, but few had taken the step of freezing their credit files as a result.

Consumers suffer from “optimism bias,” the researchers found. They realized that the breach created risk, but did not think anything would happen to them personally. “People tend to underestimate their own risk,” said Florian Schaub, an assistant professor at the school and one of the study’s authors.

Others incorrectly assumed that because they had poor credit or little wealth, they would be unattractive targets for identity thieves. “They think: ‘I don’t have much money. I have nothing to lose,’” Mr. Schaub said. “But that’s not how identity thieves operate.”

People interviewed also cited the cost of freezes as a barrier. It can cost as much as $10 per bureau to place a freeze, and a similar fee is charged to thaw it temporarily when you want to apply for credit.

Consumer advocates hope that making freezes free will spur more consumers to use them. (The new law requires that a thaw must also be free.)

But the freeze process is not as easy as it could be, said Mike Litt, consumer campaign director for U.S. PIRG, the consumer advocacy group. He would prefer credit files to be “frozen” by default, and thawed on request. As it stands, consumers must place freezes separately at all three bureaus, and keep track of three PINs.

And because it’s not always possible to know in advance what credit bureau a lender will use, consumers typically must lift the freezes at all three bureaus when they want to apply for new credit.

Brett Merfish, a lawyer in Austin, Tex., said she froze her credit at all three bureaus several years ago, after her personal information was used to open “a steady flow” of fraudulent credit card accounts. The freeze process was “tedious,” she recalled, but ultimately effective because she no longer has problems with fake accounts. “It’s worth it to do it,” she said.

One credit bureau, TransUnion, introduced a smartphone app, myTransUnion, this month that consumers can use to more easily freeze and thaw their credit. The app is available for both Apple and Android phones. Mr. Stephens, of the Privacy Rights Clearinghouse, said he had not seen the app, but cautioned consumers to tread carefully, in case it is used to market other, fee-based products and services.

The credit bureaus also offer something called a credit “lock,” which they promote as a more convenient way to protect your information. But some offerings carry fees, and consumer advocates prefer freezes because the rules are set by law, rather than by the credit bureaus.

One other less-protective option is a fraud alert, which requires credit bureaus to contact you to verify your identity when a company requests your credit file. Under the new law, initial fraud alerts must last for one year once established. Fraud alerts are free, and, unlike the freezes, an alert placed at one bureau is automatically placed at all three.

U.S. PIRG also recommends freezing your file at a lesser-known reporting agency known as the National Consumer Telecom and Utilities Exchange. The exchange provides credit information to some cellphone, pay television and utility companies. (Some consumers have reported having cellular accounts opened in their names, even though they had placed freezes on their credit reports at the main bureaus.)

The website for the utilities exchange says its database is “housed and managed” by Equifax. But the exchange is a “distinct” entity that requires its own freeze, said Craig Caesar, outside counsel to the exchange. “A separate request to N.C.T.U.E. is required because it is a separate database,” Mr. Caesar said in an email. There is no cost for a freeze, he said.

The new law also requires credit bureaus to allow parents to create and freeze credit files for their children under 16, to prevent their identities from being misused. The Federal Trade Commission offers information on what to do.

Freezes will not protect you from other types of fraud, like someone using the number of a credit card you already have, or impersonating you online to claim your Social Security benefits. To help prevent those types of theft, Mr. Litt recommends checking your credit card statements regularly for suspicious charges, and setting up and monitoring an online Social Security account, to prevent criminals from opening one first and diverting your benefit checks. A PIRG report suggests other helpful steps as well.

Checking your credit report periodically is also wise. You are entitled to one free copy each year from the big three bureaus at annualcreditreport.com. (A security freeze will not prevent you from getting your free annual report, the F.T.C. says.)

