It’s our fourth issue of “More than Quantum,” and breaches abound. Both Whole Foods and Sonic Drive-In restaurants announced that their point-of-sale systems had been breached. We’re also looking at Adobe accidentally posting its private PGP encryption key (oops!), and much more. We hope you find these informational, and if you have any future recommendations, please get in touch!
Adobe’s product security team accidentally posted its private PGP encryption key to its blog
Data breaches have been all over the news this month, but it seems Adobe’s Product Security Incident Response Team was trying to make it much easier for someone to break in by publicly posting a private PGP encryption key. The PGP key is needed to decrypt encoded messages transmitted to Adobe using their public PGP key, which is associated with the company’s firstname.lastname@example.org email account. It’s still a good lesson for other companies: Don’t post your encryption keys online!
Whole Foods investigating data breach of taprooms, restaurants
The Amazon-owned marketplace recently announced that its investigating a possible breach and theft of customer payment card information at its in-store taprooms and restaurants. Not the usual grocery section, these venues have a different point-of-sale system than the company’s primary checkout system. While the company carries on its investigations, only time will tell how much data was actually stolen.
An additional breach news this week, Sonic Drive-In locations were also reportedly hit, with hackers targeting the company’s point-of-sale terminals and potentially making off with millions of credit card and debit card accounts. This is similar to what happened with the Home Depot breach in 2014 and the Target breach in 2013. So far, the company continues to investigate, but doesn’t know how many or which of its stores may have been hit.
Privacy Commissioner publishes data breach notification guidelines for comment
The Office of the Australian Information and Privacy Commissioner (OAIC) is now looking for public comment on draft resources it published relating to Australia’s upcoming data breach notification laws. The OAIC defines a data breach that’s worth reporting as one “that is likely to result in serious harm to any of the individuals to whom the information relates,” while also noting that organizations that become aware of a possible breach have 30 days to report it, and must “notify individuals at likely risk of serious harm.”
Deloitte hit by cyber-attack revealing clients’ secret emails
One of the largest accountancy firms in the world was also hit with a breach, this time compromising confidential emails and “blue-chip” clients. The administrator’s account that was accessed did not have two-step authentication, leaving the hacker with almost unrestricted access to Deloitte’s systems, including emails and information in the cloud. Since this story continue to develop, we’ll keep an eye on it to see what comes out next.
Here is a “true random” story that caught our eye this week looking ahead to future technology developments.
Scientists hold world’s first intercontinental video conference using quantum encryption
Scientists in Austria and China have reportedly held the first intercontinental video conference, which was been encrypted using quantum technology. The Chinese Academy of Sciences is calling this the “first real-world demonstration of intercontinental quantum communication,” and notes that “private and secure communications are fundamental human needs.” This may be the first, but it’s one much bigger step toward secure communications.