All the News - One Place - One Source - One Time

Thanks to our sponsors/partners - Take the time to thank them as well please. If it wasn't for them The Daily wouldn't be here every day for you.  

Be Proactive About Pending US Federal Data Privacy Legislation

What the American Data and Privacy Act means for businesses

Whether or not ADPPA passes this legislative term, there’s a good chance a similar bill will pass soon

The American Data Privacy and Protection Act (ADPPA) is a potential major bipartisan bill that introduces oversight on how consumer data is collected and processed by U.S. businesses. The legislation aims to strengthen data privacy and to provide oversight on how artificial intelligence (AI) algorithms are used to uncover insights in the data that can be monetized. The goal of this legislation is to ensure the safety, integrity, and equity of AI algorithms.

While the potential legislation is important for protecting individual privacy rights, it will have significant implications for businesses when developing and managing their AI algorithms.

The ADPPA is bipartisan federal data privacy legislation that will create an Office of Data Privacy within the Federal Trade Commission (FTC) to oversee the way that companies use and collect data. However, the ADPPA is about more than just data — it will also examine AI algorithms to determine whether they’re safe, effective, and non-discriminatory. Companies will have to disclose what data they collect, how they plan to use it, and how long they intend to retain it. The pending legislation is a natural extension of GDPR and CCPA, which many states have already accepted as the standards for data privacy in the United States.

It’s important to note that ADPPA won’t just affect large enterprises, it will apply to all businesses of any size. The only businesses that will be exempt from the regulations will be small businesses that for the three years prior to the law's passing have

    - Revenue that was less than $41 million a year
     - Personal data sales that accounted for less than 50% of their revenue
     - Not processed more than 100,000 records

It is likely that only a small number of businesses will meet all three of these criteria, especially due to the threshold of the record. And even if businesses meet these criteria now, if they have any plans to grow, they will unlikely be able to meet the criteria in the future. This means that most businesses will need to prepare to comply with ADPPA regulations eventually.

The ADPPA is necessary because people in the United States are seeing harmful, unintended outcomes from poorly designed AI algorithms.

To comply with the ADPPA, organizations must be able to provide complete insight into how the algorithm works, what it’s expected to do, and how it’s trained. Businesses will also need to demonstrate that their algorithms are effective (i.e., they do what they are supposed to do), the costs of fewer data privacy don’t outweigh the benefits, and that the algorithms are safe, non-intrusive, and non-discriminatory.   securityinfowatch.com

DOJ & U.S. Companies Are Fighting Back - Disrupting Gangs & Getting Some KO's
Gangs Are Shifting Back to Scams to Obtain Payment Card Data

Ransomware Attacks Decline as New Defenses, Countermeasures Thwart Hackers

Cybercriminals face drop in payments while some get laid off

After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware. With ransomware, hackers lock up a victim’s computer network, encrypting hard drives until victims pay.

The blockchain-analytics firm Chainalysis Inc. says that payments that it tracked to ransomware groups dropped by 40% last year, totaling $457 million. That is $309 million less than 2021’s tally.

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands. Asset seizures have disrupted major ransomware gangs, one of which recently had layoffs, cybersecurity officials say.

The FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group’s decryption keys—used to undo the effects of ransomware—for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti.  They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.

Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected.

Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%.  The average ransomware payout in the final quarter of 2022 was just over $400,000—up from around $300,000 during the last quarter of 2021.

Experts said that in some cases financially motivated hackers are migrating away from ransomware toward other methods of attacks, such as scams to obtain payment-card data. 

“Just because traditional ransomware has slowed down doesn’t mean threat actors have,” said Adam Meyers, senior vice president of intelligence at CrowdStrike.  wsj.com

The Long Arm of the FBI - Especially if you Hack Biden-Musk-Bezos Twitter Accounts

Spanish Court Approves Twitter Hacking Suspect's Extradition to U.S.

British Man Also Charged With Nude Photo Extortion, Swatting, Cryptocurrency Theft

Spain's high court approved the U.S. Department of Justice's request that a British man be extradited to face charges that he hacked Twitter in 2020 to perpetrate a cryptocurrency scam.

Authorities arrested O'Connor, aka "PlugwalkJoe," in southern Spain's Costa del Sol in July 2021, at U.S. request.  The court said the Justice Department's documentation of crimes allegedly committed by O'Connor was voluminous and detailed.

