The hospitality giant may feel unfairly punished by the fine – because the company itself was not responsible for the breach – but has said it does not intend to appeal the decision.

A cyber-attack on Starwood Hotels and Resorts Worldwide in 2014 is estimated by Marriott to have left the records of 339m worldwide guests vulnerable. Marriott acquired Starwood two years after the breach. The attack remained undetected until September 2018 and was reported in November 2018.

The true number of guests affected is unclear because some guests may have had multiple records. 7m of the records related to people in the UK.

“Personal data is precious and businesses have to look after it. Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not,” said Elizabeth Denham, Information Commissioner.

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect.”

Marriott said it regrets the incident but makes no admission of liability. It also stated that it continues to be committed to the privacy and security of its guests’ information and has reassured guests that Starwood’s network is no longer in use.

The ICO has acknowledged the work that Marriott has done to mitigate the risk of damage suffered by its customers and the measures it has put in place to improve security.

The fine comes just two weeks after the ICO hit British Airways with a £20m fine for a failure to protect the personal and financial details of more than 400,000 customers.

“Within just two weeks, the ICO has now issued a fine of £20m to British Airways and £18.4m to Marriott. These are the two highest confirmed fines in the history of the ICO in response to significant data security failures by both organisations,” said Chris Combemale, CEO of the Data & Marketing Association. “Given the dramatic fall in revenue that the travel and leisure sector has experienced during the coronavirus pandemic, these fines send a very powerful message to organisations that they must invest in keeping their customers’ data secure. Otherwise they will face penalties that could prove far more costly to the business.”

The post Marriott slapped with £18.4m ICO fine for data breach appeared first on Mobile Marketing Magazine.

Maps is getting an incognito mode much like the popular feature that’s been in Google’s Chrome browser since 2008 and was added to YouTube earlier this year. Turning on the mode in Maps will mean that any places the user searches for, or journeys they make, will not be saved to their Google account.

Users will be able to activate incognito mode by selecting it from the menu that appears when they tap their profile photo. It will start rolling out on Android this month and will be ‘coming soon’ to iOS.

Google is also expanding its ‘auto-delete’ option to YouTube. Earlier this year, the search giant made it possible for users to choose to have their location history and web & app activity automatically deleted after a set timeframe. Now, users will be able to do exactly the same for their YouTube history.

Meanwhile, Google Assistant will soon enable users to delete Assistant activity using their voice. For example, people will be able to say “Hey Google, delete the last thing I said to you” or “Hey Google, delete everything I said to you last week” to have the AI assistant get rid of their voice activity data. If someone asks to delete more than a week’s worth of data, Assistant will direct users to a page in account settings to complete the deletion. This feature will roll out in English next week, and in all other languages next month.

Finally, Google has launched ‘Password Checkup’. This feature, built into Google’s password manager, checks the strength and security of all of a person’s saved passwords, tells the user if they’ve been compromised, and gives actionable recommendations when needed. The feature has been built from a Chrome extension which launched earlier this year. Google says it will build its Password Checkup technology directly into Chrome for all users later this year.

The post Google introduces new privacy and security controls appeared first on Mobile Marketing Magazine.

The Confidential Computing Consortium will address the ‘most challenging’ part of dealing with data in cloud computing – the encryption of data in use. Current approaches in cloud computing already deal with the protection of data when it’s not being used and the protection of data when being sent to its destination, but data is vulnerable when it’s actually being used.

The aim is for confidential computing to enable encrypted data to be processed in memory without exposing it to the rest of the system, reduce exposure for sensitive data, and provide more control and transparency for users. The consortium of hardware vendors, cloud providers, developers, open source experts, and academics will also look to influence technical and regulatory standards and build open source tools for Trusted Execution Environment (TEE) development.

“The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at The Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

Early contributions to the consortium include a Microsoft framework for developers to build TEE apps, an Intel SDK to help app developers protect select code and data from disclosure or modification at hardware level, and a Red Hat project providing hardware independence for securing apps using TEEs.

The post Google, Microsoft, Alibaba help found data protection consortium appeared first on Mobile Marketing Magazine.

According to CybSafe’s research of 250 UK business decision makers, just 57 per cent of organisations believe they are compliant with GDPR. More alarmingly, 56 per cent of respondents admitted that their business had failed to request content to store sensitive data, while 16 per cent had knowingly ignored subject access requests.