Here are the websites to visit to set up security freezes:

TransUnion: transunion.com/credit-freeze

Experian: experian.com/freeze/center.html

Equifax: www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

National Consumer Telecom and Utilities Exchange: www.nctue.com/Consumers

The College Recruit and the Downfall of a Hall of Fame Coach

Should a high school star be prevented from playing college basketball because his father was accused of taking a bribe?

collegeBrian Bowen Jr. was one of the top high-school basketball players in the senior class of 2017. He grew up in Saginaw, Mich., an economically depressed Rust Belt city with one of the highest rates of violent crime in the nation. It is also a basketball hotbed, where players take pride in their scrappy, physical style of play. Draymond Green, an intense, sharp-elbowed All-Star with the N.B.A. champion Golden State Warriors, is among the pros who have come from Saginaw.

Bowen, however, was not hardened by either his city or its tough-edged basketball tradition. There is a sweetness about him, a shy smile, an engaging manner. He was given the nickname “Tugs” as an infant because he pulled on his mother’s hair with his tiny fingers, and that is what his family, friends, teammates and coaches have called him ever since. His mother chauffeured him around, fed him and made his schedule. Even after he reached high school, she could sometimes be seen kneeling or sitting at the bottom of the bleachers as she laced up his sneakers before a game, like a figure-skating mom tightening the laces of her child’s skates. In his free time, he liked to build elaborate Lego structures. The worst that was said about him, an only child, was that he could seem a little sheltered.

His father, Brian Bowen Sr., a former high-school player, groomed him for basketball almost from birth. When Tugs was just 9 months old and holding onto furniture for balance as he began to walk, his father made sure he alternated between his right and left hands — while rolling a ball with the opposite hand — so he would be able to dribble and shoot a basketball with both. A few years later, the family moved into a house with a basketball court in the backyard. The court was where Tugs would begin to learn the game, and as he got older, it attracted serious players in Saginaw. They came to work, not play. Brian Bowen Sr., a former police officer who had retired on medical disability, stood watch on the sideline, offering instruction and keeping the games as clean as he could.

The surface was originally concrete, but he covered it with VersaCourt, a softer synthetic material that came in sections fitted together like puzzle pieces. “He was looking ahead even back then,” his son told me last fall, the first time we talked. “If it would have stayed cement, I would have wrecked my knees, and I wouldn’t have been able to amount to anything.”

READ MORE:https://www.nytimes.com/2018/09/18/magazine/college-basketball-recruiting-bribery-case-rick-pitino.html?action=click&module=Well&pgtype=Homepage&section=The%20New%20York%20Times%20Magazine

Colin Kaepernick’s N.F.L. Collusion Case Can Continue, Arbitrator Rules

In a major blow to the N.F.L., Colin Kaepernick achieved a preliminary but important win in his case accusing the league of colluding to keep him off the field because of the player protests during the national anthem that he instigated.

The ruling, essentially granting a full hearing on the dispute, keeps alive a case that the N.F.L. desperately wanted to go away. The league is preparing for a new season beginning next week and is still grappling with how to defuse the smoldering debate over players who demonstrate during the national anthem to protest racism, police brutality and social injustice.

In a ruling this week that was disclosed Thursday, the arbitrator, Stephen B. Burbank, who was appointed by the league and the N.F.L. Players Association, said lawyers for Kaepernick had unearthed enough information in the past year for the case to proceed to a full hearing. After months of depositions — including those given by some of the most powerful owners in the league — as well as document searches, the lawyers will be able to question league officials, owners and others in a trial-like format.

colin

The decision was revealed by Mark Geragos, Kaepernick’s lawyer.

Although the number of players who kneel has varied — and dwindled over the course of last season — since Kaepernick first did so in 2016, during a wave of police shootings of African-American men, the issue continues to divide fans, vex owners. It has also inspired persistent tweets from President Trump, whose calls for players who kneel to be fired has put pressure on owners, many of whom support him.

Kaepernick, once one of the league’s best quarterbacks, has been out of work since March 2017, when he became a free agent before the San Francisco 49ers could release him. As a parade of lesser quarterbacks, at least statistically, found work, he filed a grievance asserting that the league’s owners had conspired to keep him out because of his protests.

The N.F.L., which had asked the arbitrator to dismiss the case for lack of evidence, declined to comment. It cannot appeal the arbitrator’s decision to move to a full hearing, but it can appeal a final ruling.

A hearing could begin by the end of the year, though the two sides could settle the case before then. Kaepernick is seeking damages equal to what he would have earned if he were still playing in the league.