Twitter Hacked in 2020

O'Connor is one of four individuals charged with tricking several Twitter employees to share their administrator credentials, which attackers used to gain unauthorized access to 130 high-profile Twitter accounts on July 15, 2020. Compromised account holders included Biden, who was then the Democratic presidential nominee, plus Tesla CEO Musk, the corporate accounts of Apple and Uber, and Floyd Mayweather, Jeff Bezos, Kim Kardashian, Mike Bloomberg and Warren Buffet.     govinfosecurity.com

PCI Security Standards Council

New Video Series: Questions with the Council

In this new video series, Emma Sutcliffe, SVP Standards, answers the payment industry’s questions about PCI DSS v4.0. Questions include:

What are the first steps organizations should take when transitioning from v3.2.1 to v4.0?
Why is PCI DSS v4.0 more stringent on multifactor authentication?
Can you discuss the transition timeline from v3.2.1 to v4.0?
The new standard lists several requirements as "best practices" effective with the release of the standard. How should organizations look at beginning to implement these practices while still focusing on 3.2.1 security implementations?

Watch “Questions with the Council” where Emma answers these questions and more! Make sure to subscribe to the Council’s YouTube page to stay up to date with upcoming payment security videos.  pcisecuritystandards.org

Amazon wants employees to return to the office in May

Starting in May, Amazon will require employees to work out of the office at least three days per week. The company announced the plan in a memo published on Friday and attributed to CEO Andy Jassy (via CNN). In advocating for the policy, Jassy said a hybrid work arrangement would “strengthen” Amazon’s corporate culture and lead to better collaboration among its workforce.

“It’s not simple to bring many thousands of employees back to our offices around the world, so we’re going to give the teams that need to do that work some time to develop a plan,” Jassy said. “We know that it won’t be perfect at first, but the office experience will steadily improve over the coming months (and years) as our real estate and facilities teams smooth out the wrinkles, and ultimately keep evolving how we want our offices to be set up to capture the new ways we want to work.”  engadget.com

Why you should rewrite your game plan for DTC inventory management

The Rise of Direct-to-Consumer

A new industry report confirms the rise of Direct-to-Consumer in North America, with 66% of companies having increased their DTC spend since the start of the pandemic. A total of 35% said investments increased significantly.

But the game plan isn’t fully baked

Winning with DTC requires that companies look at the inventory management technologies running point to support this new model. Over, under, around, and everywhere in between. 

The competition is completely different now. The rules and conditions of the game will surely continue to evolve. Omnichannel brands can no longer rely on old systems to compete in new and unfamiliar avenues. 

Inventory visibility, the real ‘New Normal’

Uncertainty will always be our ‘normal’. Beating it will require new moves and technologies that were not in the playbook prior to DTC.

Legacy inventory management software has left brands largely helpless when it comes to being able to fulfill orders from wherever or however they are placed. Available inventory quantities become very blurry with DTC. Even the simple new concept of starting to ship in Eaches instead of Pallets introduces new difficulties in satisfying DTC demand. 

So in 2023, companies continuing on the DTC path must rewrite their narrative: inventory visibility first, vs. inventory management. 

DTC order fulfillment solutions create the fast break

Modern order fulfillment solutions that bring real-time inventory visibility are how brands will get a clear picture of inventory and reign their DTC markets. 

When asked how their business best protects against failing customer expectations with DTC, survey participants cited investing in order management and fulfillment technology as the number-one strategy (42% of the sample in Europe and 36% in North America).  retaildive.com

Why Digital Identity is About More Than Fighting Fraud

Digital identity used to be something that people considered “just tick-the-boxes” technology. 

But as Steve Durney, vice president of strategy at Prove, told PYMNTS, forward-thinking companies can use digital identity as a way to differentiate themselves … and actually generate more revenue by improving the customer experience. 

There’s certainly room for many companies to improve how they verify and authenticate users. As it stands now, there are speed bumps in the mix as we conduct more of our daily commerce online.

“The old joke,” he said, “is that secure and fast are not friends, and they’re not great dance partners. You wind up sacrificing one for the other.” Any time that users are attempting to get through a slew of online screens just to simply make a payment or to onboard themselves to set up a loyalty account, said Durney — well, those journeys come with a lot of friction.    

The enterprise-level challenge, he said, is to balance security and convenience in such a way that consumers complete those onboarding and verification activities … and businesses keep their top-line momentum intact.  

A Tough Trade-Off 

That’s no easy undertaking, as Durney observed. Here’s the quandary: Make it too easy to make transactions, and companies and consumers are exposed to the fraudsters. Make it too hard, and the shopping cart gets abandoned. The consumer, forced to pause, may disappear and never return. 