The figures make for concerning reading and show the EU’s regulation has failed to truly put the EU population in control of their data.

The research also found that just 39 per cent of businesses view cybersecurity as a high priority within senior management. Meanwhile, only 37 per cent have amended their cybersecurity policies or processes because of the legislation, and a lowly 32 per cent said that cybersecurity training had become a priority.

“GDPR may have benefited consumers by emptying their inboxes of unwanted mail, but in terms of sparking action amongst businesses, it hasn’t been universally impactful,” said Oz Alashe, CEO and founder of CybSafe. “While things have changed for the better in some areas, a large number of organisations are still falling well short of the standards that the legislation has laid out. One whole year on from its introduction, this is disappointing to say the least.

“It’s vital that businesses do take GDPR seriously, and not just because they fear a fine. Enforcing GDPR properly helps businesses protect their reputation and their precious information. The legislation is an opportunity to clean up data, to understand what data needs to be retained, and to reduce the risk of being the victim of a data scandal caused by poor privacy practices.”

The post UK businesses are still falling way short on GDPR compliance: report appeared first on Mobile Marketing Magazine.

Security researcher Brian Krebs was the one to break the news about Facebook’s latest data protection mishap – which, this time round, saw somewhere between 200m and 600m Facebook users have their passwords open to over 20,000 employees.

The passwords never became visible to anyone outside of Facebook’s workforce and the company hasn’t found any evidence to suggest that any of its staff took advantage of the password data. Nonetheless Facebook is notifying “hundreds of millions of Facebook Lite users, tens of millions of other Facebook user, and tens of thousands of Instagram users,” as per Pedro Canahuati, the tech giant’s VP of engineering, security and privacy.

In normal circumstances, Facebook masks people’s passwords when the create an account, so that no one at the company or otherwise can see them.

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” Facebook software engineer Scott Renfro told Krebs. “In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

The post Hundreds of millions of Facebook passwords were left exposed to staff appeared first on Mobile Marketing Magazine.

Controversial telecoms equipment maker Huawei has opened up a centre dedicated to cyber security in Europe, as it looks to prove to the world that it really isn’t as much of a threat as they want to believe and is actually a friend.

The Cyber Security Transparency Centre in Brussels, Belgium – home to the European Union headquarters – aims to give government agencies, technical experts, industry associations, and standards organisations a place where they can work together to get cyber security right.

“We fully understand cyber security concerns that people have in this digital world. I believe that good solutions to solve the issue start from mutual understanding, which is the purpose we set up the transparency centre here today,” said Ken Hu, deputy chairman of Huawei. “We welcome all regulators, standards organizations, and customers to fully use this platform to collaborate more closely on security standards, verification mechanisms, and security technology innovation. Together, we can improve security across the entire value chain and help build trust through verification.”

The centre will showcase Huawei’s cyber security practices, letting visitors experience cyber security with Huawei’s products and solutions in areas such as 5G, Internet of Things, and cloud. Furthermore, it will be where Huawei communicates with key stakeholders on cyber security strategies and practices, and provide a product security testing and verification platform and related services to its customers.

In a tweet following a meeting with Hu, the European Commission’s VP for the digital single market, Andrus Ansip, said: “Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security.”

The post Huawei opens European cyber security centre appeared first on Mobile Marketing Magazine.

The Canadian enterprise software company will look to use its acquisition of Cylance to speed up the development of Blackberry Spark, the company’s secure communications for the Internet of Things (IoT).

“Today BlackBerry took a giant step forward toward our goal of being the worlds largest and most trusted AI-cybersecurity company,” said John Chen, executive chairman and CEO of BlackBerry. “Securing endpoints and the data that flows between them is absolutely critical in todays hyperconnected world. By adding Cylances technology to our arsenal of cybersecurity solutions we will help enterprises intelligently connect, protect and build secure endpoints that users can trust.”

Cylance will continue to operate as a separate business unit within Blackberry, retaining its current chief executive and founder, Stuart McClure, who has now become president of Blackberry Cylance.

The post Blackberry completes $1.4bn purchase of AI firm Cylance appeared first on Mobile Marketing Magazine.

New York state attorney general Letitia James and New York governor Andrew Cuomo have launched an official investigation into Apple’s slow response to its recent FaceTime bug. The bug, which was acknowledged publicly on Monday, allowed callers to remotely access audio and video from the device of the person they are calling, even if the recipient hadn’t answered yet.

