Read Article at CNBC

Hyatt Hotels said Thursday it discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18 and July 2.

Hyatt said the incident affected payment card information, such as, cardholder name, card number, expiration date and internal verification code, from cards manually entered or swiped at the front desk of certain Hyatt-managed locations.

The owner of Andaz, Park Hyatt and Grand Hyatt chain of hotels said a total of 41 properties were affected in 11 countries, with China accounting for 18 properties, the most among impacted countries.

Seven Hyatt properties were affected at U.S. locations, including three in Hawaii, three in Puerto Rico and one in Guam.

The Chicago, Illinois-based company said its cyber security team discovered signs of the unauthorized access in July and launched an internal investigation, completed on Thursday, that resolved the issue and took steps to prevent this from happening in the future.

This is not the first time Hyatt is facing data breach problem at its hotels.

In late 2015 Hyatt said its payment processing system was infected with credit-card-stealing malware, that had affected 250 hotels in about 50 countries.

Read article at MSN

SAN FRANCISCO — At the start of this decade, the Arab Spring blossomed with the help of social media. That is the sort of story the tech industry loves to tell about itself: It is bringing freedom, enlightenment and a better future for all mankind.

Mark Zuckerberg, the Facebook founder, proclaimed that this was exactly why his social network existed. In a 2012 manifesto for investors, he said Facebook was a tool to create “a more honest and transparent dialogue around government.” The result, he said, would be “better solutions to some of the biggest problems of our time.”

Now tech companies are under fire for creating problems instead of solving them. At the top of the list is Russian interference in last year’s presidential election. Social media might have originally promised liberation, but it proved an even more useful tool for stoking anger. The manipulation was so efficient and so lacking in transparency that the companies themselves barely noticed it was happening.

The election is far from the only area of concern. Tech companies have accrued a tremendous amount of power and influence. Amazon determines how people shop, Google how they acquire knowledge, Facebook how they communicate. All of them are making decisions about who gets a digital megaphone and who should be unplugged from the web.

Sign Up For the Morning Briefing Newsletter

Their amount of concentrated authority resembles the divine right of kings, and is sparking a backlash that is still gathering force.

“For 10 years, the arguments in tech were about which chief executive was more like Jesus. Which one was going to run for president. Who did the best job convincing the work force to lean in,” said Scott Galloway, a professor at New York University’s Stern School of Business. “Now sentiments are shifting. The worm has turned.”

News is dripping out of Facebook, Twitter and now Google about how their ad and publishing systems were harnessed by the Russians. On Nov. 1, the Senate Intelligence Committee will hold a hearing on the matter. It is unlikely to enhance the companies’ reputations.

Under growing pressure, the companies are mounting a public relations blitz. Sheryl Sandberg, Facebook’s chief operating officer, was in Washington this week, meeting with lawmakers and making public mea culpas about how things happened during the election “that should not have happened.” Sundar Pichai, Google’s chief executive, was in Pittsburgh on Thursday talking about the “large gaps in opportunity across the U.S.” and announcing a $1 billion grant program to promote jobs.

Underlying the meet-and-greets is the reality that the internet long ago became a business, which means the companies’ first imperative is to do right by their stockholders.

Ross Baird, president of the venture capital firm Village Capital, noted that when ProPublica tried last month to buy targeted ads for “Jew haters” on Facebook, the platform did not question whether this was a bad idea — it asked the buyers how they would like to pay.

“For all the lip service that Silicon Valley has given to changing the world, its ultimate focus has been on what it can monetize,” Mr. Baird said.

Criticism of tech is nothing new, of course. In a Newsweek jeremiad in 1995 titled “Why the Web Won’t Be Nirvana,” the astronomer Clifford Stoll pointed out that “every voice can be heard cheaply and instantly” on the Usenet bulletin boards, that era’s Twitter and Facebook.

“The result?” he wrote. “Every voice is heard. The cacophony more closely resembles citizens band radio, complete with handles, harassment and anonymous threats. When most everyone shouts, few listen.”