It’s more important than ever for security professionals to consider their tech investments and ID efforts, said Durney. In the current macro environment, the fraud threat is increasing. More people do shadier things when they’re stressed, said Durney, and that includes hacking.    pymnts.com

Napa, CA: Man arrested after outlet store theft in Napa

Officers were made aware of an Outlet Retail Theft Crew from Fresno. The crew has stolen thousands of dollars worth of merchandise, typically from Nike Stores. Benshone Carter was located inside the Napa Nike Store with various bags of merchandise. As Officers approached Benshone, he began walking away. He soon started running to his vehicle, which was conveniently parked behind the food court emergency exit. He fled at an extremely high rate of speed out of the parking lot (possibly 80 MPH+). It is believed he hit a curb as both front tires exploded. Benshone then ran across Highway 29, where he was located hiding in the parking lot of Embassy Suites. Benshone's vehicle was impounded and he was arrested on various charges (facebook.com/NapaPD/)

Berks County, PA: Couple Arrested for Stealing $25K Worth of Merchandise from Two Ulta Stores; , Possibly as Part of Multi-State Theft Ring

Elkin Riva Gallego, 22, and Angy Ramirez Linares, 32, were arrested Thursday in Berks County, Pennsylvania, and are facing felony retail theft charges, according to court documents obtained by Inside Edition Digital. A couple was arrested in Pennsylvania last week after cops say they stole from 2 Ulta stores and are suspects in a multi-state theft of the beauty store chain, according to reports. Elkin Riva Gallego, 22, and Angy Ramirez Linares, 32, were arrested Thursday in Berks County and are facing felony retail theft charges, according to court documents obtained by Inside Edition Digital. Spring Township police say the couple stole $25,000 worth of merchandise from two Ulta stores, ABC 6 reported. Officers allegedly caught them in the act on Thursday. "They were pushing a stroller. There was no baby in the stroller. They are simply used for the theft. Putting items into the stroller, and that's how they did other thefts too across a multi-state area," Spring Township Det. Sgt. Robert Long said in a statement. (insideedition.com)

Bartow County, GA: Well-dressed thief steals copper from metro Atlanta Lowe’s

UPDATE: The sheriff’s office says they have identified the suspect. His name has not been released. Deputies in Bartow County are searching for a suspected thief who dressed himself up before shoplifting from Lowe’s. Surveillance photos show the dapper suspect dressed in suit complete with a pocket square. Investigators say he walked into the Lowe’s the day before Valentine’s Day and loaded five spools of copper wire onto a cart and pushed it out of the store without paying. Loss prevention employees described the incident and deputies say surveillance footage matched their account of events exactly. (wsbtv.com)

Washington, DC: $4K of Lululemon clothing stolen from DC store, front door shattered

More than $4,000 worth of Lululemon clothing was stolen from one of their DC locations on Monday morning, according to a police report.

Officers responded to 1925 14th Street NW around 6:30 a.m. and found the front entrance glass door had been shattered. A total of $4,340 worth of clothing was reported stolen including 16 joggers, 16 pairs of pants and 5 jackets. (fox5dc.com)

Lenexa, KS: Man charged in robbery of Lenexa GameStop store where 2 employees were tied up

One man is charged in the Feb. 12 robbery of a GameStop store in Lenexa, Kansas, where the robbers tied up two employees and detained a customer.

Johnson County prosecutors charged Sylvester Pickett, 30, of Kansas City, Kansas, with aggravated robbery, aggravated assault and felony theft under $25,000. (kshb.com)

Antiques – Festus, MO – Burglary C-Store – Fresno, CA – Armed Robbery / Emp Shot- wounded C-Store – Memphis, TN – Robbery C-Store – Vallejo, CA – Armed Robbery C-Store – Carrollton, - Burglary Claires – Montgomery County, MD – Armed Robbery Clothing – Washington, DC - Burglary GameStop – Dallas, TX – Armed Robbery / Shot killed GameStop – Lenexa, KS – Robbery Jewelry - Las Vegas, NV - Robbery Jewelry - Brea, CA - Robbery Jewelry - Katy, TX - Robbery Jewelry - Glendale, WI - Burglary Jewelry - Mesa, AZ - Burglary Pet – Denver, CO – Burglary Motorcycle – Spencerport, NY – Burglary Restaurant – Bedford, TX – Burglary Restaurant – Utica, NY – Burglary Tobacco – Seattle, WA - Armed Robbery / Susp shot killed Tobacco – Tacoma, WA – Armed Robbery Walgreens – Colorado Springs, CO – Burglary Vape - Seattle, WA - Robbery Daily Totals: • 12 robberies • 10 burglaries • 2 shootings • 1 killed Click to enlarge map