New evidence shows Apple was made aware of the breach in privacy almost a week before it took steps to disable the bug, prompting alarm from many citizens and politicians. Two days before the investigation was announced, governor Cuomo also issued a consumer alert, urging New Yorkers to disable FaceTime until the privacy breach was resolved. Apple has since begun actions eliminate the bug.

“New Yorkers deserve to know that their phones are safe and cannot be used against them,” governor Cuomo said. “In the wake of this egregious bug that put the privacy of New Yorkers at risk, I am calling on the attorney general to investigate this serious consumer rights issue. We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again.”

“New Yorkers shouldn’t have to choose between their private communications and their privacy rights,” said attorney general Letitia James. “This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years. My office will be conducting a thorough investigation into Apple’s response to the situation and will evaluate the company’s actions in relation to the laws set forth by the state of New York. We must use every tool at our disposal to ensure that consumers are always protected.”

The post New York leadership has launched an investigation into the FaceTime bug appeared first on Mobile Marketing Magazine.

The issue, which is believed to affect devices running iOS 12.1 or later, was first highlighted in a viral video on Twitter before being reproduced by 9to5Mac. By starting a FaceTime call with an iPhone contact, swiping up, and then adding their own phone number in the ‘Add Person’ screen, a caller is able to start a group FaceTime call between them and the person originally called, even if they haven’t accepted the call.

A further test from BuzzFeed found that if the call recipient pressed the volume-down button, footage from their front-facing camera could also be seen, though they had still not answered the call. The same thing happens if the power button is pressed from the lock screen.

Apple has since taken group FaceTime offline and said that it is “aware of this issue and we have identified a fix that will be released in a software update later this week”.

The post FaceTime bug lets callers access iPhone mic and camera without recipient picking up appeared first on Mobile Marketing Magazine.

“As you know, we have a digital workplace platform that allows an employer to create a digital relationship with their non-desk workers, and what Peerio is able to add to WorkJam would be complete end-to-end encrypted chat and file sharing,” said Steven Kramer, CEO and co-founder of WorkJam. “So, when you think about deploying a digital workplace that’s not only scaled, but also a large organization, security has to be top of the line.”

Peerio provides higher levels of security than traditional enterprise-grade communication applications, and implements stricter security standards than the military, healthcare, financial services, and legal sectors. Prior to the acquisition, Peerio was also used by journalists covering stories in foreign countries who needed a secure way to send their information back to their publications.

“When it comes to communicating with a large, dispersed group of non-desk workers, control over data security is everything. Organizations can no longer afford the immense risk of their employees using unsanctioned and unsecure communication systems that cause a company to lose control over its confidential data and the personal data of its employees,” said Kramer. “With the addition of Peerio, WorkJam now provides the most secure digital workplace platform available — a platform that exceeds the most demanding security standards any enterprise could have when it comes to communicating with their workforce.”

In 2019, WorkJam plans to expand its client base in N.America and Europe, and is already live in 17 countries. Kramer hopes to continue breaking down the traditional silos that exist within an organization by adding more functionality and cross-pollenating the concepts of communication and operations.

“By the end of Q1 or early Q2, Peerio will be 100 per cent integrated into WorkJam. We will be able to provide direct encrypted chat between peers, group chats, and targeted chatrooms, all within the constructs of WorkJam,” said Kramer. “This will map to an organization’s hierarchy, and also tie in with the back office. So, if someone is hired, they automatically gain access to the appropriate information.”

The acquisition will allow Peerio to provide WorkJam customers three specific types of safe communication: live chat, channels and messaging. Live chat allows corporate and frontline team members to send secure instant messages and files in real time. The messaging feature delivers encrypted information straight to an employee’s inbox. Lastly, the channels feature acts as a workplace forum, where employees can post to a specific area of non-desk workforce or by topic. Employees may then interact with these posts by adding comments or likes. Peerio also brings to the table a desktop app, which will allow desk workers to be more connected to their non-desk colleagues.

“We couldn’t be more proud to join forces with a company like WorkJam,” said Vincent Drouin, founder and CEO of Peerio. “The team shares in our mission to provide simple and secure communication for everyone. Together, we will drive the future of enterprise communication and collaboration in the Digital Workplace.”

The post WorkJam acquires Peerio for enhanced digital security appeared first on Mobile Marketing Magazine.