Such complaints, repeated at regular intervals, did not stop the tech world from seizing the moment. Millions and then billions of people flocked to its services. The chief executives were regarded as sages. Disruption was the highest good.

What is different today are the warnings from the technologists themselves. “The monetization and manipulation of information is swiftly tearing us apart,” Pierre Omidyar, the founder of eBay, wrote this week.

Justin Rosenstein, a former Facebook engineer, was portrayed in a recent Guardian story as an apostate: Noting that sometimes inventors have regrets, he said he had programmed his new phone to not let him use the social network.

Mr. Rosenstein, a co-founder of Asana, an office productivity start-up, said in an email that he had banned not just Facebook but also the Safari and Chrome browsers, Gmail and other applications.

“I realized that I spend a lot of time mindlessly interacting with my phone in ways that aren’t serving me,” he wrote. “Facebook is a very powerful tool that I continue to use every day, just with more mindfulness.”

If social media is on the defensive, Mr. Zuckerberg is particularly on the spot — a rare event in a golden career that has made him, at 33, one of the richest and most influential people on the planet.

“We have a saying: ‘Move fast and break things,’” he wrote in his 2012 manifesto. “The idea is that if you never break anything, you’re probably not moving fast enough.”

Facebook dropped that motto two years later, but critics say too much of the implicit arrogance has lingered. Mr. Galloway, whose new book, “The Four,” analyzes the power of Facebook, Amazon, Google and Apple, said the social media network was still fumbling its response.

“Zuckerberg and Facebook are violating the No. 1 rule of crisis management: Overcorrect for the problem,” he said. “Their attitude is that anything that damages their profits is impossible for them to do.”

Joel Kaplan, Facebook’s vice president of global public policy, said the network was doing its best.

“Facebook is an important part of many people’s lives,” he said. “That’s an enormous responsibility — and one that we take incredibly seriously”

Some social media entrepreneurs acknowledge that they are confronting issues they never imagined as employees of start-ups struggling to survive.

“There wasn’t time to think through the repercussions of everything we did,” Biz Stone, a Twitter co-founder, said in an interview shortly before he rejoined the service last spring.

He maintained that Twitter was getting an unfair rap: “For every bad thing, there are a thousand good things.” He acknowledged, however, that sometimes “it gets a little messy.”

Despite the swell of criticism, the vast majority of investors, consumers and regulators seem not to have changed their behavior. People still eagerly await the new iPhone. Facebook has more than two billion users. President Trump likes to criticize Amazon on Twitter, but his administration ignored pleas for a rigorous examination of Amazon’s purchase of Whole Foods.

In Europe, however, the ground is already shifting. Google’s share of the search engine market there is 92 percent, according to StatCounter. But that did not stop the European Union from fining it $2.7 billion in June for putting its own products above rivals.

A new German law that fines social networks huge sums for not taking down hate speech went into effect this month. On Tuesday, a spokesman for Prime Minister Theresa May of Britain said the government was looking “carefully at the roles, responsibility and legal status” of Google and Facebook, with an eye to regulating them as news publishers rather than platforms.

“This war, like so many wars, is going to start in Europe,” said Mr. Galloway, the New York University professor.

For some tech companies, the new power is a heavy weight. Cloudflare, which provides many sites with essential protection from hacking, made its first editorial decision in August: It lifted its protection from The Daily Stormer, basically expunging the neo-Nazi site from the visible web.

“Increasingly tech companies are going to be put into the position of making these sorts of judgments,” said Matthew Prince, Cloudflare’s chief executive.

The picture is likely to get even more complicated. Mr. Prince foresees several possible dystopian futures. One is where every search engine has a political point of view, and users gravitate toward the one they feel most comfortable with. That would further balkanize the internet.

Another possibility is the opposite extreme: Under the pressure of regulation, all hate speech — and eventually all dissent — is filtered out.

“People are realizing that technology isn’t neutral,” Mr. Prince said. “I used to travel to Europe to hear these fears. Now I just have to go to Sacramento.”

Follow David Streitfeld on Twitter @DavidStreitfeld

Read Article at MSN

The IRS said late Thursday that it has temporarily suspended the agency’s $7.1 million data security contract with Equifax (EFX) after malware found on the credit bureau’s website again called its security systems into question.

