December 5, 2017
PayPal Says 1.6 Million Customer Details Stolen in Breach at Canadian Subsidiary - Canada
PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for $238 million in cash. On November 10, PayPal suspended the operations of TIO's network. The company admitted that a security breach took place, but did not provide any other details. In a press release published in a late Friday afternoon news dump, PayPal provided more details about the incident. PayPal says the intruder(s) got access to the personal information of both TIO customers and customers of TIO billers. The company did not reveal what type of information the attacker accessed, but since this is a payment system, attackers most likely obtained both personally-identifiable information (PII) and financial details. As data breach laws impose, PayPal has now started notifying customers and is offering free credit monitoring memberships. TIO users can also visit the TIO Networks website for more details.
NSA Employee Admits Taking Files Home – United States
The US Department of Justice (DOJ) has formally charged a former NSA employee for taking classified documents home. The man, Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today, according to court documents released by the DOJ. Pho worked for the National Security Agency's (NSA) Tailored Access Operations (TAO) since April 2006. The DOJ says that Pho started taking documents home starting somewhere in 2010 and up until March 2015, when he was caught. According to Kaspersky's side of the events, some of the files Pho took home were offensive cyber-weapons that triggered detections for malicious activity on Pho's home computer. Kaspersky admits that the files were automatically uploaded to its servers for further analysis, a standard procedure for antivirus vendors, but they were later deleted when the company realized they were classified material. The US government didn't see it that way and accused the Russian antivirus vendor of conspiring with Russian intelligence to actively search computers for classified material on purpose. US officials then banned the use of Kaspersky products on US government computers.
More Cooperation on Terror Fight – Pakistan and The United States
Defense Secretary Jim Mattis arrived in Pakistan Monday to meet with top leaders and seek common ground on the counterterrorism fight, amid Trump administration calls for Islamabad to more aggressively go after the insurgents moving back and forth across the border with Afghanistan. Mattis said he wants to work with Pakistan to address the problems, adding that the U.S. is committed to a pragmatic relationship that expands cooperation while also "reinforcing President Trump's call for action against terrorist safe havens." "We have heard from Pakistan leaders that they do not support terrorism. So, I expect to see that sort of action reflected in their policies," Mattis told reporters traveling with him in the Middle East before his trip to Islamabad. Mattis is expected to meet with Pakistani Prime Minister Shahid Khaqan Abbasi and army chief Gen. Qamar Javed Bajwa, as well as the U.S. embassy team. He was greeted at the airport by U.S. Ambassador David Hale and senior Pakistani military leaders. The White House, meanwhile, condemned Pakistan's release late last month of a U.S.-wanted militant as a "step in the wrong direction" and warned that it could harm Islamabad's relations with the U.S. and its reputation around the world. In August, the United States said it would hold up $255 million in military assistance for Pakistan until it cracks down on extremists threatening Afghanistan.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, please subscribe.