Quest Diagnostics and LabCorp AMCA data security incident

Quest Diagnostics issued a statement that billing collections service American Medical Collection Agency (AMCA) had potential unauthorized activity on AMCA’s web payment page, which could have compromised the data of about 11.9 million Quest patients.  Lab results were not affected by this incident.  Quest Diagnostics is continuing their investigation.

Update: LabCorp also revealed in an SEC filing that AMCA also had 7.7 million of their customer records affected in a similar incident.

Data breach lists and identity theft victim resources

Some of the more comprehensive lists of known data breaches include:

Identity theft victims can receive advice from these websites:

Apple disables FaceTime until security bug is fixed

Update: Apple released iOS 12.1.4 on February 7, 2019 to fix the FaceTime issue.   FaceTime is now available at the Apple System Status page.

USA Today and the Washington Post have reported that some iPhone FaceTime users have been able to listen to people they are calling before the call is answered.   FaceTime runs on iPhones and iPads running iOS 12.1 as well as Macs running macOS Mojave.

Apple is currently working on a fix for this security issue.   FaceTime has been temporarily taken down as noted on the Apple System Status page.

Companies that track U.S. consumer data

The Consumer Financial Protection Bureau (CFPB), a U.S. government agency that enforces federal consumer financial laws, publishes a list of companies that track data of U.S. consumers.  The Fair Credit Reporting Act (FCRA) requires companies to give consumers copies of their personal data reports.

Some of the more relevant companies on this list include:

LexisNexis has a free personal report available which shows data compiled from various public sources.

An online dispute can be filed with Equifax, Experian, TransUnion, and LexisNexis if there are errors in a credit file.

Google expedites shutdown of Google+ consumer version

Google will move the shutdown date of the consumer version of its Google+ (Google Plus) social network from August 2019 to April 2019.  Google still plans to support Google+ for enterprise customers.

Update: Google+ will no longer be available for consumer (personal) accounts on April 2, 2019.  Google also provided instructions on downloading Google+ data and deleting a Google+ account.

This announcement was a follow-up to their October 2018 security notice on Google+.

New DMCA government rules allow third party repairs of some technology products

The U.S. Copyright Office issued a new ruling effective October 28th 2018 that allows exceptions to the Digital Millennium Copyright Act of 1998 (DMCA).  Section 1201 of the DMCA was used by some companies to restrict consumer and third party use of products containing software, including smartphones, computers, motor vehicles, and home appliances. This ruling allows greater legal protection for consumers and third party companies to repair and diagnose rightfully owned technology products.

Answers to some frequently asked questions on this ruling can be found at www.copyright.gov/1201/2018/faqs.html.  General information on U.S. copyright laws is available at www.copyright.gov/help/faq/index.html.

Digital rights groups such as the Repair Association and the Electronic Frontier Foundation have issued their own responses regarding this ruling.

Google+ social network will no longer be available for non-enterprise users

Google announced the scheduled end of the Google+ social network for non-enterprise users. Users have the next 10 months to move their data from Google+.

As part of this announcement, Google also stated that there was a bug in one of the Google+ People APIs that could have allowed data access to user data marked as private.  This bug was noted and fixed by Google in March of 2018 and there was no evidence that this data was misused.  Some of the optional user fields in this bug included name, email address, occupation, gender and age.

Google+ users who access it through G Suite will not be affected by this change.  More information is available at the Google+ FAQ page.

Firefox Monitor notifies you if your email address is part of a data breach

Mozilla announced the release of Firefox Monitor, a free tool that allows you to see if your email address was included in known data breaches.  This service will not store your email address unless you subscribe to it so you can be notified of future data breaches that use your email account.

Firefox Monitor was developed as a collaboration between Mozilla and security expert Troy Hunt of HaveIBeenPwned.com (HIBP).

This Mozilla security tool is available at monitor.firefox.com.

New federal law allows you to freeze your credit reports for free

The Federal Trade Commission (FTC) has announced that Americans nationwide can now freeze their credit reports for free.  This was made possible because of a new federal law made effective on September 21st 2018.

More information about credit freezes is at www.consumer.ftc.gov/articles/0497-credit-freeze-faqsThe FTC also requires that credit reporting agencies give consumers a free credit report once a year at www.annualcreditreport.com