Equifax, now notorious for exposing more than half of all adult Americans to identify theft, maintained the latest security breach was not officially a hack.

An Equifax vendor was “running code that was serving malicious content” on the Equifax site, the company said in a statement. “Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”

However, consumers who were using the site could easily have been tricked into downloading malware when visiting the Equifax help page, an oversight that experts said put people further at risk. The nation’s largest information technology trade group is urging the government to cancel Equifax’s now suspended contract with the IRS.

“Equifax is known publicly to have security breaches, and they are not correcting them,” said Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers, which represents 50,000 IT managers in 126 countries. “Why are we spending all this money to give our data to a company that has clear problems with the technology?”

Equifax’s latest problem was discovered Wednesday by a private security consultant who realized the company’s consumer help page was serving up malware that aimed to get unsuspecting consumers to download fraudulent Adobe updates.

In September, Equifax revealed that it had exposed 143 million consumer files — containing names, addresses, Social Security numbers and even bank account information — to hackers in an unprecedented security lapse. The number of consumer potentially affect by the data breach was later raised to 145.5 million.

The company’s former CEO blamed a single careless employee for the entire snafu. But even as he was getting grilled in Congress earlier this month, the IRS was awarding the company with a no-bid contract to provide “fraud prevention and taxpayer identification services.”

“On the very day that Equifax’s former chief executive misled Congress by scapegoating a single employee for their second major data breach in four years, the IRS announced that it was awarding the company with a contract which will allow it to leak out even more personally identifiable information about taxpayers,” Rembiesa said.

“The prospect of this happening should horrify any elected official who is charged with looking out for the welfare of American consumers,” she added. “Congress needs to slam on the brakes here and kill this IRS contract.”

The tax agency stopped short of that, at least for the moment.

“Following new information available today, the IRS temporarily suspended its short-term contract with Equifax for identity proofing services,” the agency said in a statement. “During this suspension, the IRS will continue its review of Equifax systems and security.”

The agency does not believe that any data the IRS has shared with Equifax to date has been compromised, but the suspension was taken as “a precautionary step.”

In the meantime, the IRS will be unable to create new “Secure Access” accounts, which can be used to order tax court transcripts online. Although people can’t create new accounts, current Secure Access users aren’t affected by this contract change and will continue to have access to their accounts, the agency said. And these transcripts can still be ordered by mail.

Other IRS services are unaffected.

Update – Equifax Says Vendor Responsible for Malicious Content on Website

Read Article at MSN

Equifax Inc. said it was a third-party vendor that served malicious content on its website and it has taken the page offline to conduct further analysis.

“Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” Wyatt Jefferies, a spokesman for Equifax said in an email.

The unidentified third-party vendor was responsible for collecting website performance data and had code running on Equifax’s website, Jefferies said. An independent security analyst found on Thursday that the removed page had been altered to trick visitors into installing malware, according to a report on technology news website Ars Technica.

Equifax shares had dropped as much as 3.6 percent, the most intraday since Sept. 15, after the company said its security team was investigating reports of another possible cyber attack. The company is still reeling from the massive data breach it disclosed last month that compromised the private data of more than 145 million Americans.

Richard Smith, former chairman and CEO of Equifax Inc., testifies before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, October 3, 2017.

• Equifax has taken one of its web pages down.
• The company recently disclosed a hack that compromised the sensitive information of 145.5 million people.

Published 36 Mins Ago Updated 29 Mins Ago | Read Article at CNBC

Equifax said on Thursday it has taken one of its customer help web pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of 145.5 million people.

The move came after an independent security analyst on Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.

“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax spokesman Wyatt Jefferies said in an email. “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”

The Atlanta-based company, which has faced seething criticism from consumers, regulators and lawmakers over its handling of the earlier breach, said it would provide more information as it becomes available.

Equifax disclosed on Sept. 7 that its systems had been breached between mid-May and late July. In the fallout, the company has parted ways with its chief executive, chief information officer and chief security officer.

The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice.

As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.