The case has attracted so much attention, experts said, that it would have been difficult for Burbank to dismiss it.

V.A. Shuns Medical Marijuana, Leaving Vets to Improvise

7W4TV6V23ZFBJOX2N7Z5A4UJVQSANTA CRUZ, Calif. — Some of the local growers along the coast here see it as an act of medical compassion: Donating part of their crop of high-potency medical marijuana to ailing veterans, who line up by the dozens each month in the echoing auditorium of the city’s old veterans’ hall to get a ticket they can exchange for a free bag.

One Vietnam veteran in the line said he was using marijuana-infused oil to treat pancreatic cancer. Another said that smoking cannabis eased the pain from a recent hip replacement better than prescription pills did. Several said that a few puffs temper the anxiety and nightmares of post-traumatic stress disorder.

“I never touched the stuff in Vietnam,” said William Horne, 76, a retired firefighter. “It was only a few years ago I realized how useful it could be.”

The monthly giveaway bags often contain marijuana lotions, pills, candies and hemp oils, as well as potent strains of smokable flower with names like Combat Cookies and Kosher Kush. But the veterans do not get any medical guidance on which product might help with which ailment, how much to use, or how marijuana might interact with other medications.

SOURCE:https://www.nytimes.com/2018/07/25/us/marijuana-veterans

Philly mayor wants to evict Jay Z’s music fest amid Meek Mill drama

As controversy continues to rage in Philadelphia over rapper Meek Mill’s probation case — the city mayor’s office has moved to boot the popular Made in America festival created by Meek’s Roc Nation label founder Jay Z.

A rep for Philly Mayor Jim Kenney dropped a bombshell Tuesday that “This is the last year [the fest] will be held on the [Ben Franklin] Parkway.” That was apparently news to Jay Z and Roc Nation — as well as the concert’s promoter, Live Nation.

Screen Shot 2018-07-19 at 5.14.57 AM

Jay Z fired back on Wednesday, revealing in a statement that the mayor’s office also tried to cancel this year’s fest — which will feature Meek Mill, Nicki Minaj and Post Malone, Sept. 1 and 2.

“We are disappointed that the Mayor… would evict us from the heart of the city, through a media outlet, without a sit-down meeting, notice, dialogue or proper communication,” the hip hop mogul wrote. “It signifies zero appreciation for what Made In America has built alongside the phenomenal citizens of this city.”

He added, “In fact, this administration immediately greeted us with a legal letter trying to stop the 2018 event.”

Roc Nation COO Desiree Perez exclusively told us that she’d previously tried to reach out to the mayor’s office and never heard back before the city publicly said the fest would move. “I’d love to have a conversation,” she said. “We’re shocked. We couldn’t believe it. We don’t have a clue about the hostility we’ve received.”

Jay Z said the minority-owned fest that’s included Rihanna, Kanye West and Pearl Jam, has brought $102.8 million to the city, paid $3.4 million in rent and employed thousands.

Reports said that Made in America’s five-year contract ended in 2017 and was renewed for one year.

A rep for the mayor told Philly.com: “When the festival first started, it was intended to provide a unique attraction to the city on the otherwise quiet Labor Day weekend… Over the years, tourism has grown… and the need for an event of this scale at this location may no longer be necessary.”

Jay Z asked in his statement, which he released as an op-ed to the website, “How does an administration merely discard an event that generates millions … and employs the city’s people as if we are disposable now that we have served our purpose?”

Some music fans speculated the city might be targeting a hip-hop-heavy lineup. “Roc Nation got a call that the administration wanted to see this year’s lineup,” which Roc Nation refused, a source said. “What does that have to do with the city?”

The Mayor called the issue a “misunderstanding” and said in a statement to Page Six: “The City of Philadelphia supports the Made in America festival and is greatly appreciative of all that it has done for Philadelphia. We are committed to its continued success and thank them for their partnership. We hope to be able to resolve what has been an unfortunate misunderstanding. We are working with Roc Nation and Live Nation to resolve this issue and we are committed to continuing our partnership with the Made in America festival.”